Vulnerability Summary for the Week of October 7, 2024

Posted by:

|

On:

|

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47410 psirt@adobe.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47411 psirt@adobe.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47412 psirt@adobe.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47413 psirt@adobe.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47414 psirt@adobe.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47415 psirt@adobe.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47416 psirt@adobe.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47417 psirt@adobe.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47418 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. 2024-10-10 9.8 CVE-2024-45115 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim’s browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction. 2024-10-10 8.1 CVE-2024-45116 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed. 2024-10-10 7.6 CVE-2024-45117 psirt@adobe.com
 
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47421 psirt@adobe.com
 
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction. 2024-10-09 7.8 CVE-2024-47422 psirt@adobe.com
 
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which can be automatically processed or executed by the system. Exploitation of this issue requires user interaction. 2024-10-09 7.8 CVE-2024-47423 psirt@adobe.com
 
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47424 psirt@adobe.com
 
Adobe–Adobe Framemaker
 
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-47425 psirt@adobe.com
 
Adobe–Dimension
 
Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45146 psirt@adobe.com
 
Adobe–Dimension
 
Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45150 psirt@adobe.com
 
Adobe–InCopy
 
InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue requires user interaction. 2024-10-09 7.8 CVE-2024-45136 psirt@adobe.com
 
Adobe–InDesign Desktop
 
InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction. 2024-10-09 7.8 CVE-2024-45137 psirt@adobe.com
 
Adobe–Substance3D – Stager
 
Substance3D – Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45138 psirt@adobe.com
 
Adobe–Substance3D – Stager
 
Substance3D – Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45139 psirt@adobe.com
 
Adobe–Substance3D – Stager
 
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45140 psirt@adobe.com
 
Adobe–Substance3D – Stager
 
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45141 psirt@adobe.com
 
Adobe–Substance3D – Stager
 
Substance3D – Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45142 psirt@adobe.com
 
Adobe–Substance3D – Stager
 
Substance3D – Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45143 psirt@adobe.com
 
Adobe–Substance3D – Stager
 
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45144 psirt@adobe.com
 
Adobe–Substance3D – Stager
 
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 7.8 CVE-2024-45152 psirt@adobe.com
 
afthemes–WP Post Author Boost Your Blog’s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder
 
The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-10-12 7.2 CVE-2024-8757 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Apache Software Foundation–Apache Subversion
 
On Windows platforms, a “best fit” character encoding conversion of command line arguments to Subversion’s executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms. 2024-10-09 8.2 CVE-2024-45720 security@apache.org
 
Apache Software Foundation–Apache XML Graphics FOP
 
Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue. 2024-10-09 7.5 CVE-2024-28168 security@apache.org
 
ataurr–GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor
 
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins. 2024-10-11 9.8 CVE-2024-9234 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Bit Form–Bit Form Contact Form Plugin
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11. 2024-10-07 7.6 CVE-2024-47335 audit@patchstack.com
 
btcsuite–btcd
 
btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core’s “FindAndDelete()” functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn’t return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a “standard” Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = “<data> <data||foo>”` and `dataToRemove = “data”` btcd will remove both data pushes but Bitcoin Core’s `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue. 2024-10-11 7.4 CVE-2024-38365 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Cacti–cacti
 
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue. 2024-10-07 7.3 CVE-2024-43362 security-advisories@github.com
 
Cacti–cacti
 
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 7.2 CVE-2024-43363 security-advisories@github.com
 
Canonical Ltd.–Authd
 
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user’s ID and gain their privileges. 2024-10-10 7.5 CVE-2024-9312 security@ubuntu.com
security@ubuntu.com
 
checkmk — checkmk
 
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data 2024-10-10 7.5 CVE-2024-6747 security@checkmk.com
 
code-projects–Blood Bank System
 
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file register.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 7.3 CVE-2024-9797 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Crud Operation System
 
A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 7.3 CVE-2024-9812 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Restaurant Reservation System
 
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 7.3 CVE-2024-9811 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Codezips–Pharmacy Management System
 
A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 7.3 CVE-2024-9813 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Codezips–Pharmacy Management System
 
A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. Affected is an unknown function of the file product/update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 7.3 CVE-2024-9814 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
cure53–DOMPurify
 
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. 2024-10-11 10 CVE-2024-47875 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
D-Link–DIR-619L B1
 
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 8.8 CVE-2024-9782 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 8.8 CVE-2024-9783 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 8.8 CVE-2024-9784 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 8.8 CVE-2024-9785 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 8.8 CVE-2024-9786 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 8.8 CVE-2024-9909 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 8.8 CVE-2024-9910 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 8.8 CVE-2024-9911 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 8.8 CVE-2024-9912 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 8.8 CVE-2024-9913 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 8.8 CVE-2024-9914 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DIR-619L B1
 
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 8.8 CVE-2024-9915 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
discourse–discourse
 
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 8.2 CVE-2024-45051 security-advisories@github.com
 
discourse–discourse
 
Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value. 2024-10-08 8.2 CVE-2024-47773 security-advisories@github.com
 
discourse–discourse
 
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 7.5 CVE-2024-43789 security-advisories@github.com
 
dlink — dir-605l_firmware
 
A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-07 8.8 CVE-2024-9563 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
dlink — dir-605l_firmware
 
