US-CERT Vulnerability Summary for the Week of February 12, 2024
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
9bis — kitty | KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution. | 2024-02-09 | 7.8 | CVE-2024-23749 [email protected] [email protected] [email protected] [email protected] |
9bis — kitty | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | 2024-02-09 | 7.8 | CVE-2024-25003 [email protected] [email protected] [email protected] [email protected] [email protected] |
9bis — kitty | KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | 2024-02-09 | 7.8 | CVE-2024-25004 [email protected] [email protected] [email protected] [email protected] [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20726 [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20727 [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20728 [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20729 [email protected] [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20730 [email protected] [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20731 [email protected] [email protected] |
adobe — adobe_framemaker | Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2024-02-15 | 9.8 | CVE-2024-20738 [email protected] |
adobe — audition | Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20739 [email protected] |
adobe — commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. | 2024-02-15 | 9.1 | CVE-2024-20719 [email protected] |
adobe — commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. | 2024-02-15 | 9.1 | CVE-2024-20720 [email protected] |
adobe — substance3d_-_designer | Substance3D – Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20750 [email protected] |
adobe — substance_3d_painter | Substance3D – Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20723 [email protected] |
adobe — substance_3d_painter | Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20740 [email protected] |
adobe — substance_3d_painter | Substance3D – Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20741 [email protected] |
adobe — substance_3d_painter | Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20742 [email protected] |
adobe — substance_3d_painter | Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20743 [email protected] |
adobe — substance_3d_painter | Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 7.8 | CVE-2024-20744 [email protected] |
alayacare — procura_portal | Publicly known cryptographic machine key in AlayaCare’s Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application’s authentication mechanisms. | 2024-02-16 | 8.6 | CVE-2023-6451 [email protected] |
alfio-event — alf.io | Alf.io is a free and open-source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-16 | 7.6 | CVE-2024-25628 [email protected] |
angular — angular | This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core). | 2024-02-10 | 7.5 | CVE-2024-21490 [email protected] [email protected] |
apache — solr | Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader. | 2024-02-09 | 8.8 | CVE-2023-50386 [email protected] [email protected] |
apache — solr | Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process’ Java system properties, /admin/info/properties, was only setup to hide system properties that had “password” contained in the name. There are a number of sensitive system properties, such as “basicauth” and “aws.secretKey” do not contain “password”, thus their values were published via the “/admin/info/properties” endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the “config-read” permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the “config-read” permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, “-Dsolr.hiddenSysProps”. By default all known sensitive properties are hidden (including “-Dbasicauth”), as well as any property with a name containing “secret” or “password”. Users who cannot upgrade can also use the following Java system property to fix the issue: ‘-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*’ | 2024-02-09 | 7.5 | CVE-2023-50291 [email protected] [email protected] |
apache — solr | Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the “trust” (authentication) of these configSets was not considered. External library loading is only available to configSets that are “trusted” (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their “trust” into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue. | 2024-02-09 | 7.5 | CVE-2023-50292 [email protected] [email protected] |
apache — solr | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a “zkHost” parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever “zkHost” the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server’s address in “zkHost”. Streaming Expressions are exposed via the “/streaming” handler, with “read” permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting. | 2024-02-09 | 7.5 | CVE-2023-50298 [email protected] [email protected] [email protected] |
azure — azure-uamqp_c | The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. | 2024-02-12 | 9.8 | CVE-2024-25110 [email protected] [email protected] |
boostmyshop — boostmyshop | SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. | 2024-02-09 | 9.8 | CVE-2024-24308 [email protected] |
code-projects — cinema_seat_reservation_system | Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the ‘id’ parameter at “/Cinema-Reservation/booking.php?id=1.” | 2024-02-09 | 9.8 | CVE-2024-25307 [email protected] |
code-projects — simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the ‘apass’ parameter at “School/index.php.” | 2024-02-09 | 8.8 | CVE-2024-25304 [email protected] |
code-projects — simple_school_management_system | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php. | 2024-02-09 | 8.8 | CVE-2024-25305 [email protected] |
code-projects — simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the ‘aname’ parameter at “School/index.php”. | 2024-02-09 | 8.8 | CVE-2024-25306 [email protected] |
code-projects — simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the ‘name’ parameter at School/teacher_login.php. | 2024-02-09 | 8.8 | CVE-2024-25308 [email protected] |
code-projects — simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the ‘pass’ parameter at School/teacher_login.php. | 2024-02-09 | 8.8 | CVE-2024-25309 [email protected] |
code-projects — simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the ‘id’ parameter at “School/delete.php?id=5.” | 2024-02-09 | 8.8 | CVE-2024-25310 [email protected] |
code-projects — simple_school_management_system | Code-projects Simple School Managment System 1.0 allows SQL Injection via the ‘id’ parameter at “School/sub_delete.php?id=5.” | 2024-02-09 | 8.8 | CVE-2024-25312 [email protected] |
code-projects — simple_school_management_system | Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. | 2024-02-09 | 8.8 | CVE-2024-25313 [email protected] |
comarch — erp_xl | Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2. | 2024-02-15 | 7.4 | CVE-2023-4537 [email protected] [email protected] |
comarch — erp_xl | Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2. | 2024-02-15 | 7.5 | CVE-2023-4539 [email protected] [email protected] |
contiki-ng — contiki-ng | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484. | 2024-02-14 | 8.6 | CVE-2023-50927 [email protected] [email protected] |
contiki-ng — contiki-ng | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the “develop” branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741. | 2024-02-14 | 7 | CVE-2023-48229 [email protected] [email protected] |
contiki-ng — contiki-ng | Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the “develop” branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721. | 2024-02-14 | 7.5 | CVE-2023-50926 [email protected] [email protected] |
dell — dell_smartfabric_os10 | Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity. | 2024-02-15 | 9.1 | CVE-2023-28078 [email protected] |
dell — dell_smartfabric_os10 | Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity. | 2024-02-15 | 9.8 | CVE-2023-32462 [email protected] |
dell — enterprise_sonic_os | Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity. | 2024-02-15 | 9.8 | CVE-2023-32484 [email protected] |
dell — esi_(enterprise_storage_integrator)_for_sap_lama | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. A remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. | 2024-02-15 | 9.8 | CVE-2023-39245 [email protected] |
dell — esi_(enterprise_storage_integrator)_for_sap_lama | DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an improper access control vulnerability in EHAC component. A remote unauthenticated attacker could potentially exploit this vulnerability to gain unrestricted access to the SOAP APIs. | 2024-02-15 | 7.3 | CVE-2023-39244 [email protected] |
dell — powerprotect_data_manager | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change | 2024-02-13 | 8.8 | CVE-2024-22454 [email protected] |
dell — powerprotect_data_manager | Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | 2024-02-13 | 7.2 | CVE-2024-22445 [email protected] |
dell — recoverpoint_for_vms | Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise. | 2024-02-16 | 7.2 | CVE-2024-22426 [email protected] |
dell — supportassist_client_consumer | Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023 | 2024-02-14 | 7.2 | CVE-2023-25535 [email protected] |
dell — supportassist_for_home_pcs | In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC. | 2024-02-14 | 7.8 | CVE-2023-44283 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges. | 2024-02-12 | 7.8 | CVE-2024-0164 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-0165 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. | 2024-02-12 | 7.8 | CVE-2024-0166 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges. | 2024-02-12 | 7.8 | CVE-2024-0167 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-0168 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-0170 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. | 2024-02-12 | 7.8 | CVE-2024-22222 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. | 2024-02-12 | 7.8 | CVE-2024-22223 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-22224 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-22225 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-22227 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | 2024-02-12 | 7.8 | CVE-2024-22228 [email protected] |
diracgrid — dirac | DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-24825 [email protected] [email protected] |
ebm_technologies — risweb | EBM Technologies RISWEB’s specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records. | 2024-02-15 | 9.8 | CVE-2024-26264 [email protected] |
ebm_technologies — uniweb/solipacs_webserver | EBM Technologies Uniweb/SoliPACS WebServer’s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator. | 2024-02-15 | 8.8 | CVE-2024-26262 [email protected] |
ec-web — fs-ezviewer(web) | EC-WEB FS-EZViewer (Web)’s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator. | 2024-02-15 | 8.8 | CVE-2024-1523 [email protected] |
emerson — gc370xa_firmware | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | 2024-02-09 | 9.1 | CVE-2023-43609 [email protected] [email protected] |
emerson — gc370xa_firmware | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. | 2024-02-09 | 9.8 | CVE-2023-46687 [email protected] [email protected] |
emerson — gc370xa_firmware | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. | 2024-02-09 | 9.8 | CVE-2023-49716 [email protected] [email protected] |
emerson — gc370xa_firmware | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | 2024-02-09 | 8.1 | CVE-2023-51761 [email protected] [email protected] |
enlightenment — imlib2 | An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | 8.8 | CVE-2024-25447 [email protected] [email protected] |
enlightenment — imlib2 | An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | 8.8 | CVE-2024-25448 [email protected] [email protected] |
enlightenment — imlib2 | imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). | 2024-02-09 | 8.8 | CVE-2024-25450 [email protected] [email protected] |
envoyproxy — envoy | Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23322 [email protected] [email protected] |
envoyproxy — envoy | Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23324 [email protected] [email protected] |
envoyproxy — envoy | Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23325 [email protected] [email protected] |
envoyproxy — envoy | Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 7.5 | CVE-2024-23327 [email protected] [email protected] |
eset_spol_s_r.o. — eset_nod32_antivirus | Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. | 2024-02-15 | 7.8 | CVE-2024-0353 [email protected] |
f5 — big-ip | When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 8.7 | CVE-2024-22093 [email protected] |
f5 — big-ip | When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-21763 [email protected] |
f5 — big-ip | For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-21771 [email protected] |
f5 — big-ip | When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-21789 [email protected] |
f5 — big-ip | When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-02-14 | 7.5 | CVE-2024-21849 [email protected] |
f5 — big-ip | When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.2 | CVE-2024-22389 [email protected] |
f5 — big-ip | When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with “Apply value and content signatures and detect threat campaigns.” Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23308 [email protected] |
f5 — big-ip | When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23314 [email protected] |
f5 — big-ip | Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23805 [email protected] |
f5 — big-ip | When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23979 [email protected] |
f5 — big-ip | When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-23982 [email protected] |
f5 — nginx_plus | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-24989 [email protected] |
f5 — nginx_plus | When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-24990 [email protected] |
filseclab — twister_antivirus | Twister Antivirus v8.17 allows Elevation of Privileges on the computer where it’s installed by triggering the 0x80112067, 0x801120CB and 0x801120CC IOCTL codes of the fildds.sys driver. | 2024-02-13 | 7.8 | CVE-2024-1096 [email protected] [email protected] |
flusity — flusity | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. | 2024-02-11 | 8.8 | CVE-2024-25417 [email protected] |
flusity — flusity | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. | 2024-02-11 | 8.8 | CVE-2024-25418 [email protected] |
flusity — flusity | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. | 2024-02-11 | 8.8 | CVE-2024-25419 [email protected] |
fortinet — forticlientems | An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows a Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests. | 2024-02-15 | 8.8 | CVE-2023-45581 [email protected] |
fortinet — fortiproxy | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests | 2024-02-09 | 9.8 | CVE-2024-21762 [email protected] |
fortinet — fortiswitchmanager | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. | 2024-02-15 | 9.8 | CVE-2024-23113 [email protected] |
g5theme — ere_recently_viewed_essential_real_estate_add-on | Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On. This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3. | 2024-02-12 | 9.8 | CVE-2024-24797 [email protected] |
gambio — gambio | Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via “search” parameter of the Parcelshopfinder/AddAddressBookEntry” function. | 2024-02-12 | 9.8 | CVE-2024-23759 [email protected] |
gambio — gambio | Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | 2024-02-12 | 9.8 | CVE-2024-23761 [email protected] |
