High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
---|---|---|---|---|---|
10web–Slider by 10Web Responsive Image Slider |
The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-08-08 | 8.8 | CVE-2024-7150 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
Alien Technology–ALR-F800
|
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-07 | 9.8 | CVE-2024-7580 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Alien Technology–ALR-F800 |
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-07 | 7.3 | CVE-2024-7578 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
AMD–3rd Gen AMD EPYC Processors |
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest’s memory or UMC seed resulting in loss of confidentiality and integrity. | 2024-08-05 | 7.9 | CVE-2024-21980 | psirt@amd.com |
Apache Software Foundation–Apache CloudStack |
CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin. An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure. Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. Additionally, all account-user API and secret keys should be regenerated. | 2024-08-07 | 8.8 | CVE-2024-42062 | security@apache.org security@apache.org security@apache.org |
Apache Software Foundation–Apache OFBiz |
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don’t explicitly check user’s permissions because they rely on the configuration of their endpoints). | 2024-08-05 | 8.1 | CVE-2024-38856 | security@apache.org security@apache.org security@apache.org security@apache.org |
Arm Ltd–Bifrost GPU Kernel Driver |
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0. | 2024-08-05 | 7.8 | CVE-2024-2937 | arm-security@arm.com |
Arm Ltd–Bifrost GPU Kernel Driver |
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0. | 2024-08-05 | 7.8 | CVE-2024-4607 | arm-security@arm.com |
asterisk–asterisk |
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue. | 2024-08-08 | 7.4 | CVE-2024-42365 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
Calibre–Calibre |
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. | 2024-08-06 | 9.8 | CVE-2024-6782 | info@starlabs.sg info@starlabs.sg |
Calibre–Calibre |
Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. | 2024-08-06 | 7.5 | CVE-2024-6781 | info@starlabs.sg info@starlabs.sg |
Canonical Ltd.–wpa_supplicant |
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. | 2024-08-07 | 8.8 | CVE-2024-5290 | security@ubuntu.com security@ubuntu.com |
Cisco–Cisco Small Business IP Phones |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level. | 2024-08-07 | 9.8 | CVE-2024-20450 | ykramarz@cisco.com |
Cisco–Cisco Small Business IP Phones |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level. | 2024-08-07 | 9.8 | CVE-2024-20454 | ykramarz@cisco.com |
Cisco–Cisco Small Business IP Phones |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device. | 2024-08-07 | 7.5 | CVE-2024-20451 | ykramarz@cisco.com |
codename065–MultiPurpose |
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the ‘wpeden_post_meta’ post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-08-08 | 8.8 | CVE-2024-7486 | security@wordfence.com security@wordfence.com |
codename065–News Flash |
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-08-08 | 7.2 | CVE-2024-7560 | security@wordfence.com security@wordfence.com |
crmperks–CRM Perks Forms WordPress Form Builder |
The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the ‘handle_uploaded_files’ function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2024-08-06 | 7.2 | CVE-2024-7484 | security@wordfence.com security@wordfence.com security@wordfence.com |
Delta Electronics–DIAScreen |
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | 2024-08-06 | 7.8 | CVE-2024-7502 | ics-cert@hq.dhs.gov |
ForIP Tecnologia–Administrao PABX |
A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-05 | 7.3 | CVE-2024-7461 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Google–Chrome
|
Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-08-06 | 8.8 | CVE-2024-6988 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-08-06 | 8.8 | CVE-2024-6989 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-08-06 | 8.8 | CVE-2024-6991 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-08-06 | 8.8 | CVE-2024-6994 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-08-06 | 8.8 | CVE-2024-6997 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-08-06 | 8.8 | CVE-2024-6998 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-08-06 | 8.8 | CVE-2024-7000 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome |
Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 2024-08-06 | 8.8 | CVE-2024-7532 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome |
Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-08-06 | 8.8 | CVE-2024-7533 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome |
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-08-06 | 8.8 | CVE-2024-7534 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome |
Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-08-06 | 8.8 | CVE-2024-7535 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome |
Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-08-06 | 8.8 | CVE-2024-7536 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-08-06 | 8.8 | CVE-2024-7550 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
gopiplus–Horizontal scrolling announcements |
The Horizontal scrolling announcements plugin for WordPress is vulnerable to SQL Injection via the plugin’s ‘hsas-shortcode’ shortcode in versions up to, and including, 2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-08-06 | 8.8 | CVE-2023-5000 | security@wordfence.com security@wordfence.com security@wordfence.com |
Halo Service Solutions–HaloITSM |
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. | 2024-08-06 | 9.8 | CVE-2024-6202 | vulnerability@ncsc.ch |
Halo Service Solutions–HaloITSM |
HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. | 2024-08-06 | 8 | CVE-2024-6200 | vulnerability@ncsc.ch |
Halo Service Solutions–HaloITSM |
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim’s account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. | 2024-08-06 | 8.3 | CVE-2024-6203 | vulnerability@ncsc.ch |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | 2024-08-06 | 9.8 | CVE-2024-42394 | security-alert@hpe.com |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | 2024-08-06 | 9.8 | CVE-2024-42395 | security-alert@hpe.com |
