US-CERT Vulnerability Summary for the Week of May 6, 2024
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
academy_lms — academy_lms | Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. | 2024-05-06 | 7.1 | CVE-2024-33912 [email protected] |
brevo_for_woocommerce — sendinblue_for_woocommerce | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. | 2024-05-06 | 8.5 | CVE-2024-32807 [email protected] |
brocade — brocade_sannav | The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | 2024-05-08 | 7.8 | CVE-2024-2860 [email protected] |
codesys — codesys_development_system_v2.3 | An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability. | 2024-05-06 | 7.8 | CVE-2023-49675 [email protected] |
delta_electronics — diaenergie | A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a ‘RecalculateScript’ message, which is splitted into 4 fields using the ‘~’ character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field | 2024-05-06 | 9.8 | CVE-2024-4547 [email protected] |
delta_electronics — diaenergie | An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a ‘RecalculateHDMWYC’ message, which is split into 4 fields using the ‘~’ character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. | 2024-05-06 | 9.8 | CVE-2024-4548 [email protected] |
delta_electronics — diaenergie | A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an ‘ICS Restart!’ message, CEBC.exe restarts the system. | 2024-05-06 | 7.5 | CVE-2024-4549 [email protected] |
denoland — deno | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `–allow-env`, and writing `/proc/self/mem` may provide access equivalent to `–allow-all`. Users who grant read and write access to the entire filesystem may not realize that these access to these files may have additional, unintended consequences. The documentation did not reflect that this practice should be undertaken to increase the strength of the security sandbox. Users who run code with `–allow-read` or `–allow-write` may unexpectedly end up granting additional permissions via file-system operations. Deno 1.43 and above require explicit `–allow-all` access to read or write `/etc`, `/dev` on unix platform (as well as `/proc` and `/sys` on linux platforms), and any path starting with `\\` on Windows. | 2024-05-07 | 8.4 | CVE-2024-34346 [email protected] |
ethereum — go-ethereum | go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards. | 2024-05-06 | 7.5 | CVE-2024-32972 [email protected] [email protected] |
f5 — big-ip | A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 8 | CVE-2024-31156 [email protected] |
f5 — big-ip | When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.5 | CVE-2024-33608 [email protected] |
f5 — big-ip_edge_client | An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.4 | CVE-2024-28883 [email protected] |
f5 — big-ip_next_central_manager | An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.5 | CVE-2024-21793 [email protected] |
f5 — big-ip_next_central_manager | An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-05-08 | 7.5 | CVE-2024-26026 [email protected] |
f5 — big-ip_next_central_manager | BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.4 | CVE-2024-32049 [email protected] |
f5 — big-ip | When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.5 | CVE-2024-25560 [email protected] |
faraday — gm8181 | A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304. | 2024-05-07 | 7.3 | CVE-2024-4582 [email protected] [email protected] [email protected] [email protected] [email protected] |
fedora — dnf5daemon-server | Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled “plugin”. All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question. On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though. Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker. | 2024-05-08 | 8.8 | CVE-2024-2746 [email protected] |
fedora — dnf5daemon-server | Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the “config” key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration. Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this “config” map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access. | 2024-05-08 | 7.5 | CVE-2024-1929 [email protected] |
fermyon — spin | Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application’s component handling the incoming request is configured with an `allow_outbound_hosts` list containing `”self”`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn’t include the hostname/port. Spin 2.4.3 has been released to fix this issue. | 2024-05-08 | 9.1 | CVE-2024-32980 [email protected] [email protected] |
glpi-project — glpi | GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15. | 2024-05-07 | 7.1 | CVE-2024-29889 [email protected] [email protected] |
glpi-project — glpi | GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15. | 2024-05-07 | 7.7 | CVE-2024-31456 [email protected] [email protected] |
hoppscotch — hoppscotch | @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0. | 2024-05-08 | 8.3 | CVE-2024-34347 [email protected] [email protected] |
ibm — aix | IBM AIX’s Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903. | 2024-05-07 | 8.1 | CVE-2024-27273 [email protected] [email protected] |
ietf — dhcp | DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | 2024-05-06 | 7.6 | CVE-2024-3661 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 |
impronta — janto_ticketing_software | IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket. | 2024-05-07 | 7.5 | CVE-2024-4537 [email protected] |
impronta — janto_ticketing_software | IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user’s event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data. | 2024-05-07 | 7.5 | CVE-2024-4538 [email protected] |
lan_messenger — lan_messenger | Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol. | 2024-05-07 | 7.5 | CVE-2024-4599 [email protected] |
leadconnector — leadconnector | Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7. | 2024-05-06 | 8.6 | CVE-2024-34378 [email protected] |
litestar-org — litestar | Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4. | 2024-05-06 | 8.2 | CVE-2024-32982 [email protected] [email protected] [email protected] |
lucian_apostol — auto_affiliate_links | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1. | 2024-05-06 | 7.6 | CVE-2024-34386 [email protected] |
lunar — lunar | Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information. | 2024-05-08 | 7.7 | CVE-2024-3507 [email protected] |
moxa — nport_5100a_series | The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges. | 2024-05-06 | 8.3 | CVE-2024-3576 [email protected] |
oisf — suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536). | 2024-05-07 | 7.5 | CVE-2024-32663 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
pallets — werkzeug | Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer’s machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer’s application that will trigger the debugger. This vulnerability is fixed in 3.0.3. | 2024-05-06 | 7.5 | CVE-2024-34069 [email protected] [email protected] |
parcel_panel — parcelpanel | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. | 2024-05-06 | 8.5 | CVE-2024-34412 [email protected] |
popup_box_team — popup_box | Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2. | 2024-05-06 | 7.1 | CVE-2024-34367 [email protected] |
pressfore — rolo_slider | Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9. | 2024-05-08 | 7.7 | CVE-2024-1438 [email protected] |
ptc — codebeamer | PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code. | 2024-05-08 | 7.1 | CVE-2024-3951 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | 2024-05-06 | 8.4 | CVE-2023-33119 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption while verifying the serialized header when the key pairs are generated. | 2024-05-06 | 8.4 | CVE-2023-43531 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. | 2024-05-06 | 8.4 | CVE-2024-21471 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption when size of buffer from previous call is used without validation or re-initialization. | 2024-05-06 | 8.4 | CVE-2024-21474 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. | 2024-05-06 | 8.4 | CVE-2024-23351 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption when the IOCTL call is interrupted by a signal. | 2024-05-06 | 8.4 | CVE-2024-23354 [email protected] |
qualcomm,_inc. — snapdragon | Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. | 2024-05-06 | 7.5 | CVE-2023-43529 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption when the payload received from firmware is not as per the expected protocol size. | 2024-05-06 | 7.8 | CVE-2024-21475 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption when the channel ID passed by user is not validated and further used. | 2024-05-06 | 7.8 | CVE-2024-21476 [email protected] |