gambio — gambio | SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | 2024-02-12 | 9.8 | CVE-2024-23763 [email protected] |
gambio — gambio | Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. | 2024-02-12 | 7.8 | CVE-2024-23762 [email protected] |
getcomposer — composer | Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar’s self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:“`sh rm vendor/composer/installed.php vendor/composer/InstalledVersions.php composer install –no-scripts –no-plugins “` | 2024-02-09 | 7.8 | CVE-2024-24821 [email protected] [email protected] |
github — enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-13 | 9.1 | CVE-2024-1355 [email protected] [email protected] [email protected] [email protected] |
github — enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1359 [email protected] [email protected] [email protected] [email protected] |
github — enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collected configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1369 [email protected] [email protected] [email protected] [email protected] |
github — enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1372 [email protected] [email protected] [email protected] [email protected] |
github — enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1374 [email protected] [email protected] [email protected] [email protected] |
github — enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com. | 2024-02-13 | 9.1 | CVE-2024-1378 [email protected] [email protected] [email protected] [email protected] |
github — enterprise_server | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-13 | 8 | CVE-2024-1354 [email protected] [email protected] [email protected] [email protected] |
github — enterprise_server | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-14 | 7.1 | CVE-2024-1482 [email protected] [email protected] [email protected] |
grafana — grafana_son_datasource | The JSON data source plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path. This means that if the data source was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the data source which issues queries containing path traversal characters, which would in turn cause the data source to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) https://example.com/api/admin_api/) . In the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability. | 2024-02-14 | 8 | CVE-2023-5123 [email protected] |
hcltech — sametime | Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. | 2024-02-09 | 8.8 | CVE-2023-50349 [email protected] |
hgiga — oaklouds | The functionality for synchronization in HGiga OAKlouds’ certain modules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission. | 2024-02-15 | 9.8 | CVE-2024-26260 [email protected] |
hgiga — oaklouds | The functionality for file download in HGiga OAKlouds’ certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded. | 2024-02-15 | 9.8 | CVE-2024-26261 [email protected] |
hima — f30_03x_yy_(com) | An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port. | 2024-02-13 | 7.5 | CVE-2024-24781 [email protected] |
hotel_management_system_project — hotel_management_system | Code-projects Hotel Managment System 1.0, allows SQL Injection via the ‘sid’ parameter in Hotel/admin/show.php?sid=2. | 2024-02-09 | 9.8 | CVE-2024-25314 [email protected] |
hotel_management_system_project — hotel_management_system | Code-projects Hotel Managment System 1.0, allows SQL Injection via the ‘rid’ parameter in Hotel/admin/roombook.php?rid=2. | 2024-02-09 | 9.8 | CVE-2024-25315 [email protected] |
hotel_management_system_project — hotel_management_system | Code-projects Hotel Managment System 1.0 allows SQL Injection via the ‘eid’ parameter in Hotel/admin/usersettingdel.php?eid=2. | 2024-02-09 | 9.8 | CVE-2024-25316 [email protected] |
hotel_management_system_project — hotel_management_system | Code-projects Hotel Managment System 1.0 allows SQL Injection via the ‘pid’ parameter in Hotel/admin/print.php?pid=2. | 2024-02-09 | 8.8 | CVE-2024-25318 [email protected] |
hugin_project — hugin | An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | 7.8 | CVE-2024-25442 [email protected] [email protected] |
hugin_project — hugin | An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. | 2024-02-09 | 7.8 | CVE-2024-25443 [email protected] [email protected] |
hugin_project — hugin | Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. | 2024-02-09 | 7.8 | CVE-2024-25445 [email protected] [email protected] |
hugin_project — hugin | An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | 2024-02-09 | 7.8 | CVE-2024-25446 [email protected] [email protected] |
ibm — engineering_lifecycle_optimization | IBM Engineering Lifecycle Optimization – Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. | 2024-02-09 | 8.8 | CVE-2023-45187 [email protected] [email protected] |
ibm — engineering_lifecycle_optimization | IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. | 2024-02-09 | 7.5 | CVE-2023-45191 [email protected] [email protected] |
ibm — semeru_runtime | IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 – 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. | 2024-02-10 | 7.5 | CVE-2024-22361 [email protected] [email protected] |
ibm — storage_defender_resiliency_service | IBM Storage Defender – Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783. | 2024-02-10 | 7.2 | CVE-2023-50957 [email protected] [email protected] |
ibm — storage_defender_resiliency_service | IBM Storage Defender – Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | 2024-02-10 | 7.8 | CVE-2024-22313 [email protected] [email protected] |
ibm — storage_scale_container_native_storage_access | IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local attacker to initiate connections from a container outside the current namespace. IBM X-Force ID: 237811. | 2024-02-17 | 7.1 | CVE-2022-41737 [email protected] [email protected] |
ibm — storage_scale_container_native_storage_access | IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812. | 2024-02-17 | 7.5 | CVE-2022-41738 [email protected] [email protected] |
icinga — icinga | Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director’s configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being. | 2024-02-09 | 8.3 | CVE-2024-24820 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
icinga — icingaweb2-module-incubator | icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client’s submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 8.8 | CVE-2024-24819 [email protected] [email protected] [email protected] |
innovadeluxe — manufacturer_or_supplier_alphabetical_search | SQL injection vulnerability in InnovaDeluxe “Manufacturer or supplier alphabetical search” (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. | 2024-02-09 | 9.8 | CVE-2023-46350 [email protected] |
intel — intel(r)_dsa_software | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 8.8 | CVE-2023-39425 [email protected] |
intel — intel(r)_oneapi_dpc++/c++_compiler_software | Improper access control in some Intel(R) oneAPI DPC++/C++ Compiler software before version 2023.2.1 may allow authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 7.8 | CVE-2023-35121 [email protected] |
intel — intel(r)_pcm_software | Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access. | 2024-02-14 | 7.5 | CVE-2023-34351 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access. | 2024-02-14 | 7.1 | CVE-2023-33875 [email protected] |
intel — intel(r)_sur_software | Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 7.1 | CVE-2023-39941 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in the Intel(R) Thunderbolt (TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 8.2 | CVE-2023-22293 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper input validation in some Intel(R) Thunderbolt (TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 7.7 | CVE-2023-22342 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt (TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 7.9 | CVE-2023-25777 [email protected] |
isc — bind_9 | The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | 2024-02-13 | 7.5 | CVE-2023-4408 [email protected] [email protected] [email protected] |
isc — bind_9 | A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: – `nxdomain-redirect <domain>;` is configured, and – the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | 2024-02-13 | 7.5 | CVE-2023-5517 [email protected] [email protected] [email protected] |
isc — bind_9 | A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | 2024-02-13 | 7.5 | CVE-2023-5679 [email protected] [email protected] [email protected] |
isc — bind_9 | To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1. | 2024-02-13 | 7.5 | CVE-2023-6516 [email protected] [email protected] [email protected] |
ivanti — connect_secure | An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. | 2024-02-13 | 8.3 | CVE-2024-22024 [email protected] |
linksys — wrt54gl_firmware | A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-09 | 7.5 | CVE-2024-1404 [email protected] [email protected] [email protected] |
litespeedtech — lsquic | In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | 2024-02-09 | 9.8 | CVE-2024-25678 [email protected] [email protected] [email protected] |
manageengine — exchange_reporter_plus | Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. | 2024-02-16 | 8.3 | CVE-2024-21775 0fc0942c-577d-436f-ae8e-945763c79b02 |
mhenrixon — sidekiq-unique-jobs | sidekiq-unique-jobs is an open-source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs’ “admin” web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-13 | 7.1 | CVE-2024-25122 [email protected] [email protected] |
microsoft — .net_6.0 | .NET Denial of Service Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21404 [email protected] |
microsoft — asp.net_core_6.0 | .NET Denial of Service Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21386 [email protected] |
microsoft — azure_connected_machine_agent | Azure Connected Machine Agent Elevation of Privilege Vulnerability | 2024-02-13 | 7.3 | CVE-2024-21329 [email protected] |
microsoft — azure_devops_server_2022 | Azure DevOps Server Remote Code Execution Vulnerability | 2024-02-13 | 7.5 | CVE-2024-20667 [email protected] |
microsoft — azure_kubernetes_service | Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | 2024-02-13 | 9 | CVE-2024-21376 [email protected] |
microsoft — azure_kubernetes_service | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | 2024-02-13 | 9 | CVE-2024-21403 [email protected] |
microsoft — azure_site_recovery | Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | 2024-02-13 | 9.3 | CVE-2024-21364 [email protected] |
microsoft — entra | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | 2024-02-13 | 9.8 | CVE-2024-21401 [email protected] |
microsoft — microsoft_365_apps_for_enterprise | Microsoft Office OneNote Remote Code Execution Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21384 [email protected] |
microsoft — microsoft_365_apps_for_enterprise | Microsoft Outlook Elevation of Privilege Vulnerability | 2024-02-13 | 7.1 | CVE-2024-21402 [email protected] |
microsoft — microsoft_defender_for_endpoint_for_windows | Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21315 [email protected] |
microsoft — microsoft_dynamics_365_(on-premises)_version_9.1 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2024-02-13 | 8.2 | CVE-2024-21395 [email protected] |
microsoft — microsoft_dynamics_365_(on-premises)_version_9.1 | Dynamics 365 Sales Spoofing Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21328 [email protected] |
microsoft — microsoft_dynamics_365_(on-premises)_version_9.1 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21389 [email protected] |
microsoft — microsoft_dynamics_365_(on-premises)_version_9.1 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21393 [email protected] |
microsoft — microsoft_dynamics_365_(on-premises)_version_9.1 | Dynamics 365 Field Service Spoofing Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21394 [email protected] |
microsoft — microsoft_dynamics_365_(on-premises)_version_9.1 | Dynamics 365 Sales Spoofing Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21396 [email protected] |
microsoft — microsoft_dynamics_365_business_central_2022_release_wave_2 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | 2024-02-13 | 8 | CVE-2024-21380 [email protected] |
microsoft — microsoft_dynamics_365_customer_engagement_v9.1 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21327 [email protected] |
microsoft — microsoft_exchange_server_2016_cumulative_update_23 | Microsoft Exchange Server Elevation of Privilege Vulnerability | 2024-02-13 | 9.8 | CVE-2024-21410 [email protected] |
microsoft — microsoft_office_2019 | Microsoft Outlook Remote Code Execution Vulnerability | 2024-02-13 | 9.8 | CVE-2024-21413 [email protected] [email protected] |
microsoft — microsoft_office_2019 | Microsoft Outlook Remote Code Execution Vulnerability | 2024-02-13 | 8 | CVE-2024-21378 [email protected] |
microsoft — microsoft_office_2019 | Microsoft Office Remote Code Execution Vulnerability | 2024-02-13 | 7.8 | CVE-2024-20673 [email protected] |
microsoft — microsoft_office_2019 | Microsoft Word Remote Code Execution Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21379 [email protected] |
microsoft — windows_10_version_1809 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21349 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21350 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21352 [email protected] |
microsoft — windows_10_version_1809 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 2024-02-13 | 8.1 | CVE-2024-21357 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21358 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21359 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21360 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21361 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21365 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21366 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21367 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21368 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21369 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21370 [email protected] |
microsoft — windows_10_version_1809 | Windows OLE Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21372 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21375 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21391 [email protected] |
microsoft — windows_10_version_1809 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21420 [email protected] |
microsoft — windows_10_version_1809 | Windows Kernel Elevation of Privilege Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21338 [email protected] |
microsoft — windows_10_version_1809 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21347 [email protected] |
microsoft — windows_10_version_1809 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21348 [email protected] |
microsoft — windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21354 [email protected] |
microsoft — windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 2024-02-13 | 7 | CVE-2024-21355 [email protected] |
microsoft — windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21363 [email protected] |
microsoft — windows_10_version_1809 | Windows Kernel Elevation of Privilege Vulnerability | 2024-02-13 | 7 | CVE-2024-21371 [email protected] |
microsoft — windows_10_version_1809 | Windows DNS Information Disclosure Vulnerability | 2024-02-13 | 7.1 | CVE-2024-21377 [email protected] |
microsoft — windows_10_version_1809 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 2024-02-13 | 7 | CVE-2024-21405 [email protected] |
microsoft — windows_10_version_1809 | Windows Printing Service Spoofing Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21406 [email protected] |