Hewlett Packard Enterprise (HPE)–Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | 2024-08-06 | 9.8 | CVE-2024-42393 | security-alert@hpe.com |
Hitachi–Hitachi Tuning Manager |
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. | 2024-08-06 | 8.6 | CVE-2024-5828 | hirt@hitachi.co.jp |
Huawei–HarmonyOS |
Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-08-08 | 9.3 | CVE-2024-42037 | psirt@huawei.com |
Huawei–HarmonyOS |
Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality. | 2024-08-08 | 8.4 | CVE-2024-42035 | psirt@huawei.com |
Huawei–HarmonyOS |
Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | 2024-08-08 | 8.8 | CVE-2024-42038 | psirt@huawei.com |
itsourcecode–Airline Reservation System |
A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been classified as critical. Affected is the function login/login2 of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273624. | 2024-08-06 | 7.3 | CVE-2024-7498 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
itsourcecode–Bike Delivery System |
A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Affected is an unknown function of the file contact_us_action.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273648. | 2024-08-06 | 7.3 | CVE-2024-7505 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Janobe — School Attendance Monitoring System
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘Users in ‘/report/printlogs.php’ parameter. | 2024-08-06 | 9.8 | CVE-2024-33974 | cve-coordination@incibe.es |
Janobe–E-Negosyo System |
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in ‘id’ in ‘/admin/orders/controller.php’ parameter | 2024-08-06 | 9.8 | CVE-2024-33957 | cve-coordination@incibe.es |
Janobe–E-Negosyo System |
SQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in ‘phonenumber’ in ‘/passwordrecover.php’ parameter. | 2024-08-06 | 9.8 | CVE-2024-33958 | cve-coordination@incibe.es |
Janobe–E-Negosyo System |
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via ‘view’ parameter in ‘/admin/products/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33975 | cve-coordination@incibe.es |
Janobe–E-Negosyo System |
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via ‘id’ parameter in ‘/admin/user/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33976 | cve-coordination@incibe.es |
Janobe–E-Negosyo System |
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via ‘view’ parameter in /admin/orders/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33977 | cve-coordination@incibe.es |
Janobe–E-Negosyo System |
Cross-Site Scripting (XSS) vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via ‘category’ parameter in ‘/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33978 | cve-coordination@incibe.es |
Janobe–Janobe PayPal | SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘code’ in ‘/admin/mod_reservation/index.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33962 | cve-coordination@incibe.es |
Janobe–Janobe PayPal |
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘end’ in ‘/admin/mod_reports/printreport.php’ parameter. | 2024-08-06 | 9.8 | CVE-2024-33960 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘categ’ in ‘/admin/mod_reports/printreport.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33959 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘code’ in ‘/admin/mod_reservation/controller.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33961 | cve-coordination@incibe.es |
Janobe–Janobe PayPal |
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘id’ in ‘/admin/mod_room/index.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33963 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘id’ in ‘/admin/mod_users/index.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33964 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘view’ in ‘/tubigangarden/admin/mod_accomodation/index.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33965 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘xtsearch’ in ‘/admin/mod_reports/index.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33966 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘view’ in ‘Attendance’ and ‘YearLevel’ in ‘/AttendanceMonitoring/report/attendance_print.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33967 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘Attendance’ and ‘YearLevel’ in ‘/AttendanceMonitoring/report/index.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33968 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘id’ in ‘/AttendanceMonitoring/department/index.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33969 | cve-coordination@incibe.es |
Janobe–Janobe PayPal |
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘studid’ in ‘/candidate/controller.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33970 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘username’ in ‘/login.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33971 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘events’ in ‘/report/event_print.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33972 | cve-coordination@incibe.es |
Janobe–Janobe PayPal
|
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘Attendance’ and ‘YearLevel’ in ‘/report/attendance_print.php’ parameter. | 2024-08-06 | 7.5 | CVE-2024-33973 | cve-coordination@incibe.es |
Janobe–Janobe PayPal |
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘q’, ‘arrival’, ‘departure’ and ‘accomodation’ parameters in ‘/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33979 | cve-coordination@incibe.es |
Janobe–Janobe PayPal |
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘start’ parameter in ‘/admin/mod_reports/printreport.php’. | 2024-08-06 | 7.1 | CVE-2024-33980 | cve-coordination@incibe.es |
Janobe–Janobe PayPal |
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘start’ parameter in ‘/admin/mod_reports/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33981 | cve-coordination@incibe.es |
Janobe–School Attendance Monitoring System |
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘StudentID’ parameter in ‘/AttendanceMonitoring/student/controller.php’. | 2024-08-06 | 7.1 | CVE-2024-33982 | cve-coordination@incibe.es |
Janobe–School Attendance Monitoring System |