qualcomm,_inc. — snapdragon | Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | 2024-05-06 | 7.5 | CVE-2024-21477 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption while playing audio file having large-sized input buffer. | 2024-05-06 | 7.3 | CVE-2024-21480 [email protected] |
red_hat — red_hat_openstack_platform_16.1 | The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | 2024-05-08 | 7.5 | CVE-2024-4436 [email protected] [email protected] |
red_hat — red_hat_openstack_platform_16.1 | The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | 2024-05-08 | 7.5 | CVE-2024-4437 [email protected] [email protected] |
red_hat — red_hat_openstack_platform_16.1 | The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | 2024-05-08 | 7.5 | CVE-2024-4438 [email protected] [email protected] |
repute_infosystems — arforms_form_builder | Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | 2024-05-08 | 7.6 | CVE-2024-31270 [email protected] |
scribit — gdpr_compliance | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5. | 2024-05-06 | 7.5 | CVE-2024-34388 [email protected] |
select-themes — stockholm_core | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1. | 2024-05-08 | 7.1 | CVE-2024-34553 [email protected] |
silicon_labs — z-wave_sdk | A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices. | 2024-05-07 | 8.1 | CVE-2024-22472 [email protected] |
socomec — net_vision | Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file. | 2024-05-07 | 7.1 | CVE-2024-4600 [email protected] |
stacklok — minder | Minder’s `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48. | 2024-05-07 | 7.5 | CVE-2024-34084 [email protected] [email protected] |
thenbrent — social_connect | The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2024-05-08 | 9.8 | CVE-2024-4393 [email protected] [email protected] |
vmware — vmware_avi_load_balancer | VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system. | 2024-05-08 | 7.2 | CVE-2024-22264 [email protected] |
webpushr_web_push_notifications — webpushr | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0. | 2024-05-06 | 7.1 | CVE-2024-34369 [email protected] |
wisdmlabs — edwiser_bridge_-_wordpress_moodle_lms_integration | The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the ‘eb_user_email_verification_key’ default value is empty, and the not empty check is missing in the ‘eb_user_email_verify’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the ‘Email Verification’ setting is enabled. | 2024-05-07 | 9.8 | CVE-2024-4186 [email protected] [email protected] [email protected] |
wojtekmaj — react-pdf | react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2. | 2024-05-07 | 7.1 | CVE-2024-34342 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
wshberlin — startklar_elementor_addons | The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘process’ function in the ‘startklarDropZoneUploadProcess’ class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2024-05-07 | 9.8 | CVE-2024-4345 [email protected] [email protected] [email protected] |
wshberlin — startklar_elementor_addons | The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | 2024-05-07 | 9.1 | CVE-2024-4346 [email protected] [email protected] [email protected] |
N/A — N/A | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release. | 2024-05-06 | 7.3 | CVE-2024-34089 [email protected] [email protected] |
N/A — N/A | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release. | 2024-05-06 | 7.3 | CVE-2024-34090 [email protected] [email protected] |
N/A — N/A | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release. | 2024-05-06 | 7.3 | CVE-2024-34091 [email protected] [email protected] |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
a_wp_life — video_gallery_-_api_gallery,_youtube_and_vimeo,_link_gallery | Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3. | 2024-05-06 | 4.3 | CVE-2024-34377 [email protected] |
addonmaster — post_grid_master | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8. | 2024-05-06 | 6.5 | CVE-2024-34390 [email protected] |
addonmaster — post_grid_master | Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7. | 2024-05-06 | 5.3 | CVE-2024-34372 [email protected] |
af_themes — wp_post_author | Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. | 2024-05-06 | 4.3 | CVE-2024-34387 [email protected] |
af_themes — wp_post_author | Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. | 2024-05-06 | 4.3 | CVE-2024-34389 [email protected] |
aipost — ai_wp_writer | Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5. | 2024-05-08 | 5.3 | CVE-2024-30459 [email protected] |
alttext.ai — download_alt_text_ai | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through 1.3.4. | 2024-05-06 | 5.9 | CVE-2024-34366 [email protected] |
amp-mode — debug_info | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Debug Info allows Stored XSS.This issue affects Debug Info: from n/a through 1.3.10. | 2024-05-08 | 5.9 | CVE-2024-34565 [email protected] |
apache_software_foundation — apache_superset | An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue. | 2024-05-07 | 4.3 | CVE-2024-28148 [email protected] |
appsbd — vitepos | Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1. | 2024-05-08 | 4.3 | CVE-2024-33574 [email protected] |
barpachuk — clickcease_click_fraud_protection | The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to retrieve the plugin’s configured API keys. | 2024-05-07 | 4.3 | CVE-2023-6810 [email protected] [email protected] |
basecamp — trix | Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content. | 2024-05-07 | 5.4 | CVE-2024-34341 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
bluenet_technology — clinical_browsing_system | A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263498 is the identifier assigned to this vulnerability. | 2024-05-08 | 6.3 | CVE-2024-4653 [email protected] [email protected] [email protected] [email protected] |
bluenet_technology — clinical_browsing_system | A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499. | 2024-05-08 | 6.3 | CVE-2024-4654 [email protected] [email protected] [email protected] [email protected] |
breakdance — breakdance | The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-05-06 | 6.4 | CVE-2023-6854 [email protected] [email protected] |
codesys — codesys_development_system_v2.3 | An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability. | 2024-05-06 | 5.5 | CVE-2023-49676 [email protected] |
creative_interactive_media — 3d_flipbook,_pdf_viewer,_pdf_embedder_-_real_3d_flipbook_wordpress_plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71. | 2024-05-08 | 5.9 | CVE-2024-34561 [email protected] |
dell — data_manager_appliance_software_(dmas) | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | 2024-05-08 | 6.5 | CVE-2024-24908 [email protected] |
eclipse_foundation — edc | In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specific data address properties are resolved by the provider data plane. Problematically, the consumer-provided clientSecretKey, which indicates the OAuth2 client secret to retrieve from a secrets vault, is resolved in the context of the provider’s vault, not the consumer. This secret’s value is then sent to the tokenUrl, also consumer-controlled, as part of an OAuth2 client credentials grant. The returned access token is then sent as a bearer token to the data sink URL. This feature is now disabled entirely, because not all code paths necessary for a successful realization were fully implemented. | 2024-05-07 | 6.8 | CVE-2024-4536 [email protected] [email protected] [email protected] [email protected] |
eprolo — eprolo_dropshipping | Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1. | 2024-05-08 | 4.3 | CVE-2024-33573 [email protected] |
f5 — big-ip | Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker’s control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-05-08 | 6.5 | CVE-2024-32761 [email protected] |
f5 — big-ip | A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-05-08 | 6.1 | CVE-2024-33604 [email protected] |
f5 — big-ip | When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker’s control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 5.9 | CVE-2024-28889 [email protected] |
f5 — big-ip | A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 4.7 | CVE-2024-27202 [email protected] |
f5 — big-ip_next_central_manager | An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 6.8 | CVE-2024-33612 [email protected] |
f5 — big-ip_next_cnf | Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 4.4 | CVE-2024-28132 [email protected] |
faraday — gm8181 | A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability. | 2024-05-07 | 5.3 | CVE-2024-4583 [email protected] [email protected] [email protected] [email protected] [email protected] |
faraday — gm8181 | A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 5.3 | CVE-2024-4584 [email protected] [email protected] [email protected] [email protected] |