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-07 8.8 CVE-2024-9564 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
dlink — dir-605l_firmware
 
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-07 8.8 CVE-2024-9565 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
dlink — dir-619l_firmware
 
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-07 8.8 CVE-2024-9566 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
dlink — dir-619l_firmware
 
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-07 8.8 CVE-2024-9567 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
dlink — dir-619l_firmware
 
A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-07 8.8 CVE-2024-9568 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
dlink — dir-619l_firmware
 
A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-07 8.8 CVE-2024-9569 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
dlink — dir-619l_firmware
 
A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-07 8.8 CVE-2024-9570 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Elie Burstein, Baptiste Gourdin–Talkback
 
Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback allows Object Injection.This issue affects Talkback: from n/a through 1.0. 2024-10-11 9.8 CVE-2024-48033 audit@patchstack.com
 
Eyecix–JobSearch
 
Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9. 2024-10-10 9.8 CVE-2024-47636 audit@patchstack.com
 
Fortinet–FortiAnalyzer
 
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. 2024-10-08 7.2 CVE-2024-45330 psirt@fortinet.com
 
GitLab–GitLab
 
An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. 2024-10-11 9.6 CVE-2024-9164 cve@gitlab.com
cve@gitlab.com
 
GitLab–GitLab
 
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. 2024-10-11 8.2 CVE-2024-8970 cve@gitlab.com
cve@gitlab.com
 
GitLab–GitLab
 
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks. 2024-10-10 8.2 CVE-2024-8977 cve@gitlab.com
cve@gitlab.com
 
GitLab–GitLab
 
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances. 2024-10-10 7.3 CVE-2024-6530 cve@gitlab.com
cve@gitlab.com
 
Google–Chrome
 
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) 2024-10-08 8.8 CVE-2024-9602 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
Google–Chrome
 
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-10-08 8.8 CVE-2024-9603 chrome-cve-admin@google.com
chrome-cve-admin@google.com
 
guruteam–Bot for Telegram on WooCommerce
 
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the ‘stm_wpcfto_get_settings’ AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature. 2024-10-12 8.8 CVE-2024-9821 security@wordfence.com
security@wordfence.com
 
h2o–picotls
 
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d. 2024-10-11 8.6 CVE-2024-45402 security-advisories@github.com
security-advisories@github.com
 
h2o–quicly
 
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c. 2024-10-11 7.5 CVE-2024-45396 security-advisories@github.com
security-advisories@github.com
 
happyplugins–Shortcodes AnyWhere
 
The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. 2024-10-10 7.3 CVE-2024-9581 security@wordfence.com
security@wordfence.com
 
HashiCorp–Vault
 
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. 2024-10-10 7.2 CVE-2024-9180 security@hashicorp.com
 
HP, Inc.–HP Hotkey Support
 
A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. 2024-10-07 8.8 CVE-2024-27458 hp-security-alert@hp.com
 
HuangDou–UTCMS
 
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-13 7.3 CVE-2024-9916 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
inventree–InvenTree
 
InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addressed as follows: 1. HTML sanitization has been enabled in the front-end markdown rendering library – `easymde`. 2. Stored markdown is also validated on the backend, to ensure that malicious markdown is not stored in the database. These changes are available in release versions 0.16.5 and later. All users are advised to upgrade. There are no workarounds, an update is required to get the new validation functions. 2024-10-07 7.3 CVE-2024-47610 security-advisories@github.com
security-advisories@github.com
 
ivanti — endpoint_manager_cloud_services_appliance
 
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. 2024-10-08 7.2 CVE-2024-9379 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
ivanti — endpoint_manager_cloud_services_appliance
 
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. 2024-10-08 7.2 CVE-2024-9380 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
Ivanti–Avalanche
 
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. 2024-10-08 7.5 CVE-2024-47007 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
Ivanti–Avalanche
 
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. 2024-10-08 7.5 CVE-2024-47008 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
Ivanti–Avalanche
 
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. 2024-10-08 7.3 CVE-2024-47009 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
Ivanti–Avalanche
 
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. 2024-10-08 7.3 CVE-2024-47010 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
Ivanti–Avalanche
 
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information 2024-10-08 7.5 CVE-2024-47011 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
Ivanti–CSA (Cloud Services Appliance)
 
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. 2024-10-08 7.2 CVE-2024-9381 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
Ivanti–Endpoint Manager Mobile
 
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to access or modify sensitive configuration files without proper authorization. 2024-10-08 8.8 CVE-2024-7612 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
Ivanti–Velocity License Server
 
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. 2024-10-08 7 CVE-2024-9167 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups 2024-10-08 7.5 CVE-2024-47948 cve@jetbrains.com
 
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location 2024-10-08 7.5 CVE-2024-47949 cve@jetbrains.com
 