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘Attendance’, ‘attenddate’ and ‘YearLevel’ parameters in ‘/AttendanceMonitoring/report/attendance_print.php’. | 2024-08-06 | 7.1 | CVE-2024-33983 | cve-coordination@incibe.es |
Janobe–School Attendance Monitoring System |
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘Attendance’, ‘attenddate’ and ‘YearLevel’ parameters in ‘/AttendanceMonitoring/report/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33984 | cve-coordination@incibe.es |
Janobe–School Attendance Monitoring System |
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘View’ parameter in ‘/course/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33985 | cve-coordination@incibe.es |
Janobe–School Attendance Monitoring System |
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘View’ parameter in ‘/department/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33986 | cve-coordination@incibe.es |
Janobe–School Attendance Monitoring System |
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘Attendance’, ‘attenddate’, ‘YearLevel’, ‘eventdate’, ‘events’, ‘Users’ and ‘YearLevel’ parameters in ‘/report/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33987 | cve-coordination@incibe.es |
Janobe–School Attendance Monitoring System |
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘Attendance’, ‘attenddate’ and ‘YearLevel’ parameters in ‘/report/attendance_print.php’. | 2024-08-06 | 7.1 | CVE-2024-33988 | cve-coordination@incibe.es |
Janobe–School Event Management System |
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the ‘eventdate’ and ‘events’ parameters in ‘port/event_print.php’. | 2024-08-06 | 7.1 | CVE-2024-33989 | cve-coordination@incibe.es |
Janobe–School Event Management System |
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the ‘id’ and ‘view’ parameters in ‘/user/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33990 | cve-coordination@incibe.es |
Janobe–School Event Management System |
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the ‘view’ parameter in ‘/eventwinner/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33991 | cve-coordination@incibe.es |
Janobe–School Event Management System |
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the ‘view’ parameter in ‘/student/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33992 | cve-coordination@incibe.es |
Janobe–School Event Management System |
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the ‘view’ parameter in /candidate/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33993 | cve-coordination@incibe.es |
Janobe–School Event Management System |
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the ‘view’ parameter in ‘/event/index.php’. | 2024-08-06 | 7.1 | CVE-2024-33994 | cve-coordination@incibe.es |
JetBrains–TeamCity |
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions | 2024-08-06 | 7.5 | CVE-2024-43114 | cve@jetbrains.com |
JFrog–Artifactory |
JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning. | 2024-08-05 | 9.3 | CVE-2024-6915 | reefs@jfrog.com |
Journyx–Journyx (jtime)
|
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. | 2024-08-07 | 8.8 | CVE-2024-6890 | bbf0bd87-ece2-41be-b873-96928ee8fab9 |
Journyx–Journyx (jtime)
|
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. | 2024-08-08 | 8.8 | CVE-2024-6891 | bbf0bd87-ece2-41be-b873-96928ee8fab9 |
Journyx–Journyx (jtime)
|
The “soap_cgi.pyc” API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. | 2024-08-08 | 7.5 | CVE-2024-6893 | bbf0bd87-ece2-41be-b873-96928ee8fab9 |
jupyterhub–jupyterhub |
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users. In effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue. | 2024-08-08 | 7.2 | CVE-2024-41942 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
kaizencoders–Traffic Manager |
The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page’ parameter in the ‘UserWebStat’ AJAX function in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-06 | 7.2 | CVE-2024-7485 | security@wordfence.com security@wordfence.com security@wordfence.com |
KAON Group–AR2140 |
Firmware in KAON AR2140 routers prior to version 4.2.16 is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router. | 2024-08-08 | 7.2 | CVE-2024-3659 | cvd@cert.pl cvd@cert.pl |
mailcow–mailcow-dockerized |
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of the user’s browser. This could lead to unauthorized actions, data theft, or further exploitation of the affected system. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-08-05 | 7.6 | CVE-2024-41959 | security-advisories@github.com security-advisories@github.com |
mainwp–MainWP Child Reports |
The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. | 2024-08-08 | 8.8 | CVE-2024-7492 | security@wordfence.com security@wordfence.com security@wordfence.com |
matrix-org–matrix-react-sdk |
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user’s account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-08-06 | 7.7 | CVE-2024-42347 | security-advisories@github.com security-advisories@github.com |
Microsoft–Dynamics CRM Service Portal Web Resource |
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. | 2024-08-06 | 8.2 | CVE-2024-38166 | secure@microsoft.com |
Microsoft–Microsoft Copilot Studio |
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. | 2024-08-06 | 8.5 | CVE-2024-38206 | secure@microsoft.com |
Microsoft–Windows 10 Version 1809 |
Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available. Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors. Audit File System – Windows 10 | Microsoft Learn Apply a basic audit policy on a file or folder – Windows 10 | Microsoft Learn Audit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations. Audit: Audit the use of Backup and Restore privilege (Windows 10) – Windows 10 | Microsoft Learn Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only. Access Control overview | Microsoft Learn Discretionary Access Control Lists (DACL) Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability. Audit Sensitive Privilege Use – Windows 10 | Microsoft Learn | 2024-08-08 | 7.3 | CVE-2024-38202 | secure@microsoft.com |
MongoDB Inc–MongoDB Server |
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue | 2024-08-07 | 7.3 | CVE-2024-7553 | cna@mongodb.com cna@mongodb.com cna@mongodb.com |
Mozilla–Firefox for iOS |