fedora — dnf5daemon-server | No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service. | 2024-05-08 | 6.5 | CVE-2024-1930 [email protected] |
goldaddons — gold_addons_for_elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GoldAddons Gold Addons for Elementor allows Stored XSS.This issue affects Gold Addons for Elementor: from n/a through 1.2.9. | 2024-05-08 | 6.5 | CVE-2024-34563 [email protected] |
gomo — gee_search_plus | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GOMO gee Search Plus allows Stored XSS.This issue affects gee Search Plus: from n/a through 1.4.4. | 2024-05-08 | 5.9 | CVE-2024-34560 [email protected] |
habibcoder — sticky_social_link | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HabibCoder Sticky Social Link allows Stored XSS.This issue affects Sticky Social Link: from n/a through 1.0.0. | 2024-05-08 | 5.9 | CVE-2024-34546 [email protected] |
hamid_alinia_-_idehweb — login_with_phone_number | Missing Authorization vulnerability in Hamid Alinia – idehweb Login with phone number.This issue affects Login with phone number: from n/a through 1.7.18. | 2024-05-06 | 4.3 | CVE-2024-34371 [email protected] |
hcl_software — bigfix_compliance | Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity. | 2024-05-07 | 6.5 | CVE-2024-23551 [email protected] |
horearadu — mesmerize_companion | The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mesmerize_contact_form’ shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-05-08 | 6.4 | CVE-2024-3494 [email protected] [email protected] |
ibm — watson_cp4d_data_stores | IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. | 2024-05-07 | 6.2 | CVE-2023-40694 [email protected] [email protected] |
jackdewey — link_library | The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘link-library’ shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-05-08 | 6.4 | CVE-2024-4281 [email protected] [email protected] |
johan_van_der_wijk — content_blocks_(custom_post_widget) | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.0. | 2024-05-08 | 6.5 | CVE-2024-34566 [email protected] |
joomunited — wp_latest_posts | The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-05-08 | 5.4 | CVE-2024-4135 [email protected] [email protected] |
katie_seaborn — zotpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.9. | 2024-05-08 | 6.5 | CVE-2024-34569 [email protected] |
leevio — happy_addons_for_elementor | Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. | 2024-05-08 | 4.3 | CVE-2024-24833 [email protected] |
logichunt_inc. — counter_up | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through 2.2.1. | 2024-05-08 | 6.5 | CVE-2024-34564 [email protected] |
matthiask — html-sanitizer | html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2. | 2024-05-06 | 6.1 | CVE-2024-34078 [email protected] [email protected] |
michael_nelson — print_my_blog | Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2. | 2024-05-06 | 5.3 | CVE-2024-33907 [email protected] |
moveaddons — move_addons_for_elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.0. | 2024-05-08 | 6.5 | CVE-2024-34562 [email protected] |
multi-column_tag_map — multi-column_tag_map | Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26. | 2024-05-08 | 6.5 | CVE-2023-41651 [email protected] |
n/a — dedecms | A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4585 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms | A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/shops_delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263308. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4586 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms | A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263309 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4587 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms | A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263310 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4588 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms | A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/mytag_edit.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263311. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4589 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms | A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263312. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4590 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms | A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4591 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms | A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4592 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms | A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4593 [email protected] [email protected] [email protected] [email protected] |
n/a — dedecms | A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4594 [email protected] [email protected] [email protected] [email protected] |
n/a — semcms | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability. | 2024-05-07 | 6.3 | CVE-2024-4595 [email protected] [email protected] [email protected] [email protected] |
nobita — raindrops | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nobita allows Stored XSS.This issue affects raindrops: from n/a through 1.600. | 2024-05-08 | 6.5 | CVE-2024-34414 [email protected] |
noor_alam — magical_addons_for_elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34. | 2024-05-08 | 6.5 | CVE-2024-34547 [email protected] |
octopus_deploy — octopus_server | In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. | 2024-05-08 | 4.1 | CVE-2024-4456 [email protected] |
oisf — suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false. | 2024-05-07 | 5.3 | CVE-2024-32664 [email protected] [email protected] [email protected] |
oisf — suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19. | 2024-05-07 | 5.3 | CVE-2024-32867 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
ollybach — wppizza | Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. | 2024-05-06 | 6.5 | CVE-2024-33576 [email protected] |
open-xchange_gmbh — ox_app_suite | E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known. | 2024-05-06 | 6.5 | CVE-2024-23186 [email protected] [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite | Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the “show more” option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known. | 2024-05-06 | 6.5 | CVE-2024-23187 [email protected] [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite | Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known. | 2024-05-06 | 6.5 | CVE-2024-23188 [email protected] [email protected] [email protected] |
open-xchange_gmbh — ox_app_suite | E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known. | 2024-05-06 | 5.3 | CVE-2024-23193 [email protected] [email protected] [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. | 2024-05-07 | 6.5 | CVE-2024-27217 [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. | 2024-05-07 | 6.5 | CVE-2024-3759 [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. | 2024-05-07 | 5.2 | CVE-2024-23808 [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. | 2024-05-07 | 6.5 | CVE-2024-3758 [email protected] |
opentext — netiq_identity_console | An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address. | 2024-05-07 | 5.8 | CVE-2023-7240 [email protected] |
pallets — jinja | Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4. | 2024-05-06 | 5.4 | CVE-2024-34064 [email protected] [email protected] |
panasonic_holdings_corporation — kw_watcher | A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory. | 2024-05-08 | 4.4 | CVE-2024-4162 [email protected] |
pootlepress — pootle_pagebuilder_-_wordpress_page_builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pootlepress Pootle Pagebuilder – WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder – WordPress Page builder: from n/a through 5.7.1. | 2024-05-08 | 6.5 | CVE-2024-34573 [email protected] |
posimyth — the_plus_addons_for_elementor_page_builder_lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2. | 2024-05-06 | 6.5 | CVE-2024-34373 [email protected] |
propertyhive — propertyhive | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10. | 2024-05-06 | 6.5 | CVE-2024-34381 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption when multiple listeners are being registered with the same file descriptor. | 2024-05-06 | 6.7 | CVE-2023-43521 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption when the bandpass filter order received from AHAL is not within the expected range. | 2024-05-06 | 6.7 | CVE-2023-43524 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption while copying the sound model data from user to kernel buffer during sound model register. | 2024-05-06 | 6.7 | CVE-2023-43525 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption while querying module parameters from Listen Sound model client in kernel from user space. | 2024-05-06 | 6.7 | CVE-2023-43526 [email protected] |