Juniper Networks–Junos OS
 
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. In some cases, rpd fails to restart requiring a manual restart via the ‘restart routing’ CLI command. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS:  * All versions before 21.4R3-S8,  * 22.2 before 22.2R3-S5,  * 22.3 before 22.3R3-S4,  * 22.4 before 22.4R3-S3,  * 23.2 before 23.2R2-S2,  * 23.4 before 23.4R2;  Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * 22.2-EVO before 22.2R3-S5-EVO,  * 22.3-EVO before 22.3R3-S4-EVO,  * 22.4-EVO before 22.4R3-S3-EVO,  * 23.2-EVO before 23.2R2-S2-EVO,  * 23.4-EVO before 23.4R2-EVO. 2024-10-09 7.5 CVE-2024-39515 sirt@juniper.net
sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP with any address family configured. This issue affects: Junos OS:  * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5,  * 22.3 before 22.3R3-S4,  * 22.4 before 22.4R3-S3,  * 23.2 before 23.2R2-S2,  * 23.4 before 23.4R2;  Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * 22.2-EVO before 22.2R3-S5-EVO,  * 22.3-EVO before 22.3R3-S4-EVO,  * 22.4-EVO before 22.4R3-S3-EVO,  * 23.2-EVO before 23.2R2-S2-EVO,  * 23.4-EVO before 23.4R2-EVO. 2024-10-09 7.5 CVE-2024-39516 sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established.  Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8,  * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R2;  Junos OS Evolved:  * All versions before 21.2R3-S8-EVO,  * from 21.4-EVO before 21.4R3-S8-EVO,  * from 22.2-EVO before 22.2R3-S4-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO,  * from 23.2-EVO before 23.2R2-S1-EVO,  * from 23.4-EVO before 23.4R2-EVO. 2024-10-09 7.5 CVE-2024-39525 sirt@juniper.net
sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS). If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process. While not explicitly required, the impact is more severe when RIB sharding is enabled. Task accounting shows unexpected reads by the RPD Server jobs for shards: user@junos> show task accounting detail … read:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888 read:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888 read:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888 read:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888 This issue affects: Junos OS with cRPD:  * All versions before 21.2R3-S8,  * 21.4 before 21.4R3-S7,  * 22.1 before 22.1R3-S6,  * 22.2 before 22.2R3-S4,  * 22.3 before 22.3R3-S3,  * 22.4 before 22.4R3-S2,  * 23.2 before 23.2R2-S2,  * 24.2 before 24.2R2;  Junos OS Evolved with cRPD:  * All versions before 21.4R3-S7-EVO,  * 22.2 before 22.2R3-S4-EVO,  * 22.3 before 22.3R3-S3-EVO,  * 22.4 before 22.4R3-S2-EVO,  * 23.2 before 23.2R2-EVO. 2024-10-11 7.5 CVE-2024-39547 sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. Continuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects: ?Juniper Networks Junos OS:  * All versions before 21.4R3-S8,  * from 22.2 before 22.2R3-S4,  * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2. ?Juniper Networks Junos OS Evolved:  * All versions before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO. 2024-10-11 7.5 CVE-2024-47491 sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart. The following command can be used to monitor the resource usage: user@host> show system processes extensive | match mgd | count This issue affects Junos OS on SRX Series and EX Series: All versions before 21.4R3-S7, from 22.2 before 22.2R3-S4, from 22.3 before 22.3R3-S3, from 22.4 before 22.4R3-S2, from 23.2 before 23.2R2-S1, from 23.4 before 23.4R1-S2, 23.4R2. 2024-10-11 7.5 CVE-2024-47497 sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).  In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart. This issue affects: Junos OS:  * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4 versions before 21.4R3-S8-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R3-S2-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO. 2024-10-11 7.5 CVE-2024-47499 sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart. This issue affects Junos OS: * 22.1 releases 22.1R1 and later before 22.2R3-S5, * 22.3 releases before 22.3R3-S4, * 22.4 releases before 22.4R3-S4, * 23.2 releases before 23.2R2-S2, * 23.4 releases before 23.4R2-S1, * 24.2 releases before 24.2R1-S1, 24.2R2. Please note that the PR does indicate that earlier versions have been fixed as well, but these won’t be adversely impacted by this. 2024-10-11 7.5 CVE-2024-47504 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.  This issue affects Junos OS Evolved ACX 7000 Series:  * All versions before 21.4R3-S9-EVO, * 22.2-EVO before 22.2R3-S4-EVO,  * 22.3-EVO before 22.3R3-S3-EVO,  * 22.4-EVO before 22.4R3-S2-EVO,  * 23.2-EVO before 23.2R2-EVO,  * 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO. 2024-10-11 8.2 CVE-2024-47490 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established. A continuously increasing number of connections shown by: user@host > show system connections is indicative of the problem. To recover the respective RE needs to be restarted manually. This issue only affects IPv4 but does not affect IPv6. This issue only affects TCP sessions established in-band (over an interface on an FPC) but not out-of-band (over the management ethernet port on the routing-engine). This issue affects Junos OS Evolved:  * All versions before 21.4R3-S9-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 version before 22.4R3-S3-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R2-EVO. 2024-10-11 7.5 CVE-2024-47502 sirt@juniper.net
 