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. | 2024-08-06 | 9.8 | CVE-2024-43111 | security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | 2024-08-06 | 9.8 | CVE-2024-7521 | security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | 2024-08-06 | 9.1 | CVE-2024-7522 | security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | 2024-08-06 | 9.1 | CVE-2024-7525 | security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | 2024-08-06 | 9.8 | CVE-2024-7528 | security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129. | 2024-08-06 | 9.8 | CVE-2024-7530 | security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | 2024-08-06 | 8.8 | CVE-2024-7519 | security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | 2024-08-06 | 8.8 | CVE-2024-7520 | security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | 2024-08-06 | 8.8 | CVE-2024-7527 | security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | 2024-08-06 | 8.1 | CVE-2024-7529 | security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
Mozilla–Firefox |
ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | 2024-08-06 | 7.5 | CVE-2024-7526 | security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org |
N/A — N/A
|
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 were discovered to contain a shell injection vulnerability via the interface check_config. | 2024-08-06 | 9.8 | CVE-2024-39228 | cve@mitre.org cve@mitre.org |
N/A — N/A
|
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the “username” parameter. | 2024-08-07 | 9.8 | CVE-2024-41237 | cve@mitre.org cve@mitre.org |
N/A — N/A
|
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. | 2024-08-06 | 9.8 | CVE-2024-41616 | cve@mitre.org cve@mitre.org |
N/A — N/A
|
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | 2024-08-07 | 9.8 | CVE-2024-42005 | cve@mitre.org cve@mitre.org cve@mitre.org |
N/A — N/A
|
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. | 2024-08-07 | 7.8 | CVE-2024-41308 | cve@mitre.org |
N/A — N/A
|
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. | 2024-08-07 | 7.8 | CVE-2024-41309 | cve@mitre.org |
N/A — N/A
|
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | 2024-08-07 | 7.5 | CVE-2024-41990 | cve@mitre.org cve@mitre.org cve@mitre.org |
N/A — N/A
|
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | 2024-08-07 | 7.5 | CVE-2024-41991 | cve@mitre.org cve@mitre.org cve@mitre.org |
N/A — N/A
|
Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. | 2024-08-07 | 7.8 | CVE-2024-43199 | cve@mitre.org cve@mitre.org cve@mitre.org |
n/a–DataGear
|
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of special elements used in an expression language statement. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273697 was assigned to this vulnerability. | 2024-08-06 | 8.8 | CVE-2024-7552 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
N/A–N/A
|
SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. | 2024-08-07 | 9.8 | CVE-2024-34479 | cve@mitre.org |
N/A–N/A
|
SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. | 2024-08-07 | 9.8 | CVE-2024-34480 | cve@mitre.org |
N/A–N/A
|
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. | 2024-08-06 | 9.8 | CVE-2024-39225 | cve@mitre.org cve@mitre.org |
N/A–N/A
|
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. | 2024-08-06 | 9.8 | CVE-2024-39226 | cve@mitre.org cve@mitre.org |
N/A–N/A
|
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. | 2024-08-07 | 7.5 | CVE-2024-41989 | cve@mitre.org cve@mitre.org cve@mitre.org |
n/a–n/a |
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. | 2024-08-06 | 9.6 | CVE-2024-28739 | cve@mitre.org |
n/a–n/a |
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024. | 2024-08-06 | 9.1 | CVE-2024-33897 | cve@mitre.org cve@mitre.org cve@mitre.org |
n/a–n/a |
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config. | 2024-08-06 | 9.8 | CVE-2024-39227 | cve@mitre.org cve@mitre.org |
n/a–n/a |
SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php | 2024-08-05 | 9.8 | CVE-2024-40498 | cve@mitre.org |
n/a–n/a |
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote attacker to execute arbitrary code via modification of the X-Forwarded-For header component. | 2024-08-05 | 9.8 | CVE-2024-40530 | cve@mitre.org |
n/a–n/a |
An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version. | 2024-08-06 | 9.1 | CVE-2024-41270 | cve@mitre.org |
n/a–n/a |
An issue in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote attacker to escalate privileges via the user profile management function. | 2024-08-05 | 8.8 | CVE-2024-40531 | cve@mitre.org |
n/a–n/a |
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. | 2024-08-06 | 8.8 | CVE-2024-41226 | cve@mitre.org cve@mitre.org |
n/a–n/a |
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. | 2024-08-05 | 8.8 | CVE-2024-41376 | cve@mitre.org |
n/a–n/a |
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system’s hard disk. | 2024-08-08 | 7.5 | CVE-2023-33206 | cve@mitre.org cve@mitre.org |
n/a–n/a |
PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later, | 2024-08-06 | 7.5 | CVE-2024-30170 | cve@mitre.org cve@mitre.org |
n/a–n/a |
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information. | 2024-08-05 | 7.5 | CVE-2024-42010 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
n/a–n/a |
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. | 2024-08-06 | 7 | CVE-2024-42219 | cve@mitre.org cve@mitre.org |
n/a–PostgreSQL |
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. | 2024-08-08 | 8.8 | CVE-2024-7348 | f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 |
nuxt–icon |
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. The `new URL` constructor is used to parse the final path. This constructor can be passed a relative scheme or path in order to change the host the request is sent to. This constructor is also very tolerant of poorly formatted URLs. As a result we can pass a path prefixed with the string `http:`. This has the effect of changing the scheme to HTTP. We can then subsequently pass a new host, for example `http:127.0.0.1:8080`. This would allow us to send requests to a local server. This issue has been addressed in release version 1.4.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-08-05 | 8.6 | CVE-2024-42352 | security-advisories@github.com |
nuxt–nuxt |