qualcomm,_inc. — snapdragon | Information disclosure while parsing dts header atom in Video. | 2024-05-06 | 6.8 | CVE-2023-43527 [email protected] |
qualcomm,_inc. — snapdragon | Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. | 2024-05-06 | 6.1 | CVE-2023-43528 [email protected] |
qualcomm,_inc. — snapdragon | Memory corruption in HLOS while checking for the storage type. | 2024-05-06 | 5.9 | CVE-2023-43530 [email protected] |
quantumcloud — conversational_forms_for_chatbot | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0. | 2024-05-06 | 5.9 | CVE-2024-34380 [email protected] |
quomodosoft — elementsready_addons_for_elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0. | 2024-05-06 | 6.5 | CVE-2024-34374 [email protected] |
rara_theme — restaurant_and_cafe | Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1. | 2024-05-06 | 4.3 | CVE-2024-34379 [email protected] |
realmag777 — wolf | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2. | 2024-05-08 | 5.9 | CVE-2024-34558 [email protected] |
red_hat — red_hat_enterprise_linux_6 | A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer’s stack frame was concurrently being “freed” when returning from virNetClientIOEventLoop(). The ‘virtproxyd’ daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it. | 2024-05-08 | 6.2 | CVE-2024-4418 [email protected] [email protected] |
robosoft — robo_gallery | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. | 2024-05-06 | 5.3 | CVE-2024-34382 [email protected] |
ruijie — rg-uac | A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 4.7 | CVE-2024-4508 [email protected] [email protected] [email protected] [email protected] |
ruijie — rg-uac | A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 4.7 | CVE-2024-4509 [email protected] [email protected] [email protected] [email protected] |
ruijie — rg-uac | A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_mac_addr leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263114 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 4.7 | CVE-2024-4510 [email protected] [email protected] [email protected] [email protected] |
ruijie — rg-uac | A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 4.7 | CVE-2024-4507 [email protected] [email protected] [email protected] [email protected] |
samsung_mobile — galaxy_store | Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | 2024-05-07 | 5.1 | CVE-2024-20870 [email protected] |
samsung_mobile — samsung_mobile_devices | Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption. | 2024-05-07 | 6 | CVE-2024-20861 [email protected] |
samsung_mobile — samsung_mobile_devices | Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. | 2024-05-07 | 6 | CVE-2024-20862 [email protected] |
samsung_mobile — samsung_mobile_devices | Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. | 2024-05-07 | 6.7 | CVE-2024-20863 [email protected] |
samsung_mobile — samsung_mobile_devices | Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images. | 2024-05-07 | 6.6 | CVE-2024-20865 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege. | 2024-05-07 | 5.5 | CVE-2024-20859 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources. | 2024-05-07 | 5.5 | CVE-2024-20864 [email protected] |
samsung_mobile — samsung_mobile_devices | Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step. | 2024-05-07 | 5.7 | CVE-2024-20866 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. | 2024-05-07 | 5.5 | CVE-2024-20867 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. | 2024-05-07 | 5.5 | CVE-2024-20869 [email protected] |
samsung_mobile — samsung_mobile_devices | A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control TEE. | 2024-05-07 | 4.4 | CVE-2024-20821 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario. | 2024-05-07 | 4.3 | CVE-2024-20856 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. | 2024-05-07 | 4 | CVE-2024-20857 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. | 2024-05-07 | 4 | CVE-2024-20858 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission. | 2024-05-07 | 4 | CVE-2024-20860 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions. | 2024-05-07 | 4.4 | CVE-2024-20868 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection. | 2024-05-07 | 4.9 | CVE-2024-20871 [email protected] |
samsung_mobile — talkbackse | Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE. | 2024-05-07 | 6.2 | CVE-2024-20872 [email protected] |
shanghai_sunfull_automation — bacnet_server_hmi1002-arm | A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263115. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 6.3 | CVE-2024-4511 [email protected] [email protected] [email protected] [email protected] [email protected] |
slicewp — slicewp | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10. | 2024-05-06 | 5.9 | CVE-2024-34413 [email protected] |
socomec — net_vision | An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value. | 2024-05-07 | 6.7 | CVE-2024-4601 [email protected] |
supsystic — digital_publications_by_supsystic | Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | 2024-05-06 | 5.3 | CVE-2024-33910 [email protected] |
the_seo_guys_at_seopress — seopress | Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1. | 2024-05-06 | 5.3 | CVE-2024-34383 [email protected] |
theme_freesia — edge | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9. | 2024-05-06 | 6.5 | CVE-2024-34376 [email protected] |
themegrill — himalayas | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0. | 2024-05-08 | 6.5 | CVE-2024-34571 [email protected] |
themehunk — advance_wordpress_search_plugin | Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. | 2024-05-08 | 6.5 | CVE-2022-40218 [email protected] |
themeprix — fancy_elementor_flipbox | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemePrix Fancy Elementor Flipbox fancy-elementor-flipbox allows Stored XSS.This issue affects Fancy Elementor Flipbox: from n/a through 2.4.2. | 2024-05-08 | 6.5 | CVE-2024-34572 [email protected] |
themeqx — letterpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through 4.15.12. | 2024-05-06 | 5.3 | CVE-2024-34368 [email protected] |
themeqx — letterpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1. | 2024-05-08 | 5.9 | CVE-2024-34568 [email protected] |
themesgrove — widgetkit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8. | 2024-05-08 | 6.5 | CVE-2024-34548 [email protected] |
themesgrove — widgetkit | Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0. | 2024-05-06 | 5.3 | CVE-2024-33908 [email protected] |
tilda_publishing — tilda_publishing | Missing Authorization vulnerability in Tilda Publishing.This issue affects Tilda Publishing: from n/a through 0.3.23. | 2024-05-07 | 6.3 | CVE-2023-31234 [email protected] |
tyche_softwares — print_invoice_&_delivery_notes_for_woocommerce | Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3. | 2024-05-08 | 4.3 | CVE-2024-4233 [email protected] [email protected] [email protected] |
vitessio — vitess | Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7. | 2024-05-08 | 4.9 | CVE-2024-32886 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
vmware — vmware_avi_load_balancer | VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext. | 2024-05-08 | 6.5 | CVE-2024-22266 [email protected] |
wpmet — metform_elementor_contact_form_builder | Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3. | 2024-05-06 | 4.3 | CVE-2024-33570 [email protected] |
wppool — sheets_to_wp_table_live_sync | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0. | 2024-05-06 | 5.9 | CVE-2024-34375 [email protected] |
wpsoul — table_maker | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1. | 2024-05-08 | 5.9 | CVE-2024-34574 [email protected] |
xpro — xpro_elementor_addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.3. | 2024-05-08 | 5.9 | CVE-2024-34570 [email protected] |
N/A — N/A | An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled. | 2024-05-06 | 5.3 | CVE-2024-34093 [email protected] [email protected] |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