Juniper Networks–Junos Space
 
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance. This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability. 2024-10-11 7.3 CVE-2024-39563 sirt@juniper.net
 
lagunaisw–WP Users Masquerade
 
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the ‘ajax_masq_login’ function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. 2024-10-10 8.8 CVE-2024-9522 security@wordfence.com
security@wordfence.com
 
latepoint–LatePoint Plugin
 
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note that changing a WordPress user’s password is only possible if the “Use WordPress users as customers” setting is enabled, which is disabled by default. Without this setting enabled, only the passwords of plugin customers, which are stored and managed in a separate database table, can be modified. 2024-10-08 9.8 CVE-2024-8911 security@wordfence.com
security@wordfence.com
 
latepoint–LatePoint Plugin
 
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the “Use WordPress users as customers” setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13. 2024-10-08 9.8 CVE-2024-8943 security@wordfence.com
security@wordfence.com
 
Lenovo–App Store
 
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-4130 psirt@lenovo.com
 
Lenovo–Baiying
 
A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-33579 psirt@lenovo.com
 
Lenovo–Emulator
 
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-4131 psirt@lenovo.com
 
Lenovo–Leyun
 
A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-33578 psirt@lenovo.com
 
Lenovo–Lock Screen
 
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-4132 psirt@lenovo.com
 
Lenovo–PC Manager AI intelligent scenario
 
A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-33581 psirt@lenovo.com
 
Lenovo–Personal Cloud
 
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-33580 psirt@lenovo.com
 
Lenovo–Service Framework
 
A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-33582 psirt@lenovo.com
 
Lenovo–stARstudio
 
A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-9046 psirt@lenovo.com
 
Lenovo–SuperFile
 
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. 2024-10-11 7.8 CVE-2024-4089 psirt@lenovo.com
 
libarchive — libarchive
 
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. 2024-10-10 7.8 CVE-2024-48957 cve@mitre.org
cve@mitre.org
 
libarchive — libarchive
 
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. 2024-10-10 7.8 CVE-2024-48958 cve@mitre.org
cve@mitre.org
 
Linux Workbooth–Linux Workbooth
 
Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script. 2024-10-07 7 CVE-2024-9576 cve-coordination@incibe.es
 
makeplane–plane
 
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0. 2024-10-11 9.3 CVE-2024-47830 security-advisories@github.com
security-advisories@github.com
 
mecha-cms — mecha
 
Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover. 2024-10-07 9.8 CVE-2024-46446 cve@mitre.org
cve@mitre.org
 
MediaTek, Inc.–MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797
 
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535. 2024-10-07 7.5 CVE-2024-20094 security@mediatek.com
 
MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7927, MT8183, MT8365, MT8512, MT8676, MT8678, MT8695, MT8698, MT8755, MT8775, MT8792, MT8796
 
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603. 2024-10-07 9.8 CVE-2024-20100 security@mediatek.com
 
MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7927, MT8183, MT8512, MT8676, MT8678, MT8695, MT8698, MT8755, MT8775, MT8792, MT8796
 
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602. 2024-10-07 9.8 CVE-2024-20101 security@mediatek.com
 
MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7927, MT8183, MT8512, MT8678, MT8695, MT8698, MT8796, MT8893
 
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599. 2024-10-07 9.8 CVE-2024-20103 security@mediatek.com
 
MediaTek, Inc.–MT6761, MT6765, MT6768, MT6779, MT6785, MT6853, MT6873, MT6885, MT8385, MT8666, MT8667, MT8766, MT8768, MT8781, MT8788, MT8789
 
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700. 2024-10-07 7.8 CVE-2024-20092 security@mediatek.com
 
microsoft — windows_10_1809
 
Microsoft Management Console Remote Code Execution Vulnerability 2024-10-08 7.8 CVE-2024-43572 secure@microsoft.com
 
microsoft — windows_10_22h2
 
Windows MSHTML Platform Spoofing Vulnerability 2024-10-08 8.1 CVE-2024-43573 secure@microsoft.com
 
Microsoft–Azure CLI
 
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability 2024-10-08 8.7 CVE-2024-43591 secure@microsoft.com
 
Microsoft–Azure Monitor
 
Azure Monitor Agent Elevation of Privilege Vulnerability 2024-10-08 7.1 CVE-2024-38097 secure@microsoft.com
 
Microsoft–Azure Stack HCI
 
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability 2024-10-08 8.8 CVE-2024-38179 secure@microsoft.com
 
Microsoft–DeepSpeed
 
DeepSpeed Remote Code Execution Vulnerability 2024-10-08 8.4 CVE-2024-43497 secure@microsoft.com
 
Microsoft–Microsoft 365 Apps for Enterprise
 
Microsoft Office Remote Code Execution Vulnerability 2024-10-08 7.8 CVE-2024-43576 secure@microsoft.com
 
Microsoft–Microsoft Configuration Manager
 
Microsoft Configuration Manager Remote Code Execution Vulnerability 2024-10-08 9.8 CVE-2024-43468 secure@microsoft.com
 
Microsoft–Microsoft Copilot Studio
 
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector 2024-10-09 7.4 CVE-2024-43610 secure@microsoft.com
 
Microsoft–Microsoft Office 2019
 
Microsoft Office Visio Remote Code Execution Vulnerability 2024-10-08 7.8 CVE-2024-43505 secure@microsoft.com
 