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this vulnerability. In certain configurations an attacker could leak the devtools authentication token and then abuse other RPC functions to achieve RCE. The `getTextAssetContent` function does not check for path traversals, this could allow an attacker to read arbitrary files over the RPC WebSocket. The WebSocket server does not check the origin of the request leading to cross-site-websocket-hijacking. This may be intentional to allow certain configurations to work correctly. Nuxt Devtools authentication tokens are placed within the home directory of the current user. The malicious webpage can connect to the Devtools WebSocket, perform a directory traversal brute force to find the authentication token, then use the *authenticated* `writeStaticAssets` function to create a new Component, Nitro Handler or `app.vue` file which will run automatically as the file is changed. This vulnerability has been addressed in release version 1.3.9. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-08-05 | 8.8 | CVE-2024-23657 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
nuxt–nuxt |
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. Since web pages can send requests to arbitrary addresses, a malicious web page can repeatedly try to exploit this vulnerability, which then triggers the exploit when the test server starts. | 2024-08-05 | 8.8 | CVE-2024-34344 | security-advisories@github.com |
NVIDIA–GPU Display Driver, vGPU Software, Cloud Gaming |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2024-08-08 | 7.8 | CVE-2024-0107 | psirt@nvidia.com |
NVIDIA–Mellanox OS |
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service. | 2024-08-08 | 7.5 | CVE-2024-0101 | psirt@nvidia.com |
NVIDIA–NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson TX1, Jetson Nano series |
NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges. | 2024-08-08 | 8.7 | CVE-2024-0108 | psirt@nvidia.com |
Open WebUI–Open WebUI
|
Attacker controlled files can be uploaded to arbitrary locations on the web server’s filesystem by abusing a path traversal vulnerability. | 2024-08-07 | 8.8 | CVE-2024-6707 | bbf0bd87-ece2-41be-b873-96928ee8fab9 |
Pimax–Pimax Play |
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker. | 2024-08-05 | 8.8 | CVE-2024-41889 | vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
Qualcomm, Inc.–Snapdragon |
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. | 2024-08-05 | 8.4 | CVE-2024-21481 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU. | 2024-08-05 | 8.4 | CVE-2024-23381 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption while processing graphics kernel driver request to create DMA fence. | 2024-08-05 | 8.4 | CVE-2024-23382 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption when kernel driver attempts to trigger hardware fences. | 2024-08-05 | 8.4 | CVE-2024-23383 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. | 2024-08-05 | 8.4 | CVE-2024-23384 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption while processing IOCTL call to set metainfo. | 2024-08-05 | 8.4 | CVE-2024-33021 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption while allocating memory in HGSL driver. | 2024-08-05 | 8.4 | CVE-2024-33022 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. | 2024-08-05 | 8.4 | CVE-2024-33023 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. | 2024-08-05 | 8.4 | CVE-2024-33027 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. | 2024-08-05 | 8.4 | CVE-2024-33028 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time. | 2024-08-05 | 8.4 | CVE-2024-33034 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS during music playback of ALAC content. | 2024-08-05 | 7.5 | CVE-2024-21479 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA. | 2024-08-05 | 7.5 | CVE-2024-23352 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. | 2024-08-05 | 7.5 | CVE-2024-23353 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption when keymaster operation imports a shared key. | 2024-08-05 | 7.8 | CVE-2024-23355 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Memory corruption during session sign renewal request calls in HLOS. | 2024-08-05 | 7.8 | CVE-2024-23356 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing fragments of MBSSID IE from beacon frame. | 2024-08-05 | 7.5 | CVE-2024-33010 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. | 2024-08-05 | 7.5 | CVE-2024-33011 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. | 2024-08-05 | 7.5 | CVE-2024-33012 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. | 2024-08-05 | 7.5 | CVE-2024-33013 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing ESP IE from beacon/probe response frame. | 2024-08-05 | 7.5 | CVE-2024-33014 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. | 2024-08-05 | 7.5 | CVE-2024-33015 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. | 2024-08-05 | 7.5 | CVE-2024-33018 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing the received TID-to-link mapping action frame. | 2024-08-05 | 7.5 | CVE-2024-33019 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while processing TID-to-link mapping IE elements. | 2024-08-05 | 7.5 | CVE-2024-33020 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. | 2024-08-05 | 7.5 | CVE-2024-33024 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | 2024-08-05 | 7.5 | CVE-2024-33025 | product-security@qualcomm.com |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. | 2024-08-05 | 7.5 | CVE-2024-33026 | product-security@qualcomm.com |
Raisecom–MSG1200
|
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273560. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-05 | 9.8 | CVE-2024-7467 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Raisecom–MSG1200
|
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been classified as critical. This affects the function sslvpn_config_mod of the file /vpn/list_service_manage.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273561 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-05 | 9.8 | CVE-2024-7468 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Raisecom-MSG1200
|
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273562 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-05 | 9.8 | CVE-2024-7469 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Raisecom-MSG1200
|