Ncampcodes — complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4527 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4513 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4514 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119. | 2024-05-06 | 3.5 | CVE-2024-4515 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120. | 2024-05-06 | 3.5 | CVE-2024-4516 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4517 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4518 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123. | 2024-05-06 | 3.5 | CVE-2024-4519 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124. | 2024-05-06 | 3.5 | CVE-2024-4521 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4522 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4523 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127. | 2024-05-06 | 3.5 | CVE-2024-4524 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128. | 2024-05-06 | 3.5 | CVE-2024-4525 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4526 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263490 is the identifier assigned to this vulnerability. | 2024-05-08 | 3.5 | CVE-2024-4646 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491. | 2024-05-08 | 3.5 | CVE-2024-4647 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492. | 2024-05-08 | 3.5 | CVE-2024-4648 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability. | 2024-05-08 | 3.5 | CVE-2024-4649 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability. | 2024-05-08 | 3.5 | CVE-2024-4650 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495. | 2024-05-08 | 3.5 | CVE-2024-4651 [email protected] [email protected] [email protected] [email protected] |
campcodes — complete_web-based_school_management_system | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496. | 2024-05-08 | 3.5 | CVE-2024-4652 [email protected] [email protected] [email protected] [email protected] |
dell — data_manager_appliance_software_(dmas) | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | 2024-05-08 | 2.2 | CVE-2024-22460 [email protected] |
dell — update_manager_plugin | Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 2024-05-08 | 3.5 | CVE-2024-28971 [email protected] |
n/a — kimai | A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability. | 2024-05-07 | 3.7 | CVE-2024-4596 [email protected] [email protected] [email protected] [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. | 2024-05-07 | 3.3 | CVE-2024-31078 [email protected] |
openharmony — openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. | 2024-05-07 | 3.3 | CVE-2024-3757 [email protected] |
samsung_mobile — samsung_mobile_devices | Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while. | 2024-05-07 | 2.4 | CVE-2024-20855 [email protected] |
sourcecodester — prison_management_system | A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116. | 2024-05-06 | 3.5 | CVE-2024-4512 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — prison_management_system | A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263488. | 2024-05-08 | 3.5 | CVE-2024-4644 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability. | 2024-05-08 | 3.5 | CVE-2024-4645 [email protected] [email protected] [email protected] [email protected] |
sourcecodester — prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263131. | 2024-05-06 | 2.4 | CVE-2024-4528 [email protected] [email protected] [email protected] [email protected] |
xpdf — xpdf | In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. | 2024-05-06 | 2.9 | CVE-2024-4568 [email protected] |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache_software_foundation — apache_inlong | Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong’s 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 | 2024-05-08 | not yet calculated | CVE-2024-26579 [email protected] [email protected] |
apache_software_foundation — apache_ofbiz | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. | 2024-05-08 | not yet calculated | CVE-2024-32113 [email protected] [email protected] [email protected] [email protected] |
bentley — view | Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18960. | 2024-05-07 | not yet calculated | CVE-2022-43651 [email protected] |
bentley — view | Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18981. | 2024-05-07 | not yet calculated | CVE-2022-43652 [email protected] |
bentley — view | Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084. | 2024-05-07 | not yet calculated | CVE-2022-43653 [email protected] |
bentley — view | Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18491. | 2024-05-07 | not yet calculated | CVE-2022-43655 [email protected] |
bentley — view | Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18492. | 2024-05-07 | not yet calculated | CVE-2022-43656 [email protected] |
bmc — track-it! | BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527. | 2024-05-07 | not yet calculated | CVE-2021-35001 [email protected] [email protected] |
bmc — track-it! | BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122. | 2024-05-07 | not yet calculated | CVE-2021-35002 [email protected] [email protected] |
d-link — dap-2622 | D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20076. | 2024-05-07 | not yet calculated | CVE-2023-35748 [email protected] [email protected] |
d-link — dap-2622 | D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077. | 2024-05-07 | not yet calculated | CVE-2023-35749 [email protected] [email protected] |
d-link — dap-2622 | D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20085. | 2024-05-07 | not yet calculated | CVE-2023-35757 [email protected] [email protected] |
d-link — dap-2622 | D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104. | 2024-05-07 | not yet calculated | CVE-2023-37325 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14355. | 2024-05-07 | not yet calculated | CVE-2021-34954 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14356. | 2024-05-07 | not yet calculated | CVE-2021-34955 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14357. | 2024-05-07 | not yet calculated | CVE-2021-34956 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358. | 2024-05-07 | not yet calculated | CVE-2021-34957 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359. | 2024-05-07 | not yet calculated | CVE-2021-34958 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14360. | 2024-05-07 | not yet calculated | CVE-2021-34959 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362. | 2024-05-07 | not yet calculated | CVE-2021-34960 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363. | 2024-05-07 | not yet calculated | CVE-2021-34961 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364. | 2024-05-07 | not yet calculated | CVE-2021-34962 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365. | 2024-05-07 | not yet calculated | CVE-2021-34963 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366. | 2024-05-07 | not yet calculated | CVE-2021-34964 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361. | 2024-05-07 | not yet calculated | CVE-2021-34965 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367. | 2024-05-07 | not yet calculated | CVE-2021-34966 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368. | 2024-05-07 | not yet calculated | CVE-2021-34967 [email protected] [email protected] |
foxit — pdf_editor | Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370. | 2024-05-07 | not yet calculated | CVE-2021-34968 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Square annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14272. | 2024-05-07 | not yet calculated | CVE-2021-34948 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14273. | 2024-05-07 | not yet calculated | CVE-2021-34949 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14396. | 2024-05-07 | not yet calculated | CVE-2021-34950 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14395. | 2024-05-07 | not yet calculated | CVE-2021-34951 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14729. | 2024-05-07 | not yet calculated | CVE-2021-34952 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14658. | 2024-05-07 | not yet calculated | CVE-2021-34953 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14622. | 2024-05-07 | not yet calculated | CVE-2021-34969 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the print method. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14849. | 2024-05-07 | not yet calculated | CVE-2021-34970 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812. | 2024-05-07 | not yet calculated | CVE-2021-34971 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14975. | 2024-05-07 | not yet calculated | CVE-2021-34972 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14968. | 2024-05-07 | not yet calculated | CVE-2021-34973 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15167. | 2024-05-07 | not yet calculated | CVE-2021-34974 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218. | 2024-05-07 | not yet calculated | CVE-2021-34975 [email protected] [email protected] |
foxit — pdf_reader | Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14659. | 2024-05-07 | not yet calculated | CVE-2021-34976 [email protected] [email protected] |
go_standard_library — net | A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | 2024-05-08 | not yet calculated | CVE-2024-24788 [email protected] [email protected] [email protected] [email protected] |
go_toolchain — cmd/go | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a “#cgo LDFLAGS” directive. | 2024-05-08 | not yet calculated | CVE-2024-24787 [email protected] [email protected] [email protected] [email protected] |