Microsoft–Microsoft Office 2019
 
Microsoft Office Remote Code Execution Vulnerability 2024-10-08 7.8 CVE-2024-43616 secure@microsoft.com
 
Microsoft–Microsoft Office LTSC 2024
 
Microsoft Excel Remote Code Execution Vulnerability 2024-10-08 7.8 CVE-2024-43504 secure@microsoft.com
 
Microsoft–Microsoft SharePoint Enterprise Server 2016
 
Microsoft SharePoint Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43503 secure@microsoft.com
 
Microsoft–Microsoft Visual Studio 2022 version 17.6
 
.NET and Visual Studio Remote Code Execution Vulnerability 2024-10-08 8.1 CVE-2024-38229 secure@microsoft.com
 
Microsoft–Microsoft Visual Studio 2022 version 17.6
 
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43483 secure@microsoft.com
 
Microsoft–Microsoft Visual Studio 2022 version 17.6
 
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43484 secure@microsoft.com
 
Microsoft–Microsoft Visual Studio 2022 version 17.6
 
.NET and Visual Studio Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43485 secure@microsoft.com
 
Microsoft–Remote Desktop client for Windows Desktop
 
Remote Desktop Client Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43533 secure@microsoft.com
 
Microsoft–Visual C++ Redistributable Installer
 
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43590 secure@microsoft.com
 
Microsoft–Visual Studio Code
 
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. 2024-10-08 8.8 CVE-2024-43488 secure@microsoft.com
 
Microsoft–Visual Studio Code
 
Visual Studio Code for Linux Remote Code Execution Vulnerability 2024-10-08 7.1 CVE-2024-43601 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Hyper-V Remote Code Execution Vulnerability 2024-10-08 8 CVE-2024-30092 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43517 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Telephony Server Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43518 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43519 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Remote Registry Service Elevation of Privilege Vulnerability 2024-10-08 8.8 CVE-2024-43532 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Remote Desktop Protocol Server Remote Code Execution Vulnerability 2024-10-08 8.1 CVE-2024-43582 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Remote Desktop Client Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43599 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Hyper-V Security Feature Bypass Vulnerability 2024-10-08 7.1 CVE-2024-20659 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
BranchCache Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-38149 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43501 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Kernel Elevation of Privilege Vulnerability 2024-10-08 7.1 CVE-2024-43502 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
BranchCache Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43506 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Graphics Component Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43509 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Kernel Elevation of Privilege Vulnerability 2024-10-08 7 CVE-2024-43511 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43515 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Secure Kernel Mode Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43516 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Secure Kernel Mode Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43528 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Secure Channel Spoofing Vulnerability 2024-10-08 7.4 CVE-2024-43550 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Storage Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43551 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
NT OS Kernel Elevation of Privilege Vulnerability 2024-10-08 7.4 CVE-2024-43553 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Graphics Component Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43556 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43560 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Network Address Translation (NAT) Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43562 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43563 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Network Address Translation (NAT) Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43565 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability 2024-10-08 7.1 CVE-2024-43581 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Winlogon Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43583 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability 2024-10-08 7.1 CVE-2024-43615 secure@microsoft.com
 
Microsoft–Windows 11 version 22H2
 
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability 2024-10-08 7 CVE-2024-43522 secure@microsoft.com
 
Microsoft–Windows 11 version 22H2
 
Windows Shell Remote Code Execution Vulnerability 2024-10-08 7.3 CVE-2024-43552 secure@microsoft.com
 
Microsoft–Windows 11 Version 24H2
 
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43514 secure@microsoft.com
 
Microsoft–Windows 11 Version 24H2
 
Windows Kernel Elevation of Privilege Vulnerability 2024-10-08 7.8 CVE-2024-43527 secure@microsoft.com
 
Microsoft–Windows 11 Version 24H2
 
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability 2024-10-08 7 CVE-2024-43535 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Netlogon Elevation of Privilege Vulnerability 2024-10-08 9 CVE-2024-38124 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-38212 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-38265 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43453 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43549 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43564 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43589 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43592 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43593 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43607 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43608 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 8.8 CVE-2024-43611 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 2024-10-08 7.8 CVE-2024-38261 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 2024-10-08 7.5 CVE-2024-38262 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Hyper-V Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43521 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43541 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43544 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43545 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Hyper-V Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43567 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Hyper-V Denial of Service Vulnerability 2024-10-08 7.5 CVE-2024-43575 secure@microsoft.com
 
Microsoft–Windows Server 2022
 
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability 2024-10-08 8.3 CVE-2024-43574 secure@microsoft.com
 
Microsoft–Windows Server 2022
 
Windows Print Spooler Elevation of Privilege Vulnerability 2024-10-08 7.3 CVE-2024-43529 secure@microsoft.com
 
Microsoft–Windows Server 2022
 
Windows Scripting Engine Security Feature Bypass Vulnerability 2024-10-08 7.7 CVE-2024-43584 secure@microsoft.com
 
Microsoft–Windows Server 2022, 23H2 Edition (Server Core installation)
 
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability 2024-10-08 7.5 CVE-2024-38029 secure@microsoft.com
 
Microsoft–Windows Server 2022, 23H2 Edition (Server Core installation)
 