microsoft — windows_11_version_21h2 | Internet Shortcut Files Security Feature Bypass Vulnerability | 2024-02-13 | 8.1 | CVE-2024-21412 [email protected] |
microsoft — windows_11_version_21h2 | Win32k Elevation of Privilege Vulnerability | 2024-02-13 | 7.8 | CVE-2024-21346 [email protected] |
microsoft — windows_11_version_22h2 | Windows DNS Client Denial of Service Vulnerability | 2024-02-13 | 7.5 | CVE-2024-21342 [email protected] |
microsoft — windows_11_version_23h2 | Windows SmartScreen Security Feature Bypass Vulnerability | 2024-02-13 | 7.6 | CVE-2024-21351 [email protected] |
microsoft — windows_server_2022_23h2_edition_(server_core_installation) | Windows Kernel Elevation of Privilege Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21345 [email protected] |
microsoft — windows_server_2022_23h2_edition_(server_core_installation) | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | 2024-02-13 | 8.8 | CVE-2024-21353 [email protected] |
minbrowser — min | In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. | 2024-02-09 | 8.8 | CVE-2024-25677 [email protected] |
misp — misp | An issue was discovered in MISP before 2.4.184. Organization logo upload is insecure because of a lack of checks for the file extension and MIME type. | 2024-02-09 | 9.8 | CVE-2024-25674 [email protected] [email protected] |
misp — misp | An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | 2024-02-09 | 9.8 | CVE-2024-25675 [email protected] [email protected] |
nlnet_labs — unbound | A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. | 2024-02-15 | 8 | CVE-2024-1488 [email protected] [email protected] |
objectcomputing — micronaut | Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are “simple” and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade. | 2024-02-09 | 7.8 | CVE-2024-23639 [email protected] [email protected] |
objectcomputing — opendds | In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits.max_samples. NOTE: the vendor’s position is that the product is not designed to handle a max_samples value that is too large for the amount of memory on the system. | 2024-02-11 | 7.5 | CVE-2023-52427 [email protected] |
oduyo — online_collection | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2. | 2024-02-09 | 9.8 | CVE-2023-6677 [email protected] |
open-mss — mss | MSS (Mission Support System) is an open-source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The `filename` variable is joined with other variables to form a file path in `_file`. However, `filename` is a route parameter that can capture path type values i.e. values including slashes (\). So, it is possible for an attacker to manipulate the file being read by assigning a value containing ../ to `filename` and so the attacker may be able to gain access to other files on the host filesystem. This issue has been addressed in MSS version 8.3.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-15 | 7.3 | CVE-2024-25123 [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite | CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | 2024-02-14 | 7.1 | CVE-2023-27975 [email protected] |
open-xchange_gmbh — ox_app_suite | Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a user’s sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known. | 2024-02-12 | 7.1 | CVE-2023-41704 [email protected] [email protected] |
openidc — mod_auth_openidc | mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-13 | 7.5 | CVE-2024-24814 [email protected] [email protected] |
openrefine — openrefine | OpenRefine is a free, open-source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-12 | 7.5 | CVE-2024-23833 [email protected] [email protected] |
opentext — alm_octane | Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. | 2024-02-15 | 7.5 | CVE-2023-6123 [email protected] |
opentext — operations_agent | Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on no-Windows platforms. The vulnerability could allow local privilege escalation. | 2024-02-15 | 8.8 | CVE-2024-0622 [email protected] |
oracle_corporation — agile_plm_framework | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 2024-02-17 | 8.8 | CVE-2024-20953 [email protected] |
oracle_corporation — agile_product_lifecycle_management_for_process | Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). | 2024-02-17 | 7.3 | CVE-2024-20956 [email protected] |
oracle_corporation — audit_vault_and_database_firewall | Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | 2024-02-17 | 7.5 | CVE-2024-20909 [email protected] |
oracle_corporation — enterprise_manager_base_platform | Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L). | 2024-02-17 | 7.5 | CVE-2024-20917 [email protected] |
oracle_corporation — weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.6 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). | 2024-02-17 | 8.6 | CVE-2024-20927 [email protected] |
oracle_corporation — weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2024-02-17 | 7.5 | CVE-2024-20931 [email protected] |
phpems — phpems | A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability. | 2024-02-09 | 9.8 | CVE-2024-1353 [email protected] [email protected] [email protected] |
pixelfed — pixelfed | Pixelfed is an open-source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server and can potentially affect the servers’ ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-12 | 9.9 | CVE-2024-25108 [email protected] [email protected] |
postahsl_ — online_payment_system | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in POSTAHSL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024. | 2024-02-15 | 9.8 | CVE-2023-7081 [email protected] |
presta_monster — multi_accessories_pro | SQL injection vulnerability in Presta Monster “Multi Accessories Pro” (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). | 2024-02-09 | 9.8 | CVE-2023-50026 [email protected] |
propertyhive — propertyhive | Deserialization of Untrusted Data vulnerability in PropertyHive. This issue affects PropertyHive: from n/a through 2.0.5. | 2024-02-12 | 8.7 | CVE-2024-23513 [email protected] |
rems — event_student_attendance_system | Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the ‘student’ parameter. | 2024-02-09 | 9.8 | CVE-2024-25302 [email protected] |
rockwell_automation — factorytalk_service_platform | A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable. | 2024-02-16 | 9 | CVE-2024-21915 [email protected] |
sap_se — sap_aba_(application_basis) | In SAP ABA (Application Basis) – versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable. | 2024-02-13 | 9.1 | CVE-2024-22131 [email protected] [email protected] |
sap_se — sap_cloud_connector | Due to improper validation of certificate in SAP Cloud Connector – version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system. | 2024-02-13 | 7.4 | CVE-2024-25642 [email protected] [email protected] |
sap_se — sap_crm_webclient_ui | Print preview option in SAP CRM WebClient UI – versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the application data after successful exploitation. | 2024-02-13 | 7.6 | CVE-2024-22130 [email protected] [email protected] |
sap_se — sap_ides_systems | SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user’s choice. An attacker can therefore control the behavior of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. | 2024-02-13 | 7.4 | CVE-2024-22132 [email protected] [email protected] |
sap_se — sap_netweaver_as_java_(guided_procedures) | SAP NetWeaver AS Java (CAF – Guided Procedures) – version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected. | 2024-02-13 | 8.6 | CVE-2024-24743 [email protected] [email protected] |
sap_se — sap_netweaver_as_java_(user_admin_application) | The User Admin application of SAP NetWeaver AS for Java – version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability. | 2024-02-13 | 8.8 | CVE-2024-22126 [email protected] [email protected] |
schneider_electric — ecostruxure_control_expert | CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | 2024-02-14 | 7.7 | CVE-2023-6409 [email protected] |
schneider_electric — harmony_control_relay_rmnf22tb30 | CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. | 2024-02-14 | 8.8 | CVE-2024-0568 [email protected] |
schneider_electric — modicon_m340_cpu_(part_numbers_bmxp34*) | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. | 2024-02-14 | 8.1 | CVE-2023-6408 [email protected] |
sherlock — employee_management_system | An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html. | 2024-02-14 | 9.8 | CVE-2024-25214 [email protected] |
sherlock — employee_management_system | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. | 2024-02-14 | 9.8 | CVE-2024-25215 [email protected] |
sherlock — employee_management_system | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php. | 2024-02-14 | 9.8 | CVE-2024-25216 [email protected] |
sherlock — employee_management_system | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. | 2024-02-14 | 7.2 | CVE-2024-25212 [email protected] |
sherlock — employee_management_system | Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php. | 2024-02-14 | 7.2 | CVE-2024-25213 [email protected] |
siemens — location_intelligence_perpetual_large | A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. | 2024-02-13 | 9.8 | CVE-2024-23816 [email protected] |
siemens — parasolid_v35.0 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2023-49125 [email protected] |
siemens — polarion_alm | A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code. | 2024-02-13 | 7.3 | CVE-2024-23813 [email protected] |
siemens — polarion_alm | A vulnerability has been identified in Polarion ALM (All versions). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM. | 2024-02-13 | 7.8 | CVE-2023-50236 [email protected] |
siemens — simatic_cp_343-1 | A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial-of-service condition by injecting spoofed TCP RST packets. | 2024-02-13 | 7.5 | CVE-2023-51440 [email protected] |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710) | 2024-02-13 | 7.8 | CVE-2024-24920 [email protected] |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712) | 2024-02-13 | 7.8 | CVE-2024-24921 [email protected] |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715) | 2024-02-13 | 7.8 | CVE-2024-24922 [email protected] |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055) | 2024-02-13 | 7.8 | CVE-2024-24923 [email protected] |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059) | 2024-02-13 | 7.8 | CVE-2024-24924 [email protected] |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060) | 2024-02-13 | 7.8 | CVE-2024-24925 [email protected] |
siemens — sinec_nms | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. | 2024-02-13 | 8.8 | CVE-2024-23810 [email protected] |
siemens — sinec_nms | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution. | 2024-02-13 | 8.8 | CVE-2024-23811 [email protected] |
siemens — sinec_nms | A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection. | 2024-02-13 | 8 | CVE-2024-23812 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23795 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23796 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23797 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23798 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23802 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23803 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process. | 2024-02-13 | 7.8 | CVE-2024-23804 [email protected] |
siemens — unicam_fx | A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack. | 2024-02-13 | 7.8 | CVE-2024-22042 [email protected] |
simgesel — hearing_tracking_system | Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. | 2024-02-09 | 8.8 | CVE-2023-6724 [email protected] |
solarwinds — access_rights_manager | The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | 2024-02-15 | 9 | CVE-2023-40057 [email protected] |
solarwinds — access_rights_manager | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | 2024-02-15 | 9.6 | CVE-2024-23476 [email protected] |
solarwinds — access_rights_manager | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | 2024-02-15 | 9.6 | CVE-2024-23479 [email protected] |
solarwinds — access_rights_manager | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. | 2024-02-15 | 8 | CVE-2024-23478 [email protected] |
solarwinds — access_rights_manager | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | 2024-02-15 | 7.9 | CVE-2024-23477 [email protected] |
task_manager_in_php_with_source_code_project — task_manager_in_php_with_source_code | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. | 2024-02-14 | 9.8 | CVE-2024-25220 [email protected] |
task_manager_in_php_with_source_code_project — task_manager_in_php_with_source_code | Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. | 2024-02-14 | 9.8 | CVE-2024-25222 [email protected] |
tenable — security_center | A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. | 2024-02-14 | 7.2 | CVE-2024-1367 [email protected] |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage (“zero-storage”) is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`. | 2024-02-13 | 7.1 | CVE-2024-25121 [email protected] [email protected] |
uni-pa_university_marketing_&_computer_internet_trade_inc — university_information_system | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection. This issue affects University Information System: before 12.12.2023. | 2024-02-14 | 9.8 | CVE-2023-6441 [email protected] |
utarit_information_technologies — solipay_mobile_app | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. This issue affects SoliPay Mobile App: before 5.0.8. | 2024-02-15 | 9.8 | CVE-2023-5155 [email protected] |
utarit_information_technologies — solipay_mobile_app | Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8. | 2024-02-15 | 7.5 | CVE-2023-4993 [email protected] |
utarit_information_technologies — solipay_mobile_app | Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable. This issue affects SoliPay Mobile App: before 5.0.8. | 2024-02-15 | 7.5 | CVE-2023-6255 [email protected] |
vercel — pkg | pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realizing it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security. | 2024-02-09 | 7.8 | CVE-2024-24828 [email protected] [email protected] |
wordpress — wordpress | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the ‘q’ parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-10 | 8.8 | CVE-2024-0594 [email protected] [email protected] [email protected] [email protected] |
wordpress — wordpress | The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources. | 2024-02-09 | 7.5 | CVE-2024-0842 [email protected] [email protected] |
wordpress — wordpress | The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the ‘MerchantReference’ parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-17 | 9.8 | CVE-2024-0610 [email protected] [email protected] |
wordpress — wordpress | The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the ‘user’ parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-02-17 | 9.8 | CVE-2024-1512 [email protected] [email protected] |
wordpress — wordpress | Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin. This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1. | 2024-02-12 | 8.2 | CVE-2024-24796 [email protected] |
wordpress — wordpress | Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme. This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | 2024-02-12 | 7.5 | CVE-2024-24926 [email protected] |
wp_swings — coupon_referral_program | Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program. This issue affects Coupon Referral Program: from n/a through 1.7.2. | 2024-02-12 | 10 | CVE-2024-25100 [email protected] |