google — android | In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0022 [email protected] [email protected] |
google — android | In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0024 [email protected] [email protected] |
google — android | In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0025 [email protected] [email protected] |
google — android | In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0026 [email protected] [email protected] |
google — android | In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0027 [email protected] [email protected] |
google — android | In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0042 [email protected] |
google — android | In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0043 [email protected] [email protected] |
google — android | In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23704 [email protected] [email protected] |
google — android | In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23705 [email protected] [email protected] |
google — android | In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23706 [email protected] [email protected] |
google — android | In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23707 [email protected] [email protected] |
google — android | In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23708 [email protected] [email protected] |
google — android | In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23709 [email protected] [email protected] |
google — android | In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23710 [email protected] [email protected] |
google — android | In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23712 [email protected] [email protected] |
google — android | In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23713 [email protected] [email protected] |
google — chrome | Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-05-07 | not yet calculated | CVE-2024-4558 [email protected] [email protected] |
google — chrome | Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-05-07 | not yet calculated | CVE-2024-4559 [email protected] [email protected] |
heateor — heateor_social_login_wordpress | Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. | 2024-05-08 | not yet calculated | CVE-2024-32674 [email protected] [email protected] |
hp_inc. — hp_application_enabling_software_driver | A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. | 2024-05-06 | not yet calculated | CVE-2024-1695 [email protected] |
integrated_control_technology — tsec | Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption. | 2024-05-06 | not yet calculated | CVE-2024-29941 56c94bcb-ac34-4d7f-b660-d297a6b7ff82 |
knowbe4 — phish_alert_button_(pab)_for_outlook | A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application’s failure to securely verify the authenticity and integrity of the update server. The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application’s update requests to a malicious server under their control. Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine. Impact: Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks. Workarounds: Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor. | 2024-05-07 | not yet calculated | CVE-2024-29209 [email protected] |
knowbe4 — phish_alert_button_(pab)_for_outlook | A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application’s configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges. The issue stems from improper permission settings on the application’s configuration file, which is stored in a common directory accessible to all users. This file includes critical parameters, such as the update server URL. By default, the application does not enforce adequate access controls on this file, allowing non-privileged users to modify it without administrative consent. An attacker with regular user access can alter the update server URL specified in the configuration file to point to a malicious server. When the application performs its next update check, it will contact the attacker-controlled server. If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. This can result in unauthorized access to sensitive data, installation of additional malware, and a full takeover of the affected system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: KnowBe4 has released a patch that corrects the permission settings on the configuration file to prevent unauthorized modifications. Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4. Workarounds: Manually set the correct permissions on the configuration file to restrict write access to administrators only. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor. | 2024-05-07 | not yet calculated | CVE-2024-29210 [email protected] |
linux — kernel | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977. | 2024-05-07 | not yet calculated | CVE-2021-34981 [email protected] |
maxon — cinema_4d | Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21438. | 2024-05-07 | not yet calculated | CVE-2023-40490 [email protected] |
mediatek,_inc. — mt2737,_mt6739,_mt6761,_mt6765,_mt6768,_mt6771,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6877,_mt6879,_mt6880,_mt6883,_mt6885,_mt6886,_mt6889,_mt6890,_mt6893,_mt6895,_mt6897,_mt6980,_mt6983,_mt6985,_mt6989,_mt6990,_mt8167,_mt8167s,_mt8168,_mt8173,_mt8175,_mt8185,_mt8188,_mt8195,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8390,_mt8395,_mt8755,_mt8765,_mt8766,_mt8768,_mt8775,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791,_mt8791t,_mt8797,_mt8798 | In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514. | 2024-05-06 | not yet calculated | CVE-2023-32871 [email protected] |
mediatek,_inc. — mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390 | In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749. | 2024-05-06 | not yet calculated | CVE-2024-20059 [email protected] |
mediatek,_inc. — mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390 | In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754. | 2024-05-06 | not yet calculated | CVE-2024-20060 [email protected] |
mediatek,_inc. — mt6580,_mt6761,_mt6762,_mt6768,_mt6781,_mt6789,_mt6833,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6875,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6891,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8678,_mt8755,_mt8775,_mt8792,_mt8796 | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. | 2024-05-06 | not yet calculated | CVE-2024-20064 [email protected] |
mediatek,_inc. — mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6880,_mt6885,_mt6886,_mt6890,_mt6893,_mt6895,_mt6897,_mt6983,_mt6985,_mt6989,_mt8666,_mt8667,_mt8673,_mt8676,_mt8678 | In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185. | 2024-05-06 | not yet calculated | CVE-2024-20056 [email protected] |
mediatek,_inc. — mt6761,_mt6765,_mt6768,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6897,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881. | 2024-05-06 | not yet calculated | CVE-2024-20057 [email protected] |
mediatek,_inc. — mt6761,_mt6765,_mt6768,_mt6833,_mt6853,_mt6855,_mt6893,_mt6895,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227. | 2024-05-06 | not yet calculated | CVE-2023-32873 [email protected] |
mediatek,_inc. — mt6765,_mt6768,_mt6785,_mt6833,_mt6853,_mt6855,_mt6893,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796,_mt8797,_mt8798 | In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204. | 2024-05-06 | not yet calculated | CVE-2024-20058 [email protected] |
mediatek,_inc. — mt6768,_mt6781,_mt6785,_mt6833,_mt6853,_mt6873,_mt6877,_mt6885,_mt6893,_mt8168,_mt8183,_mt8188,_mt8188t,_mt8195,_mt8195z,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8666,_mt8666a,_mt8666b,_mt8667,_mt8673,_mt8675,_mt8675,_mt8676,_mt8678,_mt8765,_mt8766,_mt8766z,_mt8768,_mt8768a,_mt8768b,_mt8768t,_mt8768z,_mt8781,_mt8781,_mt8786,_mt8788,_mt8788t,_mt8788,_mt8788x,_mt8788z,_mt8792,_mt8795t,_mt8796,_mt8798 | In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249. | 2024-05-06 | not yet calculated | CVE-2024-20021 [email protected] |
mintplex-labs — mintplex-labs/anything-llm | A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. | 2024-05-07 | not yet calculated | CVE-2024-2913 [email protected] |
netgear — cax30s | NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227. | 2024-05-07 | not yet calculated | CVE-2022-43654 [email protected] [email protected] |
netgear — multiple_routers | NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709. | 2024-05-07 | not yet calculated | CVE-2021-34982 [email protected] [email protected] |
netgear — multiple_routers | NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708. | 2024-05-07 | not yet calculated | CVE-2021-34983 [email protected] [email protected] |
netgear — r7800 | NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055. | 2024-05-07 | not yet calculated | CVE-2021-34947 [email protected] [email protected] |