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-05 | 9.8 | CVE-2024-7470 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Red Hat–Red Hat Enterprise Linux 8 |
A flaw was found in libnbd. The client did not always correctly verify the NBD server’s certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic. | 2024-08-05 | 7.4 | CVE-2024-7383 | secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
reputeinfosystems–Appointment Booking Calendar Plugin and Scheduling Plugin BookingPress |
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user’s identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user’s email. This is only exploitable when the ‘Auto login user after successful booking’ setting is enabled. | 2024-08-08 | 9.8 | CVE-2024-7350 | security@wordfence.com security@wordfence.com security@wordfence.com |
Ricoh Company, Ltd.–JavaTM Platform |
Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor. | 2024-08-06 | 7.5 | CVE-2024-41995 | vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
Samsung Mobile — Samsung Notes
|
Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. | 2024-08-07 | 7.8 | CVE-2024-34622 | mobile.security@samsung.com |
Samsung Mobile — Samsung Notes
|
Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. | 2024-08-07 | 7.8 | CVE-2024-34623 | mobile.security@samsung.com |
Samsung Mobile–Samsung Mobile Devices |
Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. | 2024-08-07 | 8.4 | CVE-2024-34620 | mobile.security@samsung.com |
Samsung Mobile–Samsung Mobile Devices |
Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | 2024-08-07 | 7.3 | CVE-2024-34612 | mobile.security@samsung.com |
Samsung Mobile–Samsung Mobile Devices |
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | 2024-08-07 | 7.3 | CVE-2024-34614 | mobile.security@samsung.com |
Samsung Mobile–Samsung Mobile Devices |
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | 2024-08-07 | 7.5 | CVE-2024-34619 | mobile.security@samsung.com |
shahriar0822–The Next |
The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpeden_post_meta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-08-08 | 8.8 | CVE-2024-7561 | security@wordfence.com security@wordfence.com |
shopware–shopware |
Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. | 2024-08-08 | 8.3 | CVE-2024-42355 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
shopware–shopware |
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. The function can be called also from Twig and as the second parameter allows any callable, it’s possible to call from Twig any statically callable PHP function/method. It’s not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. | 2024-08-08 | 8.3 | CVE-2024-42356 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
shopware–shopware |
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. | 2024-08-08 | 7.3 | CVE-2024-42357 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
Tenda–A301
|
A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-07 | 9.8 | CVE-2024-7581 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Tenda–i22 |
A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-07 | 9.8 | CVE-2024-7582 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Tenda–i22
|
A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-07 | 9.8 | CVE-2024-7583 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Tenda–i22 |
A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-07 | 8.8 | CVE-2024-7584 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Tenda–i22 |
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-07 | 8.8 | CVE-2024-7585 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
The Document Foundation–LibreOffice |
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5. | 2024-08-05 | 7.8 | CVE-2024-6472 | security@documentfoundation.org |
thimpress–LearnPress WordPress LMS Plugin |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-08-08 | 8.8 | CVE-2024-7548 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
TOTOLINK–CP450 |
A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-05 | 8.8 | CVE-2024-7465 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
TOTOLINK–CP900 |
A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-05 | 8.8 | CVE-2024-7463 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
TOTOLINK–N350RT |
A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-05 | 8.8 | CVE-2024-7462 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
unitecms–Blox Page Builder |
The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘handleUploadFile’ function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2024-08-06 | 8.8 | CVE-2024-6315 | security@wordfence.com security@wordfence.com |
Unknown–Himer |
The lacks CSRF checks allowing a user to invite any user to any group (including private groups) | 2024-08-05 | 8.1 | CVE-2024-2232 | contact@wpscan.com |
Unknown–Product
|
The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | 2024-08-06 | 8.8 | CVE-2024-6720 | contact@wpscan.com |
Vonets–VAR1200-H |
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled. | 2024-08-08 | 7.5 | CVE-2024-41161 | ics-cert@hq.dhs.gov |
vrcx-team–VRCX |
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC’s API side. Users who use the older version of VRCX must update their installation to continue using VRCX. | 2024-08-08 | 9 | CVE-2024-42366 | security-advisories@github.com security-advisories@github.com |
Webnus–Modern Events Calendar |
The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the ‘mec_fes_form’ AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-08-07 | 8.5 | CVE-2024-6522 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wpbakery–WPBakery Visual Composer |
The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the ‘layout_name’ parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-08-06 | 8.8 | CVE-2024-5709 | security@wordfence.com security@wordfence.com |
Zscaler–Client Connector
|
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. | 2024-08-06 | 9.8 | CVE-2024-23483 | cve@zscaler.com |
Zscaler–Client Connector
|
Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled. | 2024-08-06 | 7.5 | CVE-2024-23456 | cve@zscaler.com |
Zscaler–Client Connector
|
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190. | 2024-08-06 | 7.8 | CVE-2024-23458 | cve@zscaler.com |
Zscaler–Client Connector
|