wpxpo — productx_woocommerce_builder_&_gutenberg_woocommerce_blocks | Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks. This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4. | 2024-02-12 | 8.7 | CVE-2024-23512 [email protected] |
x.org — x.org | An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. | 2024-02-09 | 7.8 | CVE-2024-0229 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
zoom_video_communications,_inc — zoom_desktop_client_for_windows,_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. | 2024-02-14 | 9.6 | CVE-2024-24691 [email protected] |
zoom_video_communications_inc — zoom_clients | Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. | 2024-02-14 | 7.2 | CVE-2024-24697 [email protected] |
f5 — big-ip | When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 7.5 | CVE-2024-24775 [email protected] |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20733 [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20734 [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20735 [email protected] [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20736 [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20747 [email protected] [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20748 [email protected] [email protected] |
adobe — acrobat_reader | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20749 [email protected] [email protected] |
adobe — commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website. | 2024-02-15 | 6.5 | CVE-2024-20718 [email protected] |
adobe — commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-02-15 | 5.4 | CVE-2024-20717 [email protected] |
adobe — commerce | Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction. | 2024-02-15 | 4.9 | CVE-2024-20716 [email protected] |
adobe — substance_3d_painter | Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20722 [email protected] |
adobe — substance_3d_painter | Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20724 [email protected] |
adobe — substance_3d_painter | Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-02-15 | 5.5 | CVE-2024-20725 [email protected] |
algosec — algosec_fireflow | Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application’s code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above) | 2024-02-15 | 5.1 | CVE-2023-46596 [email protected] |
apache_software_foundation — apache_superset | This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. | 2024-02-14 | 6.5 | CVE-2024-23952 [email protected] [email protected] [email protected] |
ari_soft — contact_form_7_connector | Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector. This issue affects Contact Form 7 Connector: from n/a through 1.2.2. | 2024-02-12 | 4.3 | CVE-2024-24884 [email protected] |
automattic — crowdsignal_dashboard | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS. This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. | 2024-02-10 | 6.1 | CVE-2023-51488 [email protected] |
automattic — sensei_lms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automatic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS. This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | 2024-02-12 | 5.4 | CVE-2023-50875 [email protected] |
axiosys — bento4 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function. | 2024-02-09 | 6.5 | CVE-2024-25451 [email protected] |
axiosys — bento4 | Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. | 2024-02-09 | 5.5 | CVE-2024-25452 [email protected] |
axiosys — bento4 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. | 2024-02-09 | 5.5 | CVE-2024-25453 [email protected] [email protected] |
axiosys — bento4 | Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. | 2024-02-09 | 5.5 | CVE-2024-25454 [email protected] |
ays-pro — chartify | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6. | 2024-02-12 | 4.8 | CVE-2023-47526 [email protected] |
badge — hacker_hotel_badge | Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial-of-service attack. Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding. This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3. | 2024-02-11 | 5.7 | CVE-2024-21875 [email protected] [email protected] |
barangay_management_system_project — barangay_management_system | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter. | 2024-02-14 | 5.4 | CVE-2024-25207 [email protected] |
barangay_management_system_project — barangay_management_system | Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter. | 2024-02-14 | 5.4 | CVE-2024-25208 [email protected] |
beds24 — online_booking | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.23. | 2024-02-10 | 4.8 | CVE-2024-24717 [email protected] |
beyondtrust — privilege_management_for_windows | An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When a low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges. | 2024-02-16 | 6.3 | CVE-2024-25083 [email protected] |
calculatorsworld — cc_bmi_calculator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1. | 2024-02-10 | 5.4 | CVE-2024-23516 [email protected] |
canonical_ltd — lxd | An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu’s EDK2. This allows an OS-resident attacker to bypass Secure Boot. | 2024-02-14 | 6.7 | CVE-2023-48733 [email protected] [email protected] [email protected] [email protected] |
canonical_ltd — lxd | An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. | 2024-02-14 | 6.7 | CVE-2023-49721 [email protected] [email protected] [email protected] [email protected] |
clicktotweet — click_to_tweet | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14. | 2024-02-10 | 5.4 | CVE-2024-23514 [email protected] |
comarch — erp_xl | The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2. | 2024-02-15 | 6.2 | CVE-2023-4538 [email protected] [email protected] |
concretecms — concrete_cms | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. | 2024-02-09 | 4.8 | CVE-2024-1245 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
concretecms — concrete_cms | Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9. | 2024-02-09 | 4.8 | CVE-2024-1246 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
concretecms — concrete_cms | Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. | 2024-02-09 | 4.8 | CVE-2024-1247 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
content_cards_project — content_cards | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7. | 2024-02-12 | 5.4 | CVE-2024-24928 [email protected] |
dell — bsafe_ssl-j | Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. | 2024-02-10 | 4.4 | CVE-2023-28077 [email protected] |
dell — mobility_e-lab_navigator | Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Object Reference Vulnerability in Feedback submission. An attacker could potentially exploit this vulnerability, to manipulate the email’s appearance, potentially deceiving recipients and causing reputational and security risks. | 2024-02-14 | 4.4 | CVE-2024-22455 [email protected] |
dell — recoverpoint_for_vms | Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner. | 2024-02-16 | 6.5 | CVE-2024-22425 [email protected] |
dell — secure_connect_gateway-application | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | 2024-02-14 | 5.4 | CVE-2023-44293 [email protected] |
dell — secure_connect_gateway-application | In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | 2024-02-14 | 5.4 | CVE-2023-44294 [email protected] |
dell — supportassist_client_consumer | Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. | 2024-02-14 | 6.3 | CVE-2023-39249 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information. | 2024-02-12 | 6.5 | CVE-2024-22221 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges. | 2024-02-12 | 6.5 | CVE-2024-22226 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product’s feature to compromise their systems. | 2024-02-12 | 5.4 | CVE-2024-0169 [email protected] |
dell — unity_operating_environment | Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim’s browser. | 2024-02-12 | 5.4 | CVE-2024-22230 [email protected] |
derhansen — sf_event_mgt | sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-13 | 4.3 | CVE-2024-24751 [email protected] [email protected] |
ebm_technologies — risweb | EBM Technologies RISWEB’s specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. | 2024-02-15 | 5.3 | CVE-2024-26263 [email protected] |
ecshop — ecshop | A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view_sendlist.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250562 is the identifier assigned to this vulnerability. | 2024-02-15 | 6.3 | CVE-2024-1530 [email protected] [email protected] [email protected] |
envoyproxy — envoy | Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 5.3 | CVE-2024-23323 [email protected] [email protected] |
exiv2 — exiv2 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-12 | 5.5 | CVE-2024-24826 [email protected] [email protected] |
exiv2 — exiv2 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-12 | 5.5 | CVE-2024-25112 [email protected] [email protected] |
f5 — big-ip | BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 6.7 | CVE-2024-21782 [email protected] |
f5 — big-ip | When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 6 | CVE-2024-23976 [email protected] |
f5 — big-ip_next_spk | A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 4.4 | CVE-2024-23306 [email protected] |
f5 — f5os_-_appliance | When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-02-14 | 6.2 | CVE-2024-24966 [email protected] |
f5 — f5os_-_appliance | A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-02-14 | 5.5 | CVE-2024-23607 [email protected] |
filseclab — twister_antivirus | Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver. | 2024-02-13 | 5.8 | CVE-2024-1140 [email protected] [email protected] |
filseclab — twister_antivirus | Twister Antivirus v8.17 is vulnerable to a Denial-of-Service vulnerability by triggering the 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver. | 2024-02-13 | 5.5 | CVE-2024-1216 [email protected] [email protected] |
fortinet — fortimanager | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. | 2024-02-15 | 5 | CVE-2023-44253 [email protected] |
fortinet — fortinac | An improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiNAC 9.4.0 – 9.4.2, 9.2.0 – 9.2.8, 9.1.0 – 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. | 2024-02-15 | 6.8 | CVE-2023-26206 [email protected] |
fortinet — fortios | An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 – 7.0.13, 7.2.0 – 7.2.6 and 7.4.0 – 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. | 2024-02-15 | 4.8 | CVE-2023-47537 [email protected] |
geek_code_lab — all_404_pages_redirect_to_homepage | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS. This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9. | 2024-02-12 | 6.1 | CVE-2024-24889 [email protected] |
getawesomesupport — awesome_support | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. | 2024-02-10 | 4.3 | CVE-2024-0595 [email protected] [email protected] [email protected] |
getgrav — grav | A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | 2024-02-09 | 5.4 | CVE-2023-31506 [email protected] |
github — enterprise_server | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-13 | 6.3 | CVE-2024-1082 [email protected] [email protected] [email protected] [email protected] |
github — enterprise_server | Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-02-13 | 6.5 | CVE-2024-1084 [email protected] [email protected] [email protected] [email protected] |
gitlab — gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. | 2024-02-12 | 6.5 | CVE-2024-1250 [email protected] |
givewp — givewp | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS. This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2. | 2024-02-10 | 5.4 | CVE-2023-51415 [email protected] |
glewlwyd_sso_server_project — glewlwyd_sso_server | Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | 2024-02-11 | 6.1 | CVE-2024-25715 [email protected] [email protected] |
grafana — grafana | A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option “verify_email_enabled” will only validate email only on sign up. | 2024-02-13 | 5.4 | CVE-2023-6152 [email protected] [email protected] |
grafana — grafana-csv-datasource | Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator | 2024-02-14 | 5 | CVE-2023-5122 [email protected] |
greenpau — github.com/greenpau/caddy-security | Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package. | 2024-02-17 | 6.5 | CVE-2024-21495 [email protected] [email protected] [email protected] [email protected] |
greenpau — github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], [“], [‘]), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target user’s browser, compromising user sessions. | 2024-02-17 | 6.1 | CVE-2024-21496 [email protected] [email protected] [email protected] |
greenpau — github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server. | 2024-02-17 | 5.3 | CVE-2024-21493 [email protected] [email protected] [email protected] |
greenpau — github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. | 2024-02-17 | 5.4 | CVE-2024-21494 [email protected] [email protected] [email protected] |
greenpau — github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection. | 2024-02-17 | 5.4 | CVE-2024-21497 [email protected] [email protected] [email protected] |
greenpau — github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability. | 2024-02-17 | 5.3 | CVE-2024-21498 [email protected] [email protected] [email protected] |
greenpau — github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the “Sign Out” button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active, but supposedly logged-out session can perform unauthorized actions on behalf of the user. | 2024-02-17 | 4.8 | CVE-2024-21492 [email protected] [email protected] [email protected] |
greenpau — github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol. Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS. | 2024-02-17 | 4.3 | CVE-2024-21499 [email protected] [email protected] [email protected] |
greenpau — github.com/greenpau/caddy-security | All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process. | 2024-02-17 | 4.8 | CVE-2024-21500 [email protected] [email protected] [email protected] |
hcl_software — hcl_connections | HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. | 2024-02-12 | 5.5 | CVE-2023-28018 [email protected] |
helm — helm | Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies. | 2024-02-15 | 6.4 | CVE-2024-25620 [email protected] [email protected] |
hima — f30_03x_yy_(com) | An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. | 2024-02-13 | 4.3 | CVE-2024-24782 [email protected] |
howardehrenberg — custom_post_carousels_with_owl | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS.This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6. | 2024-02-10 | 5.4 | CVE-2023-51493 [email protected] |
ibm — cics_tx_standard | IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440. | 2024-02-12 | 5.9 | CVE-2022-34309 [email protected] [email protected] [email protected] |
ibm — cics_tx_standard | IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441. | 2024-02-12 | 5.9 | CVE-2022-34310 [email protected] [email protected] [email protected] |
ibm — cics_tx_standard | IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user’s session due to insufficiently protected credentials. IBM X-Force ID: 229446. | 2024-02-12 | 4.3 | CVE-2022-34311 [email protected] [email protected] [email protected] |
ibm — datastage_on_cloud_pak_for_data | IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060. | 2024-02-12 | 4.9 | CVE-2022-38714 [email protected] [email protected] |
ibm — engineering_lifecycle_optimization | IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. | 2024-02-09 | 6.1 | CVE-2023-45190 [email protected] [email protected] |