node.js — node | The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. | 2024-05-07 | not yet calculated | CVE-2024-27982 [email protected] |
openbsd — kernel | OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14540. | 2024-05-07 | not yet calculated | CVE-2021-34999 [email protected] |
openbsd — kernel | OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16112. | 2024-05-07 | not yet calculated | CVE-2021-35000 [email protected] |
the_gnu_c_library — glibc | nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon’s (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 2024-05-06 | not yet calculated | CVE-2024-33599 3ff69d7a-14f2-4f67-a097-88dee7810d18 |
the_gnu_c_library — glibc | nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon’s (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 2024-05-06 | not yet calculated | CVE-2024-33600 3ff69d7a-14f2-4f67-a097-88dee7810d18 |
the_gnu_c_library — glibc | nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon’s (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 2024-05-06 | not yet calculated | CVE-2024-33601 3ff69d7a-14f2-4f67-a097-88dee7810d18 |
the_gnu_c_library — glibc | nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon’s (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 2024-05-06 | not yet calculated | CVE-2024-33602 3ff69d7a-14f2-4f67-a097-88dee7810d18 |
triangle_microworks — scada_data_gateway | Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227. | 2024-05-07 | not yet calculated | CVE-2022-0369 [email protected] |
ubiquiti_inc — unifi_connect_application | An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. | 2024-05-07 | not yet calculated | CVE-2024-29207 [email protected] |
ubiquiti_inc — unifi_connect_ev_station | An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Access G2 Reader Pro (Version 1.2.172 and earlier) UniFi Access Reader Pro (Version 2.7.238 and earlier) UniFi Access Intercom (Version 1.0.66 and earlier) UniFi Access Intercom Viewer (Version 1.0.5 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Access G2 Reader Pro Version 1.3.37 or later. Update UniFi Access Reader Pro Version 2.8.19 or later. Update UniFi Access Intercom Version 1.1.32 or later. Update UniFi Access Intercom Viewer Version 1.1.6 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. | 2024-05-07 | not yet calculated | CVE-2024-29206 [email protected] |
ubiquiti_inc — update_unifi_connect_ev_station | An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. | 2024-05-07 | not yet calculated | CVE-2024-29208 [email protected] |
unknown — crelly_slider | The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-05-06 | not yet calculated | CVE-2024-3752 [email protected] |
unknown — easyevent | The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2024-05-07 | not yet calculated | CVE-2024-3628 [email protected] |
unknown — fancy_product_designer | The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-05-06 | not yet calculated | CVE-2024-0904 [email protected] |
unknown — mf_gig_calendar | The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack | 2024-05-06 | not yet calculated | CVE-2024-3756 [email protected] |
unknown — mf_gig_calendar | The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-05-06 | not yet calculated | CVE-2024-3755 [email protected] |
N/A — N/A | Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field. | 2024-05-06 | not yet calculated | CVE-2023-33548 [email protected] |
N/A — N/A | Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. | 2024-05-07 | not yet calculated | CVE-2023-46012 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25507 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25508 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25509 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25510 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25511 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25512 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25513 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25514 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25515 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25517 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25518 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25519 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25520 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25521 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25522 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25523 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25524 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25525 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25526 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25527 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25528 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25529 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25530 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25531 [email protected] |
N/A — N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25532 [email protected] |
N/A — N/A | Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. | 2024-05-08 | not yet calculated | CVE-2024-25533 [email protected] |
N/A — N/A | Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. | 2024-05-06 | not yet calculated | CVE-2024-26312 [email protected] [email protected] |
N/A — N/A | Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. | 2024-05-06 | not yet calculated | CVE-2024-28725 [email protected] [email protected] |
N/A — N/A | An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process. | 2024-05-07 | not yet calculated | CVE-2024-29149 [email protected] [email protected] |
N/A — N/A | An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are used for debugging files. Given that the process of gathering debug logs is carried out with root privileges, any file referenced in the symlink is consequently written to the debug archive, thereby granting accessibility to the attacker. | 2024-05-07 | not yet calculated | CVE-2024-29150 [email protected] [email protected] |
N/A — N/A | An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. | 2024-05-06 | not yet calculated | CVE-2024-30973 [email protected] |
N/A — N/A | A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. | 2024-05-08 | not yet calculated | CVE-2024-31961 [email protected] |
N/A — N/A | SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component. | 2024-05-07 | not yet calculated | CVE-2024-32369 [email protected] [email protected] |
N/A — N/A | An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component. | 2024-05-07 | not yet calculated | CVE-2024-32370 [email protected] [email protected] |
N/A — N/A | An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. | 2024-05-07 | not yet calculated | CVE-2024-32371 [email protected] [email protected] |
N/A — N/A | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. | 2024-05-06 | not yet calculated | CVE-2024-33110 [email protected] |
N/A — N/A | D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. | 2024-05-06 | not yet calculated | CVE-2024-33111 [email protected] |
N/A — N/A | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | 2024-05-06 | not yet calculated | CVE-2024-33112 [email protected] |
N/A — N/A | D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | 2024-05-06 | not yet calculated | CVE-2024-33113 [email protected] |
N/A — N/A | crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. | 2024-05-06 | not yet calculated | CVE-2024-33117 [email protected] |
N/A — N/A | LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. | 2024-05-06 | not yet calculated | CVE-2024-33118 [email protected] |
N/A — N/A | Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file. | 2024-05-07 | not yet calculated | CVE-2024-33120 [email protected] [email protected] |
N/A — N/A | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the ‘s’ parameter in the search() function. | 2024-05-06 | not yet calculated | CVE-2024-33121 [email protected] |
N/A — N/A | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function. | 2024-05-07 | not yet calculated | CVE-2024-33122 [email protected] |
N/A — N/A | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. | 2024-05-07 | not yet calculated | CVE-2024-33124 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. | 2024-05-07 | not yet calculated | CVE-2024-33139 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. | 2024-05-07 | not yet calculated | CVE-2024-33144 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. | 2024-05-07 | not yet calculated | CVE-2024-33146 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. | 2024-05-07 | not yet calculated | CVE-2024-33147 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. | 2024-05-07 | not yet calculated | CVE-2024-33148 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. | 2024-05-07 | not yet calculated | CVE-2024-33149 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | 2024-05-07 | not yet calculated | CVE-2024-33153 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. | 2024-05-07 | not yet calculated | CVE-2024-33155 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. | 2024-05-07 | not yet calculated | CVE-2024-33161 [email protected] |