Windows Kerberos Elevation of Privilege Vulnerability 2024-10-08 7.5 CVE-2024-38129 secure@microsoft.com
 
miraheze–WikiDiscover
 
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`. 2024-10-07 7.6 CVE-2024-47782 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Mozilla–Firefox
 
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. 2024-10-09 9.8 CVE-2024-9680 security@mozilla.org
security@mozilla.org
security@mozilla.org
 
n/a–ggit
 
All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API. 2024-10-08 7.3 CVE-2024-21532 report@snyk.io
report@snyk.io
 
n/a–jsonpath-plus
 
Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** The unsafe behavior is still available after applying the fix but it is not turned on by default. 2024-10-11 9.8 CVE-2024-21534 report@snyk.io
report@snyk.io
 
n/a–n/a
 
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks ‘’ termination of the path for CGI scripts because strncpy is misused. 2024-10-09 9.1 CVE-2023-46586 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password. 2024-10-09 9.8 CVE-2024-25825 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB. 2024-10-08 9.8 CVE-2024-44349 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). 2024-10-09 9.1 CVE-2024-45160 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length field. After a PSA call, the length of the output arguments behind the unchecked pointer is updated in mailbox_direct_reply, regardless of the call result. This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE). 2024-10-09 9.8 CVE-2024-45746 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. 2024-10-07 9.8 CVE-2024-45873 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. 2024-10-07 9.8 CVE-2024-45874 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. 2024-10-07 9.8 CVE-2024-46076 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. 2024-10-11 9.8 CVE-2024-46088 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with ${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior. 2024-10-09 8.4 CVE-2023-37154 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
3DSecure 2.0 allows CSRF in the Authorization Method via modified Origin and Referer HTTP headers. 2024-10-09 8.8 CVE-2024-25286 cve@mitre.org
 
n/a–n/a
 
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. 2024-10-11 8.4 CVE-2024-35517 cve@mitre.org
 
n/a–n/a
 
Netgear EX3700 ‘ AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. 2024-10-11 8.4 CVE-2024-35522 cve@mitre.org
 
n/a–n/a
 
An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation. 2024-10-07 8.1 CVE-2024-44068 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to command injection. 2024-10-11 8.8 CVE-2024-44414 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input filtering. This allows malicious users to inject and execute arbitrary commands. 2024-10-08 8 CVE-2024-45880 cve@mitre.org
 
n/a–n/a
 
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. 2024-10-07 8.8 CVE-2024-46041 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. 2024-10-07 8.4 CVE-2024-46278 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. 2024-10-09 8 CVE-2024-46316 cve@mitre.org
 
n/a–n/a
 
Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). 2024-10-08 8.2 CVE-2024-46539 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component. 2024-10-11 8.8 CVE-2024-48813 cve@mitre.org
 
n/a–n/a
 
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. 2024-10-11 8.8 CVE-2024-48827 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string. 2024-10-08 7.5 CVE-2024-25885 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block’s merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance. 2024-10-10 7.5 CVE-2024-35202 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITYSYSTEM. 2024-10-09 7.8 CVE-2024-35288 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges. 2024-10-09 7.2 CVE-2024-45179 cve@mitre.org
 
n/a–n/a
 
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. 2024-10-09 7.5 CVE-2024-46292 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c. 2024-10-09 7.5 CVE-2024-46304 cve@mitre.org
 
n/a–n/a
 
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products. 2024-10-09 7.5 CVE-2024-46307 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. 2024-10-09 7.1 CVE-2024-47191 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
nickboss–WordPress File Upload
 
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier. 2024-10-12 9.8 CVE-2024-9047 security@wordfence.com
security@wordfence.com
 
NinjaTeam–Multi Step for Contact Form
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7. 2024-10-11 9.3 CVE-2024-47331 audit@patchstack.com
 
Open Mainframe Project–Zowe
 
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers. 2024-10-10 9 CVE-2024-9798 zowe-security@lists.openmainframeproject.org
 
pedaloagency–Pedalo Connector
 
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the ‘login_admin_user’ function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator. 2024-10-11 9.8 CVE-2024-9822 security@wordfence.com
security@wordfence.com
 
PHP Group–PHP
 
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows “Best Fit” codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. 2024-10-08 8.1 CVE-2024-8926 security@php.net
 
PHP Group–PHP
 
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. 2024-10-08 7.5 CVE-2024-8927 security@php.net
 
PHPOffice–PhpSpreadsheet
 
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting (XSS) vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in `45_Quadratic_equation_solver.php` concatenates the user supplied parameters directly into spreadsheet formulas. This allows an attacker to take control over the formula and output unsanitized data into the page, resulting in JavaScript execution. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 7.1 CVE-2024-45060 security-advisories@github.com
security-advisories@github.com
 
PHPOffice–PhpSpreadsheet
 
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It’s possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 7.7 CVE-2024-45290 security-advisories@github.com
security-advisories@github.com
 