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2. | 2024-08-06 | 7.8 | CVE-2024-23460 | cve@zscaler.com |
ZTE–ZXV10 XT802 |
There is a permission and access control vulnerability of ZTE’s ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. | 2024-08-08 | 7.1 | CVE-2024-22069 | psirt@zte.com.cn |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
---|---|---|---|---|---|
Alien Technology–ALR-F800 |
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-07 | 6.3 | CVE-2024-7579 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
AMD–3rd Gen AMD EPYC Processors |
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest’s UMC seed potentially allowing reading of memory from a decommissioned guest. | 2024-08-05 | 6 | CVE-2023-31355 | psirt@amd.com |
AMD–3rd Gen AMD EPYC Processors |
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption. | 2024-08-05 | 6 | CVE-2024-21978 | psirt@amd.com |
ameliabooking–Booking for Appointments and Events Calendar Amelia |
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-08-08 | 5.3 | CVE-2024-6552 | security@wordfence.com security@wordfence.com security@wordfence.com |
Avaya–Aura System Manager |
A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | 2024-08-08 | 6.5 | CVE-2024-7477 | securityalerts@avaya.com |
Avaya–Aura System Manager |
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | 2024-08-08 | 4.2 | CVE-2024-7480 | securityalerts@avaya.com |
bradvin–Lightbox & Modal Popup WordPress Plugin FooBox |
The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-08 | 6.4 | CVE-2024-5668 | security@wordfence.com security@wordfence.com |
Calibre–Calibre |
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. | 2024-08-06 | 5.4 | CVE-2024-7008 | info@starlabs.sg info@starlabs.sg |
Calibre–Calibre |
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. | 2024-08-06 | 4.2 | CVE-2024-7009 | info@starlabs.sg info@starlabs.sg |
Cisco–Cisco Adaptive Security Appliance (ASA) Software |
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. | 2024-08-07 | 5.4 | CVE-2024-20443 | ykramarz@cisco.com |
Cisco–Cisco Identity Services Engine Software |
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have Admin privileges on an affected device. | 2024-08-07 | 4.8 | CVE-2024-20479 | ykramarz@cisco.com |
daniyalahmedk–Fuse Social Floating Sidebar |
The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-08 | 6.4 | CVE-2024-5226 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
Dell–Dell Update (DU) |
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | 2024-08-06 | 6.5 | CVE-2024-28962 | security_alert@emc.com |
Dorsett Controls–InfoScan |
Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys. | 2024-08-08 | 5.3 | CVE-2024-39287 | ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
Dorsett Controls–InfoScan |
The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure. | 2024-08-08 | 5.3 | CVE-2024-42408 | ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
Dorsett Controls–InfoScan |
Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login. | 2024-08-08 | 5.3 | CVE-2024-42493 | ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
galdub–Folders Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager |
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-08-06 | 6.4 | CVE-2024-7317 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
GitLab–GitLab |
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking. | 2024-08-08 | 6.5 | CVE-2024-2800 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. | 2024-08-08 | 6.8 | CVE-2024-3035 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files. | 2024-08-08 | 6.5 | CVE-2024-4210 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline. | 2024-08-08 | 6.5 | CVE-2024-5423 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | 2024-08-08 | 5.3 | CVE-2024-3958 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded. | 2024-08-08 | 5.7 | CVE-2024-6329 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server. | 2024-08-08 | 4.3 | CVE-2024-3114 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. | 2024-08-08 | 4.4 | CVE-2024-4207 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy. | 2024-08-08 | 4.2 | CVE-2024-4784 | cve@gitlab.com cve@gitlab.com |
GitLab–GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner. | 2024-08-08 | 4.9 | CVE-2024-7554 | cve@gitlab.com |
GitLab–GitLab |
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch. | 2024-08-08 | 4.3 | CVE-2024-7610 | cve@gitlab.com |
Google–Chrome
|
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 2024-08-06 | 4.7 | CVE-2024-6995 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2024-08-06 | 4.3 | CVE-2024-6999 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2024-08-06 | 4.3 | CVE-2024-7001 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | 2024-08-06 | 4.3 | CVE-2024-7004 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google–Chrome
|
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | 2024-08-06 | 4.3 | CVE-2024-7005 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Google-Chrome
|
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 2024-08-06 | 4.3 | CVE-2024-7003 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
Halo Service Solutions–HaloITSM |
HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. | 2024-08-06 | 5.3 | CVE-2024-6201 | vulnerability@ncsc.ch |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | 2024-08-06 | 5.3 | CVE-2024-42396 | security-alert@hpe.com |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | 2024-08-06 | 5.3 | CVE-2024-42397 | security-alert@hpe.com |
Hewlett Packard Enterprise–HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | 2024-08-06 | 5.3 | CVE-2024-42398 | security-alert@hpe.com |
Hewlett Packard Enterprise–HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | 2024-08-06 | 5.3 | CVE-2024-42399 | security-alert@hpe.com |
Hewlett Packard Enterprise–HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 |
Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | 2024-08-06 | 5.3 | CVE-2024-42400 | security-alert@hpe.com |
Hitachi–Hitachi Device Manager |
Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00. | 2024-08-06 | 6.7 | CVE-2024-5963 | hirt@hitachi.co.jp |
Huawei–HarmonyOS |
Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-08-08 | 6.2 | CVE-2024-42030 | psirt@huawei.com |
Huawei–HarmonyOS |
Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2024-08-08 | 6.9 | CVE-2024-42033 | psirt@huawei.com |