N/A — N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. | 2024-05-07 | not yet calculated | CVE-2024-33164 [email protected] |
N/A — N/A | An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. | 2024-05-06 | not yet calculated | CVE-2024-33294 [email protected] |
N/A — N/A | An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | 2024-05-08 | not yet calculated | CVE-2024-33382 [email protected] |
N/A — N/A | A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. | 2024-05-06 | not yet calculated | CVE-2024-33403 [email protected] |
N/A — N/A | A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | 2024-05-06 | not yet calculated | CVE-2024-33404 [email protected] |
N/A — N/A | SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. | 2024-05-06 | not yet calculated | CVE-2024-33405 [email protected] |
N/A — N/A | SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | 2024-05-06 | not yet calculated | CVE-2024-33406 [email protected] |
N/A — N/A | SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | 2024-05-06 | not yet calculated | CVE-2024-33407 [email protected] |
N/A — N/A | A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | 2024-05-06 | not yet calculated | CVE-2024-33408 [email protected] |
N/A — N/A | SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. | 2024-05-06 | not yet calculated | CVE-2024-33409 [email protected] |
N/A — N/A | SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | 2024-05-06 | not yet calculated | CVE-2024-33410 [email protected] |
N/A — N/A | A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. | 2024-05-06 | not yet calculated | CVE-2024-33411 [email protected] |
N/A — N/A | An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering. | 2024-05-07 | not yet calculated | CVE-2024-33434 [email protected] [email protected] |
N/A — N/A | Cross-site scripting (XSS) vulnerability in the search function in MvnRepository MS Basic 2.1.18.3 and earlier. | 2024-05-07 | not yet calculated | CVE-2024-33748 [email protected] [email protected] |
N/A — N/A | DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. | 2024-05-06 | not yet calculated | CVE-2024-33749 [email protected] |
N/A — N/A | An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. | 2024-05-06 | not yet calculated | CVE-2024-33752 [email protected] |
N/A — N/A | Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization. | 2024-05-06 | not yet calculated | CVE-2024-33753 [email protected] |
N/A — N/A | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | 2024-05-07 | not yet calculated | CVE-2024-33780 [email protected] |
N/A — N/A | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | 2024-05-07 | not yet calculated | CVE-2024-33781 [email protected] |
N/A — N/A | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | 2024-05-07 | not yet calculated | CVE-2024-33782 [email protected] |
N/A — N/A | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | 2024-05-07 | not yet calculated | CVE-2024-33783 [email protected] |
N/A — N/A | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. | 2024-05-06 | not yet calculated | CVE-2024-33788 [email protected] |
N/A — N/A | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. | 2024-05-06 | not yet calculated | CVE-2024-33829 [email protected] |
N/A — N/A | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. | 2024-05-06 | not yet calculated | CVE-2024-33830 [email protected] |
N/A — N/A | An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint. | 2024-05-07 | not yet calculated | CVE-2024-33856 [email protected] [email protected] |
N/A — N/A | An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. | 2024-05-07 | not yet calculated | CVE-2024-33857 [email protected] [email protected] |
N/A — N/A | An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory. | 2024-05-07 | not yet calculated | CVE-2024-33858 [email protected] [email protected] |
N/A — N/A | An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn’t being escaped in the “Interesting Field” Web UI, leading to XSS. | 2024-05-07 | not yet calculated | CVE-2024-33859 [email protected] [email protected] |
N/A — N/A | An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. | 2024-05-07 | not yet calculated | CVE-2024-33860 [email protected] [email protected] |
N/A — N/A | An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release. | 2024-05-06 | not yet calculated | CVE-2024-34092 [email protected] [email protected] |
N/A — N/A | libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. | 2024-05-08 | not yet calculated | CVE-2024-34244 [email protected] |
N/A — N/A | wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function “main” in wasm3/platforms/app/main.c. | 2024-05-06 | not yet calculated | CVE-2024-34246 [email protected] |
N/A — N/A | wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function “DeallocateSlot” in wasm3/source/m3_compile.c. | 2024-05-06 | not yet calculated | CVE-2024-34249 [email protected] |
N/A — N/A | A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the “wasm_loader_check_br” function in core/iwasm/interpreter/wasm_loader.c. | 2024-05-06 | not yet calculated | CVE-2024-34250 [email protected] |
N/A — N/A | An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the “block_type_get_arity” function in core/iwasm/interpreter/wasm.h. | 2024-05-06 | not yet calculated | CVE-2024-34251 [email protected] |
N/A — N/A | wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function “PreserveRegisterIfOccupied” in wasm3/source/m3_compile.c. | 2024-05-06 | not yet calculated | CVE-2024-34252 [email protected] |
N/A — N/A | jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function. | 2024-05-08 | not yet calculated | CVE-2024-34255 [email protected] |
N/A — N/A | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. | 2024-05-08 | not yet calculated | CVE-2024-34257 [email protected] |
N/A — N/A | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | 2024-05-07 | not yet calculated | CVE-2024-34314 [email protected] |
N/A — N/A | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | 2024-05-07 | not yet calculated | CVE-2024-34315 [email protected] |
N/A — N/A | An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. | 2024-05-07 | not yet calculated | CVE-2024-34397 [email protected] [email protected] |
N/A — N/A | An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. | 2024-05-06 | not yet calculated | CVE-2024-34470 [email protected] |
N/A — N/A | An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading. | 2024-05-06 | not yet calculated | CVE-2024-34471 [email protected] |
N/A — N/A | An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. | 2024-05-06 | not yet calculated | CVE-2024-34472 [email protected] |
N/A — N/A | The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privileges. | 2024-05-07 | not yet calculated | CVE-2024-34517 [email protected] [email protected] [email protected] |
N/A — N/A | AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-05-07 | not yet calculated | CVE-2024-34523 [email protected] [email protected] |
N/A — N/A | In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. | 2024-05-06 | not yet calculated | CVE-2024-34524 [email protected] [email protected] |
N/A — N/A | FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. | 2024-05-06 | not yet calculated | CVE-2024-34525 [email protected] |
N/A — N/A | spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. | 2024-05-06 | not yet calculated | CVE-2024-34527 [email protected] [email protected] |
N/A — N/A | WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. | 2024-05-06 | not yet calculated | CVE-2024-34528 [email protected] [email protected] |
N/A — N/A | Nebari through 2024.4.1 prints the temporary Keycloak root password. | 2024-05-06 | not yet calculated | CVE-2024-34529 [email protected] [email protected] |
N/A — N/A | A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. | 2024-05-06 | not yet calculated | CVE-2024-34532 [email protected] |
N/A — N/A | A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. | 2024-05-06 | not yet calculated | CVE-2024-34533 [email protected] |
N/A — N/A | A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. | 2024-05-06 | not yet calculated | CVE-2024-34534 [email protected] |
N/A — N/A | Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. | 2024-05-06 | not yet calculated | CVE-2024-34538 [email protected] |
N/A — N/A | On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. | 2024-05-07 | not yet calculated | CVE-2024-4030 [email protected] [email protected] [email protected] [email protected] |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.