ibm — i_access_client_solutions | IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user’s session. The hostile server could capture the NTLM hash information to obtain the user’s credentials. IBM X-Force ID: 279091. | 2024-02-09 | 5.5 | CVE-2024-22318 [email protected] [email protected] [email protected] [email protected] |
ibm — integration_bus | The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. | 2024-02-09 | 6.5 | CVE-2024-22332 [email protected] [email protected] |
ibm — jazz_for_service_management | IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929. | 2024-02-14 | 5.3 | CVE-2023-46186 [email protected] [email protected] |
ibm — qradar_suite_software | IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975. | 2024-02-17 | 5.1 | CVE-2024-22335 [email protected] [email protected] |
ibm — qradar_suite_software | IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976. | 2024-02-17 | 5.1 | CVE-2024-22336 [email protected] [email protected] |
ibm — qradar_suite_software | IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977. | 2024-02-17 | 5.1 | CVE-2024-22337 [email protected] [email protected] |
ibm — qradar_suite_software | IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747. | 2024-02-17 | 4 | CVE-2023-50951 [email protected] [email protected] |
ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293. | 2024-02-12 | 4.6 | CVE-2022-22506 [email protected] [email protected] |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. | 2024-02-09 | 6.5 | CVE-2023-32341 [email protected] [email protected] |
ibm — sterling_b2b_integrator | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. | 2024-02-09 | 4.3 | CVE-2023-42016 [email protected] [email protected] |
ibm — storage_defender_resiliency_service | IBM Storage Defender – Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | 2024-02-10 | 5.5 | CVE-2024-22312 [email protected] [email protected] |
if-so — dynamic_content_personalization | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1. | 2024-02-10 | 5.4 | CVE-2023-51492 [email protected] |
intel — acat_software_maintained_by_intel(r) | Incorrect default permissions in some ACAT software maintained by Intel(R) before version 2.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-41231 [email protected] |
intel — intel(r)_battery_life_diagnostic_tool_software | Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-35060 [email protected] |
intel — intel(r)_binary_configuration_tool_software | Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-24591 [email protected] |
intel — intel(r)_c++_compiler_classic | Improper buffer restrictions in some Intel(R) C++ Compiler Classic before version 2021.8 may allow authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6 | CVE-2023-29162 [email protected] |
intel — intel(r)_chipset_driver_software | Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-25174 [email protected] |
intel — intel(r)_chipset_driver_software | Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-28739 [email protected] |
intel — intel(r)_cip_software | Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-35769 [email protected] |
intel — intel(r)_dsa_software | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.3 | CVE-2023-35062 [email protected] |
intel — intel(r)_dsa_software | Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5.5 | CVE-2023-25073 [email protected] |
intel — intel(r)_ethernet_tools_and_driver_install_software | Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-33870 [email protected] |
intel — intel(r)_ethernet_tools_and_driver_install_software | Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-39432 [email protected] |
intel — intel(r)_ispc_software | Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-38566 [email protected] |
intel — intel(r)_mas_software | Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5 | CVE-2023-36490 [email protected] |
intel — intel(r)_mpi_library_software | Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-41091 [email protected] |
intel — intel(r)_ofu_software | Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-25945 [email protected] |
intel — intel(r)_oneapi_toolkit_and_component_software_installers | Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-32618 [email protected] |
intel — intel(r)_oneapi_toolkit_and_component_software_installers | Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5 | CVE-2023-28715 [email protected] |
intel — intel(r)_optane(tm)_pmem_100_series_management_software | Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-22311 [email protected] |
intel — intel(r)_optane(tm)_pmem_software | Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.6 | CVE-2023-27517 [email protected] |
intel — intel(r)_pm_software | Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-38135 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6 | CVE-2023-25951 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 6.1 | CVE-2023-28374 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 6.1 | CVE-2023-28720 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-26586 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-32642 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-32644 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-32651 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-34983 [email protected] |
intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi | Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-35061 [email protected] |
intel — intel(r)_qat_software_drivers_for_windows | Out-of-bounds read in some Intel(R) QAT software drivers for Windows before version QAT1.7-W-1.11.0 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 6.5 | CVE-2023-41252 [email protected] |
intel — intel(r)_qsfp+_configuration_utility_software | Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-28745 [email protected] |
intel — intel(r)_sdk_for_opencl(tm)_applications_software | Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-36493 [email protected] |
intel — intel(r)_server_product_openbmc_firmware | Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access. | 2024-02-14 | 5.2 | CVE-2023-31189 [email protected] |
intel — intel(r)_server_product_openbmc_firmware | Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access. | 2024-02-14 | 5.3 | CVE-2023-32280 [email protected] |
intel — intel(r)_ssu_software | Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-40156 [email protected] |
intel — intel(r)_sur_for_gameplay_software | Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-39932 [email protected] |
intel — intel(r)_sur_for_gameplay_software | Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-40154 [email protected] |
intel — intel(r)_thunderbolt(tm)_controllers_versions | Improper access control in firmware for some Intel(R) Thunderbolt(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access. | 2024-02-14 | 6.1 | CVE-2023-28396 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 6.5 | CVE-2023-22390 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.3 | CVE-2023-24481 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-24542 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.1 | CVE-2023-24589 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-25779 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5.5 | CVE-2023-22848 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5.5 | CVE-2023-25769 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 5 | CVE-2023-26585 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | 2024-02-14 | 4.3 | CVE-2023-24463 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 4.2 | CVE-2023-27301 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 4.6 | CVE-2023-27308 [email protected] |
intel — intel(r)_vroc_software | Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-31271 [email protected] |
intel — intel(r)_vroc_software | Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-32646 [email protected] |
intel — intel(r)_vroc_software | Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-34315 [email protected] |
intel — intel(r)_vroc_software | Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-35003 [email protected] |
intel — intel(r)_xtu_software | Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.7 | CVE-2023-28407 [email protected] |
intel — intel(r)_xtu_software | Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.8 | CVE-2023-32647 [email protected] |
intel — intel(r)_xtu_software | Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 5.5 | CVE-2023-38561 [email protected] |
intel — intel_unite(r)_client_software | Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 6.6 | CVE-2023-40161 [email protected] |
intel — sps_firmware | Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access. | 2024-02-14 | 4.9 | CVE-2023-29153 [email protected] |
intel — tensorflow | Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-02-14 | 5.5 | CVE-2023-30767 [email protected] |
internallinkjuicer — internal_link_juicer | The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as ‘ilj_settings_field_links_per_page’ in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-02-09 | 4.8 | CVE-2024-0657 [email protected] [email protected] |
isc — bind_9 | If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | 2024-02-13 | 5.3 | CVE-2023-5680 [email protected] |
jboss — undertow | A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. | 2024-02-12 | 5.3 | CVE-2024-1459 [email protected] [email protected] |
jwcrypto — jwcrypto | A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial-of-service attack. | 2024-02-12 | 5.3 | CVE-2023-6681 [email protected] [email protected] |
kalli_dan — kd_coming_soon | Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon. This issue affects KD Coming Soon: from n/a through 1.7. | 2024-02-12 | 5.4 | CVE-2023-46615 [email protected] |
leap13 — premium_addons_for_elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16. | 2024-02-10 | 5.4 | CVE-2024-24831 [email protected] |
linksys — wrt54gl_firmware | A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-10 | 4.3 | CVE-2024-1405 [email protected] [email protected] [email protected] |
linksys — wrt54gl_firmware | A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-10 | 4.3 | CVE-2024-1406 [email protected] [email protected] [email protected] |
linux — kernel | A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. | 2024-02-11 | 5.5 | CVE-2024-1151 [email protected] [email protected] [email protected] |
linux — linux | A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope. | 2024-02-14 | 6.8 | CVE-2024-1485 [email protected] [email protected] [email protected] |
logichunt — owl_carousel | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0. | 2024-02-10 | 5.4 | CVE-2024-24801 [email protected] |
mastodon — mastodon | Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-14 | 4.2 | CVE-2024-25618 [email protected] [email protected] |
mattermost — mattermost_server | Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. | 2024-02-09 | 4.3 | CVE-2024-1402 [email protected] |
mattermost — mattermost_server | Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | 2024-02-09 | 4.1 | CVE-2024-24774 [email protected] |
mattermost — mattermost_server | Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions. | 2024-02-09 | 4.3 | CVE-2024-24776 [email protected] |
mediawiki — managewiki | ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability. | 2024-02-09 | 6.5 | CVE-2024-25109 [email protected] [email protected] [email protected] [email protected] [email protected] |
microsoft — azure_file_sync | Microsoft Azure File Sync Elevation of Privilege Vulnerability | 2024-02-13 | 5.3 | CVE-2024-21397 [email protected] |
microsoft — azure_stack_hub | Azure Stack Hub Spoofing Vulnerability | 2024-02-13 | 6.5 | CVE-2024-20679 [email protected] |
microsoft — entra | Microsoft Azure Active Directory B2C Spoofing Vulnerability | 2024-02-13 | 6.8 | CVE-2024-21381 [email protected] |
microsoft — microsoft_teams_for_android | Microsoft Teams for Android Information Disclosure | 2024-02-13 | 5 | CVE-2024-21374 [email protected] |
microsoft — skype_for_business_server_2019_cu7 | Skype for Business Information Disclosure Vulnerability | 2024-02-13 | 5.7 | CVE-2024-20695 [email protected] |
microsoft — windows_10_version_1809 | Windows USB Generic Parent Driver Remote Code Execution Vulnerability | 2024-02-13 | 6.4 | CVE-2024-21339 [email protected] |
microsoft — windows_10_version_1809 | Windows Kernel Remote Code Execution Vulnerability | 2024-02-13 | 6.8 | CVE-2024-21341 [email protected] |
microsoft — windows_10_version_1809 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 2024-02-13 | 6.5 | CVE-2024-21356 [email protected] |
microsoft — windows_10_version_1809 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-02-13 | 5.9 | CVE-2024-21343 [email protected] |
microsoft — windows_10_version_1809 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-02-13 | 5.9 | CVE-2024-21344 [email protected] |
microsoft — windows_10_version_1809 | Windows Kernel Security Feature Bypass Vulnerability | 2024-02-13 | 5.5 | CVE-2024-21362 [email protected] |
microsoft — windows_10_version_1809 | Trusted Compute Base Elevation of Privilege Vulnerability | 2024-02-13 | 4.1 | CVE-2024-21304 [email protected] |
microsoft — windows_10_version_1809 | Windows Kernel Information Disclosure Vulnerability | 2024-02-13 | 4.6 | CVE-2024-21340 [email protected] |
microsoft — windows_server_2022 | Windows Hyper-V Denial of Service Vulnerability | 2024-02-13 | 6.5 | CVE-2024-20684 [email protected] |
mitsubishi_electric_corporation — melsec_iq-r_series_safety_cpu_r08sfcpu | Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allow a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. | 2024-02-13 | 6.5 | CVE-2023-6815 [email protected] [email protected] [email protected] |
moodle — lms | Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent. | 2024-02-12 | 6.5 | CVE-2024-1439 [email protected] |
netapp — snapcenter | SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings | 2024-02-16 | 5.4 | CVE-2024-21987 [email protected] |
netapp — storagegrid | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. | 2024-02-16 | 6.5 | CVE-2024-21983 [email protected] |
netapp — storagegrid | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts. | 2024-02-16 | 5.9 | CVE-2024-21984 [email protected] |
netgear — r7000_firmware | A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-11 | 6.5 | CVE-2024-1430 [email protected] [email protected] [email protected] |
netgear — r7000_firmware | A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-02-11 | 6.5 | CVE-2024-1431 [email protected] [email protected] [email protected] |
nicdark — restaurant_reservations | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8. | 2024-02-12 | 6.5 | CVE-2023-51403 [email protected] |
ninjateam — wp_chat_app | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NinjaTeam WP Chat App allows Stored XSS. This issue affects WP Chat App: from n/a through 3.4.4. | 2024-02-12 | 5.9 | CVE-2023-51370 [email protected] |
nodejs — undici | Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body. | 2024-02-16 | 6.5 | CVE-2024-24750 [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite | User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a user’s session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known. | 2024-02-12 | 6.1 | CVE-2023-41703 [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite | Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. | 2024-02-12 | 6.5 | CVE-2023-41705 [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite | Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known. | 2024-02-12 | 6.5 | CVE-2023-41706 [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite | Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. | 2024-02-12 | 6.5 | CVE-2023-41707 [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite | References to the “app loader” functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now more strictly controlled to avoid relative references. No publicly available exploits are known. | 2024-02-12 | 5.4 | CVE-2023-41708 [email protected] [email protected] |