Huawei–HarmonyOS |
LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-08-08 | 6.6 | CVE-2024-42034 | psirt@huawei.com |
Huawei–HarmonyOS |
Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability | 2024-08-08 | 4 | CVE-2023-7265 | psirt@huawei.com |
Huawei–HarmonyOS |
Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-08-08 | 4.4 | CVE-2024-42032 | psirt@huawei.com |
IBM–InfoSphere Information Server |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 | 2024-08-06 | 4.3 | CVE-2024-39751 | psirt@us.ibm.com psirt@us.ibm.com |
itsourcecode–Airline Reservation System |
A vulnerability has been found in itsourcecode Airline Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273622 is the identifier assigned to this vulnerability. | 2024-08-06 | 6.3 | CVE-2024-7496 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
itsourcecode–Airline Reservation System |
A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273623. | 2024-08-06 | 6.3 | CVE-2024-7497 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
itsourcecode–Airline Reservation System |
A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file flights.php. The manipulation of the argument departure_airport_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273625 was assigned to this vulnerability. | 2024-08-06 | 6.3 | CVE-2024-7499 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
itsourcecode–Airline Reservation System |
A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273626 is the identifier assigned to this vulnerability. | 2024-08-06 | 6.3 | CVE-2024-7500 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
itsourcecode–Laravel Accounting System |
A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. This affects an unknown part of the file app/Http/Controllers/HomeController.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273621 was assigned to this vulnerability. | 2024-08-06 | 6.3 | CVE-2024-7495 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
itsourcecode–Tailoring Management System |
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability. | 2024-08-06 | 6.3 | CVE-2024-7506 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Journyx–Journyx (jtime) |
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application. | 2024-08-08 | 6.1 | CVE-2024-6892 | bbf0bd87-ece2-41be-b873-96928ee8fab9 |
kubean-io–kubean |
Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has `*` verbs of `*` resources. If a malicious user can access the worker node which has kubean’s deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been addressed in release version 0.18.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-08-05 | 6 | CVE-2024-41820 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
leap13–Premium Addons for Elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘check_temp_validity’ and ‘update_template_title’ functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles. | 2024-08-08 | 4.3 | CVE-2024-6824 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE blk_queue_max_segment_size() ensured: if (max_size < PAGE_SIZE) max_size = PAGE_SIZE; whereas: blk_validate_limits() makes it an error: if (WARN_ON_ONCE(lim->max_segment_size < PAGE_SIZE)) return -EINVAL; The change from one to the other, exposed sdhci which was setting maximum segment size too low in some circumstances. Fix the maximum segment size when it is too low. | 2024-08-07 | 5.5 | CVE-2024-42242 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn’t be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs — __close_session() doesn’t mess with the delayed work in order to avoid interfering with the hunting interval logic. This part was missed in commit b5d91704f53e (“libceph: behave in mon_fault() if cur_mon < 0”) and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: – clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() – bail from delayed_work() if monc->cur_mon is cleared, similar to how it’s done in mon_fault() and finish_hunting() (based on monc->hunting) – call cancel_delayed_work_sync() after the session is closed | 2024-08-07 | 5.5 | CVE-2024-42232 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux
|
In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I’ve been seeing elusive “Bad page state”s (often on flags when freeing, yet the flags shown are not bad: PG_locked had been set and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s from deferred_split_scan()’s folio_put(), and a variety of other BUG and WARN symptoms implying double free by deferred split and large folio migration. 6.7 commit 9bcef5973e31 (“mm: memcg: fix split queue list crash when large folio migration”) was right to fix the memcg-dependent locking broken in 85ce2c517ade (“memcontrol: only transfer the memcg data for migration”), but missed a subtlety of deferred_split_scan(): it moves folios to its own local list to work on them without split_queue_lock, during which time folio->_deferred_list is not empty, but even the “right” lock does nothing to secure the folio and the list it is on. Fortunately, deferred_split_scan() is careful to use folio_try_get(): so folio_migrate_mapping() can avoid the race by folio_undo_large_rmappable() while the old folio’s reference count is temporarily frozen to 0 – adding such a freeze in the !mapping case too (originally, folio lock and unmapping and no swap cache left an anon folio unreachable, so no freezing was needed there: but the deferred split queue offers a way to reach it). | 2024-08-07 | 5.5 | CVE-2024-42234 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux
|
In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() crst_table_free() used to work with NULL pointers before the conversion to ptdescs. Since crst_table_free() can be called with a NULL pointer (error handling in crst_table_upgrade() add an explicit check. Also add the same check to base_crst_free() for consistency reasons. In real life this should not happen, since order two GFP_KERNEL allocations will not fail, unless FAIL_PAGE_ALLOC is enabled and used. | 2024-08-07 | 5.5 | CVE-2024-42235 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux
|
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string ‘s’ could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 – 1] == ‘n’) followed closely by an OOB write in the form `str[0 – 1] = ‘ |