PHPOffice–PhpSpreadsheet
 
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. The security scan function in src/PhpSpreadsheet/Reader/Security/XmlScanner.php contains a flawed XML encoding check to retrieve the input file’s XML encoding in the toUtf8 function. The function searches for the XML encoding through a defined regex which looks for `encoding=”*”` and/or `encoding=’*’`, if not found, it defaults to the UTF-8 encoding which bypasses the conversion logic. This logic can be used to pass a UTF-7 encoded XXE payload, by utilizing a whitespace before or after the = in the attribute definition. Sensitive information disclosure through the XXE on sites that allow users to upload their own excel spreadsheets, and parse them using PHPSpreadsheet’s Excel parser. This issue has been addressed in release versions 1.29.1, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 7.5 CVE-2024-45293 security-advisories@github.com
 
Progress Software Corporation–Telerik Report Server
 
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. 2024-10-09 7.5 CVE-2024-7292 security@progress.com
 
Progress Software Corporation–Telerik Report Server
 
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. 2024-10-09 7.5 CVE-2024-7293 security@progress.com
 
Progress Software Corporation–Telerik Report Server
 
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. 2024-10-09 7.5 CVE-2024-7294 security@progress.com
 
Progress Software–Telerik Reporting
 
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. 2024-10-09 9.1 CVE-2024-8015 security@progress.com
 
Progress Software–Telerik Reporting
 
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. 2024-10-09 8.8 CVE-2024-8014 security@progress.com
 
Progress Software–Telerik Reporting
 
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. 2024-10-09 7.8 CVE-2024-7840 security@progress.com
 
Progress Software–Telerik Reporting
 
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. 2024-10-09 7.8 CVE-2024-8048 security@progress.com
 
Progress–LoadMaster
 
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) ?  From 7.2.49.0 to 7.2.54.12 (inclusive) ?  7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) 2024-10-11 8.4 CVE-2024-8755 security@progress.com
 
PureStorage–FlashArray
 
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. 2024-10-08 9.8 CVE-2024-3057 psirt@purestorage.com
 
qualcomm — fastconnect_6700_firmware
 
Memory corruption while maintaining memory maps of HLOS memory. 2024-10-07 7.8 CVE-2024-43047 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption while redirecting log file to any file location with any file name. 2024-10-07 9.8 CVE-2024-33066 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Information disclosure while parsing the multiple MBSSID IEs from the beacon. 2024-10-07 8.2 CVE-2024-33064 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption while taking snapshot when an offset variable is set by camera driver. 2024-10-07 8.4 CVE-2024-33065 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. 2024-10-07 8.2 CVE-2024-33073 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption while processing user packets to generate page faults. 2024-10-07 8.4 CVE-2024-38399 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. 2024-10-07 7.8 CVE-2024-21455 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. 2024-10-07 7.8 CVE-2024-23369 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. 2024-10-07 7.5 CVE-2024-33049 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. 2024-10-07 7.5 CVE-2024-33069 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Transient DOS while parsing ESP IE from beacon/probe response frame. 2024-10-07 7.5 CVE-2024-33070 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. 2024-10-07 7.5 CVE-2024-33071 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Transient DOS while parsing probe response and assoc response frame. 2024-10-07 7.5 CVE-2024-38397 product-security@qualcomm.com
 
rami.io GmbH–pretix Widget WordPress plugin
 
Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5. 2024-10-09 8.1 CVE-2024-9575 655498c3-6ec5-4f0b-aea6-853b334d05a6
655498c3-6ec5-4f0b-aea6-853b334d05a6
 
Red Hat–Red Hat Build of Keycloak
 
A flaw was found in Keycloak. Certain endpoints in Keycloak’s admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. 2024-10-09 8.1 CVE-2024-3656 secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
 
redis–redis
 
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 7 CVE-2024-31449 security-advisories@github.com
security-advisories@github.com
 
Revmakx–Backup and Staging by WP Time Capsule
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21. 2024-10-11 8.5 CVE-2024-48020 audit@patchstack.com
 
Samsung Mobile–Samsung Mobile Devices
 
Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. 2024-10-08 7.5 CVE-2024-34665 mobile.security@samsung.com
 
Samsung Mobile–Samsung Mobile Devices
 
Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. 2024-10-08 7.5 CVE-2024-34666 mobile.security@samsung.com
 
Samsung Mobile–Samsung Mobile Devices
 
Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. 2024-10-08 7.5 CVE-2024-34667 mobile.security@samsung.com
 
Samsung Mobile–Samsung Mobile Devices
 
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. 2024-10-08 7.5 CVE-2024-34668 mobile.security@samsung.com
 
Samsung Mobile–Samsung Mobile Devices
 
Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. 2024-10-08 7.5 CVE-2024-34669 mobile.security@samsung.com
 
SAP_SE–SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
 
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. 2024-10-08 7.7 CVE-2024-37179 cna@sap.com
cna@sap.com
 
Schneider Electric–Data Center Expert
 
CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. 2024-10-11 7.2 CVE-2024-8531 cybersecurity@se.com
 
Schneider Electric–Easergy Studio
 
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries 2024-10-11 7.8 CVE-2024-9002 cybersecurity@se.com
 
Schneider Electric–EcoStruxure Power Monitoring Expert (PME)
 
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. 2024-10-08 7.1 CVE-2024-9005 cybersecurity@se.com
 