oracle_corporation — application_object_library | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | 2024-02-17 | 6.5 | CVE-2024-20929 [email protected] |
oracle_corporation — application_object_library | Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login – SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 2024-02-17 | 5.3 | CVE-2024-20915 [email protected] |
oracle_corporation — bi_publisher_(formerly_xml_publisher) | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20980 [email protected] |
oracle_corporation — business_intelligence_enterprise_edition | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20913 [email protected] |
oracle_corporation — common_applications | Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20947 [email protected] |
oracle_corporation — crm_technical_foundation | Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). | 2024-02-17 | 4.3 | CVE-2024-20939 [email protected] |
oracle_corporation — customer_interaction_history | Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20949 [email protected] |
oracle_corporation — customer_interaction_history | Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20951 [email protected] |
oracle_corporation — database_-_enterprise_edition | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). | 2024-02-17 | 6.5 | CVE-2024-20903 [email protected] |
oracle_corporation — installed_base | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20933 [email protected] |
oracle_corporation — installed_base | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20935 [email protected] |
oracle_corporation — installed_base | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20941 [email protected] |
oracle_corporation — installed_base | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20958 [email protected] |
oracle_corporation — java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). | 2024-02-17 | 5.9 | CVE-2024-20919 [email protected] |
oracle_corporation — java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2024-02-17 | 5.9 | CVE-2024-20921 [email protected] |
oracle_corporation — java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). | 2024-02-17 | 4.7 | CVE-2024-20945 [email protected] |
oracle_corporation — jd_edwards_enterpriseone_tools | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2024-02-17 | 4.3 | CVE-2024-20937 [email protected] |
oracle_corporation — knowledge_management | Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 5.4 | CVE-2024-20943 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 6.5 | CVE-2024-20960 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 6.5 | CVE-2024-20962 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 5.3 | CVE-2024-20964 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20966 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.4 | CVE-2024-20968 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20970 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20972 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20974 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20976 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20978 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.9 | CVE-2024-20982 [email protected] |
oracle_corporation — mysql_server | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2024-02-17 | 4.4 | CVE-2024-20984 [email protected] |
oracle_corporation — sun_zfs_storage_appliance_kit_(ak)_software | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 2024-02-17 | 4.3 | CVE-2023-21833 [email protected] |
oracle_corporation — web_applications_desktop_integrator | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20907 [email protected] |
oracle_corporation — weblogic_server | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 2024-02-17 | 6.1 | CVE-2024-20986 [email protected] |
otwthemes — buttons_shortcode_and_widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16. | 2024-02-12 | 5.4 | CVE-2024-24930 [email protected] |
palo_alto_networks — pan-os | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator. | 2024-02-14 | 6.8 | CVE-2024-0007 [email protected] |
palo_alto_networks — pan-os | Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | 2024-02-14 | 6.6 | CVE-2024-0008 [email protected] |
palo_alto_networks — pan-os | An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. | 2024-02-14 | 6.3 | CVE-2024-0009 [email protected] |
palo_alto_networks — pan-os | A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. | 2024-02-14 | 4.3 | CVE-2024-0010 [email protected] |
palo_alto_networks — pan-os | A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. | 2024-02-14 | 4.3 | CVE-2024-0011 [email protected] |
photoboxone — smtp_mail | Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail. This issue affects SMTP Mail: from n/a through 1.3.20. | 2024-02-13 | 4.3 | CVE-2024-25914 [email protected] |
pluginus — woot | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6. | 2024-02-10 | 5.4 | CVE-2023-51480 [email protected] |
pquic — pquic | In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation. | 2024-02-09 | 6.5 | CVE-2024-25679 [email protected] [email protected] [email protected] |
prasidhdamalla — honeypot_for_wp_comment | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS. This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | 2024-02-12 | 6.1 | CVE-2024-24933 [email protected] |
python — python | nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template. | 2024-02-09 | 6.5 | CVE-2024-21624 [email protected] [email protected] |
qnap_systems_inc — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | 2024-02-13 | 5.8 | CVE-2023-47218 [email protected] [email protected] |
qnap_systems_inc — qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.2665 build 20240131 and later QTS 4.3.4.2675 build 20240131 and later QTS 4.3.3.2644 build 20240131 and later QTS 4.2.6 build 20240131 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | 2024-02-13 | 5.8 | CVE-2023-50358 [email protected] [email protected] [email protected] |
red_hat — 389-ds-base | A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. | 2024-02-12 | 5.5 | CVE-2024-1062 [email protected] [email protected] [email protected] |
red_hat — openshift | A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF. | 2024-02-16 | 5.4 | CVE-2024-1342 [email protected] [email protected] |
ryan_duff_peter_westwood — wp_contact_form | Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form. This issue affects WP Contact Form: from n/a through 1.6. | 2024-02-12 | 4.3 | CVE-2024-24929 [email protected] |
sametime — sametime | Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. | 2024-02-10 | 4 | CVE-2023-45696 [email protected] |
sametime — sametime | Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. | 2024-02-10 | 4.8 | CVE-2023-45698 [email protected] |
sap_se — sap_bam_(bank_account_management) | SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application. | 2024-02-13 | 6.3 | CVE-2024-24739 [email protected] [email protected] |
sap_se — sap_companion | SAP Companion – version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application. | 2024-02-13 | 5.4 | CVE-2024-22129 [email protected] [email protected] |
sap_se — sap_crm_(webclient_ui) | SAP CRM WebClient UI – version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability. | 2024-02-13 | 4.1 | CVE-2024-24742 [email protected] [email protected] |
sap_se — sap_fiori_app_(my_overtime_requests) | The SAP Fiori app (My Overtime Request) – version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability. | 2024-02-13 | 4.3 | CVE-2024-25643 [email protected] [email protected] |
sap_se — sap_master_data_governance_material | SAP Master Data Governance for Material Data – versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability. | 2024-02-13 | 4.3 | CVE-2024-24741 [email protected] [email protected] |
sap_se — sap_netweaver_application_server_abap_(sap_kernel) | SAP NetWeaver Application Server (ABAP) – versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. | 2024-02-13 | 5.3 | CVE-2024-24740 [email protected] [email protected] |
sap_se — sap_netweaver_business_client_for_html | SAP NWBC for HTML – versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation. | 2024-02-13 | 4.7 | CVE-2024-22128 [email protected] [email protected] |
sentry — sentry | Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-09 | 5.3 | CVE-2024-24829 [email protected] [email protected] [email protected] |
siemens — openpcs_7_v9.1 | A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain unorganized RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. | 2024-02-13 | 6.5 | CVE-2023-48363 [email protected] |
siemens — openpcs_7_v9.1 | A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. | 2024-02-13 | 6.5 | CVE-2023-48364 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-02-13 | 5.5 | CVE-2024-23799 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-02-13 | 5.5 | CVE-2024-23800 [email protected] |
siemens — tecnomatix_plant_simulation | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-02-13 | 5.5 | CVE-2024-23801 [email protected] |
silabs.com — gsdk | A memory leak in the Silicon Labs’ Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. | 2024-02-15 | 6.5 | CVE-2024-0240 [email protected] [email protected] |
squid-cache — squid | Squid is an open-source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 | 2024-02-14 | 5.3 | CVE-2024-25617 [email protected] [email protected] |
svix — svix | Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification, no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. | 2024-02-13 | 6.8 | CVE-2024-21491 [email protected] [email protected] [email protected] [email protected] |
swadeshswain — before_after_image_slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2. | 2024-02-12 | 5.4 | CVE-2024-24931 [email protected] |
task_manager_in_php_with_source_code_project — task_manager_in_php_with_source_code | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. | 2024-02-14 | 6.1 | CVE-2024-25218 [email protected] |
task_manager_in_php_with_source_code_project — task_manager_in_php_with_source_code | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. | 2024-02-14 | 6.1 | CVE-2024-25219 [email protected] |
task_manager_in_php_with_source_code_project — task_manager_in_php_with_source_code | A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php. | 2024-02-14 | 6.1 | CVE-2024-25221 [email protected] |
tenable — security_center | An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. | 2024-02-14 | 5.9 | CVE-2024-1471 [email protected] |
treasure-data — digdag | Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data’s digdag workload automation system is susceptible to a path traversal vulnerability if it’s configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-14 | 5.3 | CVE-2024-25125 [email protected] [email protected] |
trellix — trellix_central_management_(cm) | A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard. | 2024-02-13 | 4.6 | CVE-2023-6072 [email protected] |
typo3 — typo3 | TYPO3 is an open-source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. | 2024-02-13 | 4.3 | CVE-2024-25118 [email protected] [email protected] |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS[‘SYS’][‘encryptionKey’]` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability. | 2024-02-13 | 4.9 | CVE-2024-25119 [email protected] [email protected] |
typo3 — typo3 | TYPO3 is an open-source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users’ permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. | 2024-02-13 | 4.3 | CVE-2024-25120 [email protected] [email protected] [email protected] |
virusblokada — vba32_antivirus | Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver. | 2024-02-13 | 6.3 | CVE-2024-23439 [email protected] [email protected] |
virusblokada — vba32_antivirus | Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer. | 2024-02-13 | 6.3 | CVE-2024-23440 [email protected] [email protected] |
web-soudan — mw_wp_form | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6. | 2024-02-10 | 5.4 | CVE-2024-24804 [email protected] |
wolfssl — sp_math_all_rsa | wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: –enable-all CFLAGS=”-DWOLFSSL_STATIC_RSA” The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with “–enable-all”, is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However, the server’s private key is not exposed. | 2024-02-09 | 5.9 | CVE-2023-6935 [email protected] [email protected] |
wolfssl — sp_math_all_rsa | wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. | 2024-02-15 | 5.3 | CVE-2023-6937 [email protected] [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS. This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | 2024-02-12 | 6.1 | CVE-2024-24927 [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS. This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7. | 2024-02-10 | 5.4 | CVE-2023-51404 [email protected] |
wordpress — wordpress | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. | 2024-02-10 | 5.3 | CVE-2024-0596 [email protected] [email protected] |
wordpress — wordpress | The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. | 2024-02-09 | 5.3 | CVE-2024-1122 [email protected] [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10. | 2024-02-10 | 5.4 | CVE-2024-23517 [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS. This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. | 2024-02-10 | 5.4 | CVE-2024-24712 [email protected] |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS. This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5. | 2024-02-10 | 5.4 | CVE-2024-24713 [email protected] |
wordpress — wordpress | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-13 | 6.4 | CVE-2024-1159 [email protected] [email protected] |
wordpress — wordpress | The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public. | 2024-02-15 | 5.3 | CVE-2024-0708 [email protected] [email protected] |
wordpress — wordpress | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-13 | 5.4 | CVE-2024-1157 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-02-13 | 5.4 | CVE-2024-1160 [email protected] [email protected] |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress. This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. | 2024-02-12 | 5.4 | CVE-2024-24887 [email protected] |
wp-hosting — pay_with_vipps_and_mobilepay_for_woocommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13. | 2024-02-10 | 5.4 | CVE-2023-51485 [email protected] |
wpoperation — ultra_companion | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPoperation Ultra Companion – Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion – Companion plugin for WPoperation Themes: from n/a through 1.1.9. | 2024-02-10 | 5.4 | CVE-2024-24803 [email protected] |
wpsimpletools — basic_log_viewer | Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer. This issue affects Basic Log Viewer: from n/a through 1.0.4. | 2024-02-12 | 4.3 | CVE-2024-24935 [email protected] |
yannick_lefebvre — link_library | Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library. This issue affects Link Library: from n/a through 7.5.13. | 2024-02-12 | 4.3 | CVE-2024-24875 [email protected] |
zabbix — zabbix | The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | 2024-02-09 | 5.4 | CVE-2024-22119 [email protected] |
zalify — easy_email | Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version. | 2024-02-09 | 6.1 | CVE-2023-39683 [email protected] [email protected] [email protected] |
zixn — vk_poster_group | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Djo VK Poster Group allows Reflected XSS. This issue affects VK Poster Group: from n/a through 2.0.3. | 2024-02-12 | 6.1 | CVE-2024-24932 [email protected] |
zoom_video_communications,_inc — zoom_clients | Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. | 2024-02-14 | 5.4 | CVE-2024-24690 [email protected] |
zoom_video_communications_inc — zoom_clients | Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. | 2024-02-14 | 6.5 | CVE-2024-24699 [email protected] |
zoom_video_communications_inc — zoom_clients | Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. | 2024-02-14 | 4.9 | CVE-2024-24698 [email protected] |
zoom_video_communications_inc — zoom_desktop_client_for_windows_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | 2024-02-14 | 6.8 | CVE-2024-24695 [email protected] |
zoom_video_communications_inc — zoom_desktop_client_for_windows_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | 2024-02-14 | 6.8 | CVE-2024-24696 [email protected] |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
alfio-event — alf.io | Alf.io is a free and open-source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an XSS payload. This issue has been addressed in version 2.0-M4-2402. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-16 | 3.5 | CVE-2024-25627 [email protected] |
beyondtrust — privilege_management_for_windows | Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. | 2024-02-16 | 3.3 | CVE-2024-1591 13061848-ea10-403d-bd75-c83a022c2891 |
dbartholomae — lambda-middleware_frameguard | A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability. | 2024-02-12 | 3.5 | CVE-2021-4437 [email protected] [email protected] [email protected] [email protected] [email protected] |
f5 — big-ip | An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-02-14 | 3.8 | CVE-2024-23603 [email protected] |
gambio — gambio | Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | 2024-02-12 | 2.7 | CVE-2024-23760 [email protected] |
ibm — trusteer_ios_sdk | An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. | 2024-02-17 | 2.2 | CVE-2022-42443 [email protected] [email protected] |
intel — intel(r)_mas_software | Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-02-14 | 1.8 | CVE-2023-41090 [email protected] |
intel — intel(r)_sgx_dcap_software_for_windows | Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 3.8 | CVE-2023-42776 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access. | 2024-02-14 | 3.8 | CVE-2023-26592 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 3.8 | CVE-2023-27300 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 3.8 | CVE-2023-27303 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | 2024-02-14 | 3.8 | CVE-2023-27307 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access. | 2024-02-14 | 2 | CVE-2023-26591 [email protected] |
intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows | Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | 2024-02-14 | 2.5 | CVE-2023-26596 [email protected] |
kde — plasma_workspace | A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user’s home or the installation of third party global themes. | 2024-02-11 | 3.1 | CVE-2024-1433 [email protected] [email protected] [email protected] |
lenovo — thinksystem_sr670_v2 | ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. | 2024-02-16 | 2 | CVE-2024-23591 [email protected] |
mastodon — mastodon | Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn’t being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue listening to streaming after the application had been destroyed. Essentially this comes down to the fact that when Doorkeeper sets up the relationship between Applications and Access Tokens, it uses a `dependent: delete_all` configuration, which means the `after_commit` callback setup on `AccessTokenExtension` didn’t actually fire, since `delete_all` doesn’t trigger ActiveRecord callbacks. To mitigate, we need to add a `before_destroy` callback to `ApplicationExtension` which announces to streaming that all the Application’s Access Tokens are being “killed”. Impact should be negligible given the affected application had to be owned by the user. None the less this issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability. | 2024-02-14 | 3.1 | CVE-2024-25619 [email protected] [email protected] |
mattermost — mattermost_server | Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user’s Jira connection in Mattermost only by viewing the message. | 2024-02-09 | 3.5 | CVE-2024-23319 [email protected] |
nodejs — undici | Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-02-16 | 3.9 | CVE-2024-24758 [email protected] [email protected] |
opensc — authentic_driver | The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occurring in the card enrolment process using pkcs15-init when a user or administrator enrolls or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment. | 2024-02-12 | 3.4 | CVE-2024-1454 [email protected] [email protected] [email protected] [email protected] |
oracle_corporation — audit_vault_and_database_firewall | Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N). | 2024-02-17 | 2.6 | CVE-2024-20911 [email protected] |
oracle_corporation — java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | 2024-02-17 | 3.1 | CVE-2024-20923 [email protected] |
oracle_corporation — java_se_jdk_and_jre | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | 2024-02-17 | 3.1 | CVE-2024-20925 [email protected] |
oracle_corporation — jd_edwards_enterpriseone_tools | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). | 2024-02-17 | 2.7 | CVE-2024-20905 [email protected] |
sametime — sametime | Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session. | 2024-02-09 | 3.9 | CVE-2023-45718 [email protected] |
sametime — sametime | Sametime is impacted by sensitive information passed in URL. | 2024-02-09 | 1.7 | CVE-2023-45716 [email protected] |
siemens — parasolid_v35.0 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-02-13 | 3.3 | CVE-2024-22043 [email protected] |
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
4ipnet — eap-767 | 4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged. | 2024-02-14 | not yet calculated | CVE-2024-24300 [email protected] |
4ipnet — eap-767 | Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. | 2024-02-14 | not yet calculated | CVE-2024-24301 [email protected] |
adv_radius — adv_radius | SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. | 2024-02-13 | not yet calculated | CVE-2024-22923 [email protected] [email protected] |
alanclarke — urlite | An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. | 2024-02-16 | not yet calculated | CVE-2023-51931 [email protected] [email protected] |
amd — 3rd_gen_amd | Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. | 2024-02-13 | not yet calculated | CVE-2023-20587 [email protected] |
amd — 3rd_gen_amd | Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. | 2024-02-13 | not yet calculated | CVE-2023-31346 [email protected] |
amd — 3rd_gen_amd | Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity. | 2024-02-13 | not yet calculated | CVE-2023-31347 [email protected] |
amd — alveo_card | Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. | 2024-02-13 | not yet calculated | CVE-2023-20570 [email protected] |
amd — amd_ryzen | Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. | 2024-02-13 | not yet calculated | CVE-2021-46757 [email protected] |
amd — amd_ryzen | Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. | 2024-02-13 | not yet calculated | CVE-2023-20579 [email protected] |
appleple_inc. — a-blog_cms | URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log. | 2024-02-15 | not yet calculated | CVE-2024-25559 [email protected] [email protected] |
bludit — bludit_cms | Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. | 2024-02-17 | not yet calculated | CVE-2024-25297 [email protected] |
caddy — caddy | The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring. | 2024-02-12 | not yet calculated | CVE-2023-52430 [email protected] [email protected] |
ce-phoenixcart — phoenixcart | A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. | 2024-02-16 | not yet calculated | CVE-2024-25415 [email protected] [email protected] [email protected] |
codeprojects — simple_admin_panel_app | Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. | 2024-02-14 | not yet calculated | CVE-2024-25223 [email protected] |
codeprojects — simple_admin_panel_app | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function. | 2024-02-14 | not yet calculated | CVE-2024-25224 [email protected] |
codeprojects — simple_admin_panel_app | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | 2024-02-14 | not yet calculated | CVE-2024-25225 [email protected] |
codeprojects — simple_admin_panel_app | A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | 2024-02-14 | not yet calculated | CVE-2024-25226 [email protected] |
connect2id — nimbus_jose+jwt | In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component. | 2024-02-11 | not yet calculated | CVE-2023-52428 [email protected] [email protected] [email protected] |
cskaza — csz_cms | An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. | 2024-02-16 | not yet calculated | CVE-2024-25414 [email protected] [email protected] |
cu_solutions_group — cusg_solutions_content_management_solution | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component. | 2024-02-14 | not yet calculated | CVE-2023-48985 [email protected] |
cu_solutions_group — cusg_solutions_content_management_solution | Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component. | 2024-02-14 | not yet calculated | CVE-2023-48986 [email protected] |
cu_solutions_group — cusg_solutions_content_management_solution | Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component. | 2024-02-14 | not yet calculated | CVE-2023-48987 [email protected] |
dakkar — plack::middleware::xsrfblock_perl_package | The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled). | 2024-02-13 | not yet calculated | CVE-2023-52431 [email protected] [email protected] |
darktrace — threat_visualizer | DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form. | 2024-02-16 | not yet calculated | CVE-2024-22854 [email protected] |
digital-peak.com — dp_calendar_for_joomla | XSS vulnerability in DP Calendar component for Joomla. | 2024-02-15 | not yet calculated | CVE-2024-21727 [email protected] |
dnssec — dnssec | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the “NSEC3” issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. | 2024-02-14 | not yet calculated | CVE-2023-50868 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
ellucian — banner | Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint. | 2024-02-13 | not yet calculated | CVE-2023-49339 [email protected] [email protected] |
expressvpn — expressvpn | ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user’s ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users. | 2024-02-11 | not yet calculated | CVE-2024-25728 [email protected] [email protected] |
firebear_studio — improved_import_&_export | A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file. | 2024-02-16 | not yet calculated | CVE-2024-25413 [email protected] [email protected] |
flusity — flusity_cms | Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. | 2024-02-15 | not yet calculated | CVE-2024-25502 [email protected] |
freebsd — freebsd | The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. | 2024-02-15 | not yet calculated | CVE-2022-23084 [email protected] |
freebsd — freebsd | A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. | 2024-02-15 | not yet calculated | CVE-2022-23085 [email protected] |
freebsd — freebsd | Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group. | 2024-02-15 | not yet calculated | CVE-2022-23086 [email protected] |
freebsd — freebsd | The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload (“TSO”). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context. The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue. | 2024-02-15 | not yet calculated | CVE-2022-23087 [email protected] |
freebsd — freebsd | The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution. | 2024-02-15 | not yet calculated | CVE-2022-23088 [email protected] |
freebsd — freebsd | When dumping core and saving process information, proc_getargv() might return a sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash. | 2024-02-15 | not yet calculated | CVE-2022-23089 [email protected] |
freebsd — freebsd | The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF). | 2024-02-15 | not yet calculated | CVE-2022-23090 [email protected] |
freebsd — freebsd | A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel. | 2024-02-15 | not yet calculated | CVE-2022-23091 [email protected] |
freebsd — freebsd | The implementation of lib9p’s handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve’s Capsicum sandbox. | 2024-02-15 | not yet calculated | CVE-2022-23092 [email protected] |
freebsd — freebsd | ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a “quoted packet,” which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes. The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur. | 2024-02-15 | not yet calculated | CVE-2022-23093 [email protected] |
freebsd — freebsd | `bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader’s access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root. | 2024-02-15 | not yet calculated | CVE-2024-25940 [email protected] |
freebsd — freebsd | The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by “pstat -t” may be leaked. | 2024-02-15 | not yet calculated | CVE-2024-25941 [email protected] |
german_national_identity_card — online-ausweis-funktion_eid_scheme | The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim’s identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the “sPACE (Spoofing Password Authenticated Connection Establishment)” issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is “ensuring a secure operational environment at the client side is an obligation of the ID card owner.” | 2024-02-15 | not yet calculated | CVE-2024-23674 [email protected] [email protected] [email protected] [email protected] |
gestsup — gestsup | A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. | 2024-02-13 | not yet calculated | CVE-2023-52059 [email protected] [email protected] |
gestsup — gestsup | A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request. | 2024-02-13 | not yet calculated | CVE-2023-52060 [email protected] [email protected] |
ghost — ghost | Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that “The vendor does not view this as a valid vector.” | 2024-02-11 | not yet calculated | CVE-2024-23724 [email protected] [email protected] [email protected] |
google — android | In applyCustomDescription of SaveUi.java, there is a possible way to view other user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2023-40122 [email protected] [email protected] |
google — android | In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2023-21165 [email protected] |
google — android | In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2023-40085 [email protected] [email protected] |
google — android | In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2023-40093 [email protected] [email protected] [email protected] |
google — android | In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40100 [email protected] [email protected] |
google — android | In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40104 [email protected] [email protected] |
google — android | In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40105 [email protected] [email protected] |
google — android | In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40106 [email protected] [email protected] |
google — android | In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40107 [email protected] [email protected] |
google — android | In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40109 [email protected] [email protected] |
google — android | In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40110 [email protected] [email protected] |
google — android | In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40111 [email protected] [email protected] |
google — android | In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40112 [email protected] [email protected] |
google — android | In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40113 [email protected] [email protected] |
google — android | In multiple functions of MtpFfsHandle.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40114 [email protected] [email protected] |
google — android | In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40115 [email protected] [email protected] |
google — android | In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-15 | not yet calculated | CVE-2023-40124 [email protected] [email protected] |
google — android | In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0014 [email protected] |
google — android | In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0015 [email protected] [email protected] |
google — android | In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0016 [email protected] [email protected] |
google — android | In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0017 [email protected] [email protected] |
google — android | In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0018 [email protected] [email protected] |
google — android | In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0019 [email protected] [email protected] |
google — android | In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0020 [email protected] [email protected] |
google — android | In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0021 [email protected] [email protected] |
google — android | In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0023 [email protected] [email protected] |
google — android | In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0029 [email protected] [email protected] |
google — android | In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0030 [email protected] [email protected] |
google — android | In attp_build_read_by_type_value_cmd of att_protocol.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0031 [email protected] [email protected] |
google — android | In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0032 [email protected] [email protected] [email protected] |
google — android | In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0033 [email protected] [email protected] [email protected] |
google — android | In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0034 [email protected] [email protected] |
google — android | In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0035 [email protected] [email protected] |
google — android | In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0036 [email protected] [email protected] |
google — android | In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0037 [email protected] [email protected] |
google — android | In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0038 [email protected] [email protected] |
google — android | In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0040 [email protected] [email protected] |
google — android | In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-02-16 | not yet calculated | CVE-2024-0041 [email protected] [email protected] |
hazelcast — hazelcast_platform | In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member’s filesystem. | 2024-02-16 | not yet calculated | CVE-2023-45860 [email protected] [email protected] |
honeywell — niagara_framework | Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing. This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1. | 2024-02-13 | not yet calculated | CVE-2024-1309 [email protected] [email protected] |
hp_inc — certain_hp_desktop_pc_products | Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. | 2024-02-14 | not yet calculated | CVE-2022-48219 [email protected] |
hp_inc — certain_hp_desktop_pc_products | Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. | 2024-02-14 | not yet calculated | CVE-2022-48220 [email protected] |
hp_inc. — certain_hp_workstation_pcs | A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability. | 2024-02-14 | not yet calculated | CVE-2023-6138 [email protected] |
idocview — idocv | An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. | 2024-02-16 | not yet calculated | CVE-2024-24377 [email protected] |
inprax — izzi_connect | INPRAX “iZZi connect” application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit “reQnet iZZi”.This issue affects “iZZi connect” application versions before 2024010401. | 2024-02-15 | not yet calculated | CVE-2024-0390 [email protected] [email protected] |
koha — koha | CSV Injection vulnerability in ‘/members/moremember.pl’ and ‘/admin/aqbudgets.pl’ endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the ‘Budget’ and ‘Patrons Member’ components. | 2024-02-12 | not yet calculated | CVE-2024-24337 [email protected] |
linux — kernel | dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. | 2024-02-12 | not yet calculated | CVE-2023-52429 [email protected] [email protected] |
linux — kernel | printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. | 2024-02-12 | not yet calculated | CVE-2024-25741 [email protected] |
linux — kernel | In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. | 2024-02-12 | not yet calculated | CVE-2024-25744 [email protected] [email protected] |
linux — ubi | create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. | 2024-02-12 | not yet calculated | CVE-2024-25739 [email protected] [email protected] |
linux — ubi | A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. | 2024-02-12 | not yet calculated | CVE-2024-25740 [email protected] |
mbloch — mbloch/mapshaper | Path Traversal in GitHub repository mbloch/mapshaper prior to 0.6.44. | 2024-02-13 | not yet calculated | CVE-2024-1163 [email protected] [email protected] |
motorola — cx2l | A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. | 2024-02-12 | not yet calculated | CVE-2024-25360 [email protected] |
mysten_labs — sui blockchain | An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | 2024-02-13 | not yet calculated | CVE-2023-42374 [email protected] [email protected] [email protected] |
ncurses — ncurses | ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. | 2024-02-16 | not yet calculated | CVE-2023-45918 [email protected] |
qanything — kernel | qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection. | 2024-02-11 | not yet calculated | CVE-2024-25722 [email protected] [email protected] |
raidenmaild — raidenmaild | Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory. | 2024-02-13 | not yet calculated | CVE-2023-38960 [email protected] |
react_ative — document_picker | Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component. | 2024-02-16 | not yet calculated | CVE-2024-25466 [email protected] [email protected] |
redaxo — redaxo_cms | An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | 2024-02-17 | not yet calculated | CVE-2024-25298 [email protected] |
redaxo — redaxo_cms | A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. | 2024-02-14 | not yet calculated | CVE-2024-25300 [email protected] |
redaxo — redaxo_cms | Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | 2024-02-14 | not yet calculated | CVE-2024-25301 [email protected] [email protected] |
rhonabwy — rhonabwy | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.) | 2024-02-11 | not yet calculated | CVE-2024-25714 [email protected] |
rurban — cpanel::json::xs_perl_package | The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service. | 2024-02-13 | not yet calculated | CVE-2022-48623 [email protected] [email protected] [email protected] [email protected] |
samly — samly | In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry. | 2024-02-11 | not yet calculated | CVE-2024-25718 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
sharp_corporation — energy_management_controller_with_cloud_services | Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. | 2024-02-14 | not yet calculated | CVE-2024-23783 [email protected] [email protected] [email protected] |
sharp_corporation — energy_management_controller_with_cloud_services | Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23784 [email protected] [email protected] [email protected] |
sharp_corporation — energy_management_controller_with_cloud_services | Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. | 2024-02-14 | not yet calculated | CVE-2024-23785 [email protected] [email protected] [email protected] |
sharp_corporation — energy_management_controller_with_cloud_services | Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23786 [email protected] [email protected] [email protected] |
sharp_corporation — energy_management_controller_with_cloud_services | Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23787 [email protected] [email protected] [email protected] |
sharp_corporation — energy_management_controller_with_cloud_services | Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23788 [email protected] [email protected] [email protected] |
sharp_corporation — energy_management_controller_with_cloud_services | Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. | 2024-02-14 | not yet calculated | CVE-2024-23789 [email protected] [email protected] [email protected] |
smartcalc.es — osticky_component_for_joomla | An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL. | 2024-02-15 | not yet calculated | CVE-2024-21728 [email protected] |
sourcecodester — barangay_population_monitoring_system | Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. | 2024-02-14 | not yet calculated | CVE-2024-25209 [email protected] |
sourcecodester — online_medicine_ordering_system | Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. | 2024-02-14 | not yet calculated | CVE-2024-25217 [email protected] |
sourcecodester — school_task_manager | Sourcecodester School Task Manager 1.0 allows SQL Injection via the ‘subject’ parameter. | 2024-02-13 | not yet calculated | CVE-2024-24142 [email protected] |
sourcecodester — simple_expense_tracker | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. | 2024-02-14 | not yet calculated | CVE-2024-25210 [email protected] |
sourcecodester — simple_expense_tracker | Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. | 2024-02-14 | not yet calculated | CVE-2024-25211 [email protected] |
steve-community — steve | SteVe v3.6.0 was discovered to use predictable transaction ID’s when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID’s to terminate other transactions. | 2024-02-13 | not yet calculated | CVE-2024-25407 [email protected] |
swftools — swftools | A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. | 2024-02-14 | not yet calculated | CVE-2024-25165 [email protected] |
teltonika – rut240 | Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface. | 2024-02-17 | not yet calculated | CVE-2023-31728 [email protected] [email protected] |
teltonika — trb1 | Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB. | 2024-02-17 | not yet calculated | CVE-2024-22727 [email protected] |
tenda — ac10 | Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function. | 2024-02-15 | not yet calculated | CVE-2024-25373 [email protected] |
tongda — office_anywhere | Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php. | 2024-02-16 | not yet calculated | CVE-2024-25320 [email protected] |
totoline — x5000r | An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. | 2024-02-17 | not yet calculated | CVE-2024-25468 [email protected] |
vitalpbx — vitalpbx | An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. | 2024-02-15 | not yet calculated | CVE-2024-24386 [email protected] [email protected] |
wind_river — vxworks | An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak. | 2024-02-15 | not yet calculated | CVE-2023-51787 [email protected] |
wordpress — analytics_insights_for_google_analytics_4_(aiwp) | The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | 2024-02-12 | not yet calculated | CVE-2024-0250 [email protected] |
wordpress — mappress_maps_for_wordpress | The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks | 2024-02-12 | not yet calculated | CVE-2024-0420 [email protected] |
wordpress — mappress_maps_for_wordpress | The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. | 2024-02-12 | not yet calculated | CVE-2024-0421 [email protected] |
wordpress — smart_manager | The Smart Manager WordPress plugin before 8.28.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 2024-02-12 | not yet calculated | CVE-2024-0566 [email protected] |
wordpress — wordpress | The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions ‘handle_auth_request’ and ‘handle_login_request’. This makes it possible for non-authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | 2024-02-12 | not yet calculated | CVE-2023-6036 [email protected] |
wordpress — wordpress | The chartjs WordPress plugin through 2023.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-02-12 | not yet calculated | CVE-2023-6081 [email protected] [email protected] |
wordpress — wordpress | The chartjs WordPress plugin through 2023.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-02-12 | not yet calculated | CVE-2023-6082 [email protected] [email protected] |
wordpress — wordpress | The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. | 2024-02-12 | not yet calculated | CVE-2023-6294 [email protected] |
wordpress — wordpress | The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitization as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2024-02-12 | not yet calculated | CVE-2023-6499 [email protected] |
wordpress — wordpress | The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2024-02-12 | not yet calculated | CVE-2023-6501 [email protected] [email protected] |
wordpress — wordpress | The Popup Box WordPress plugin before 20.9.0 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2024-02-12 | not yet calculated | CVE-2023-6591 [email protected] |
wordpress — wordpress | The GigPress WordPress plugin through 2.3.29 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-02-12 | not yet calculated | CVE-2023-7233 [email protected] |
wordpress — wordpress | The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9. | 2024-02-12 | not yet calculated | CVE-2024-0248 [email protected] |
yetiforcecompany — yetiforcecrm | Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component. | 2024-02-16 | not yet calculated | CVE-2023-49508 [email protected] [email protected] [email protected] |
yonyou — space-time_enterprise_information_integration_platform | SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory. | 2024-02-15 | not yet calculated | CVE-2024-24256 [email protected] |
zimbra — zimbra_collaboration | In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp. | 2024-02-13 | not yet calculated | CVE-2023-26562 [email protected] [email protected] [email protected] |
zimbra — zimbra_collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.) | 2024-02-13 | not yet calculated | CVE-2023-45206 [email protected] [email protected] [email protected] |
zimbra — zimbra_collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitizing the JavaScript code present in a PDF document.) | 2024-02-13 | not yet calculated | CVE-2023-45207 [email protected] [email protected] [email protected] |
zimbra — zimbra_collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail. | 2024-02-13 | not yet calculated | CVE-2023-48432 [email protected] [email protected] [email protected] |
zimbra — zimbra_collaboration | Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI. | 2024-02-13 | not yet calculated | CVE-2023-50808 [email protected] [email protected] [email protected] |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.