Schneider Electric–EVlink Home Smart
 
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary 2024-10-13 8.5 CVE-2024-8070 cybersecurity@se.com
 
Schneider Electric–System Monitor application in Harmony Industrial PC HMIBMO/HMIBMI/HMIPSO/HMIBMP/HMIBMU/HMIPSP/HMIPEP series
 
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http 2024-10-08 9.8 CVE-2024-8884 cybersecurity@se.com
 
Schneider Electric–Zelio Soft 2
 
CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. 2024-10-08 7.8 CVE-2024-8422 cybersecurity@se.com
 
SEUR–SEUR plugin
 
The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. 2024-10-10 9.4 CVE-2024-9201 cve-coordination@incibe.es
 
siemens — sinec_security_monitor
 
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the “`ssmctl-client“` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS. 2024-10-08 9.9 CVE-2024-47553 productcert@siemens.com
 
siemens — sinec_security_monitor
 
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the “`ssmctl-client“` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS. 2024-10-08 8.8 CVE-2024-47562 productcert@siemens.com
 
Siemens–HiMed Cockpit 12 pro
 
A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system. 2024-10-08 8.5 CVE-2023-52952 productcert@siemens.com
 
Siemens–JT2Go
 
A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-41902 productcert@siemens.com
 
Siemens–SENTRON 7KM PAC3200
 
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication. 2024-10-08 9.8 CVE-2024-41798 productcert@siemens.com
 
Siemens–Simcenter Nastran 2306
 
A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-41981 productcert@siemens.com
 
Siemens–Simcenter Nastran 2306
 
A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-47046 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45463 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45464 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45465 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45466 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45467 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45468 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45469 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45470 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45471 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45472 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45473 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45474 productcert@siemens.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. 2024-10-08 7.8 CVE-2024-45475 productcert@siemens.com
 
Solidigm–D7-P5500
 
Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service. 2024-10-07 7 CVE-2024-47975 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
 
SonicWall–Connect Tunnel
 
The Improper link resolution before file access (‘Link Following’) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. 2024-10-11 7.8 CVE-2024-45316 PSIRT@sonicwall.com
 
SourceCodester–Online Veterinary Appointment System
 
A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 7.3 CVE-2024-9818 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Tainacan.org–Tainacan
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tainacan.Org Tainacan allows SQL Injection.This issue affects Tainacan: from n/a through 0.21.8. 2024-10-11 8.5 CVE-2024-48040 audit@patchstack.com
 
themehunk–Hunk Companion
 
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. 2024-10-11 9.8 CVE-2024-9707 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
totalsoft–TS Poll Survey, Versus Poll, Image Poll, Video Poll
 
The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-10-10 7.2 CVE-2024-9022 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
userplus–User registration & user profile UserPlus
 
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the ‘form_actions’ and ‘userplus_update_user_profile’ functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the ‘role’ parameter during a registration. 2024-10-10 9.8 CVE-2024-9518 security@wordfence.com
security@wordfence.com
 
userplus–User registration & user profile UserPlus
 
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the ‘save_metabox_form’ function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation. 2024-10-10 7.2 CVE-2024-9519 security@wordfence.com
security@wordfence.com
 
WinHex–WinHex
 
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. 2024-10-07 7.3 CVE-2023-6361 cve-coordination@incibe.es
 
WinHex–WinHex
 
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. 2024-10-07 7.3 CVE-2023-6362 cve-coordination@incibe.es
 
Wireshark Foundation–Wireshark
 
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file 2024-10-10 7.8 CVE-2024-9780 cve@gitlab.com
cve@gitlab.com
 
Wireshark Foundation–Wireshark
 
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file 2024-10-10 7.8 CVE-2024-9781 cve@gitlab.com
cve@gitlab.com
 
Xerox–FreeFlow Core
 
Missing Authentication – User & System Configuration 2024-10-07 8.3 CVE-2024-47555 10b61619-3869-496c-8a1e-f291b0e71e3f
 
Xerox–FreeFlow Core
 
Pre-Auth RCE via Path Traversal 2024-10-07 8.3 CVE-2024-47556 10b61619-3869-496c-8a1e-f291b0e71e3f
 
Xerox–FreeFlow Core
 
Pre-Auth RCE via Path Traversal 2024-10-07 8.3 CVE-2024-47557 10b61619-3869-496c-8a1e-f291b0e71e3f
 
Xerox–FreeFlow Core
 
Authenticated RCE via Path Traversal 2024-10-07 7.6 CVE-2024-47558 10b61619-3869-496c-8a1e-f291b0e71e3f
 
Xerox–FreeFlow Core
 
Authenticated RCE via Path Traversal 2024-10-07 7.6 CVE-2024-47559 10b61619-3869-496c-8a1e-f291b0e71e3f
 
Zoho Flow–Zoho Flow for WordPress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zoho Flow Zoho Flow for WordPress allows SQL Injection.This issue affects Zoho Flow for WordPress: from n/a through 2.7.1. 2024-10-09 7.6 CVE-2024-47334 audit@patchstack.com
 

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
ABB–RobotWare 6
 
An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below.  This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 2024-10-10 5.1 CVE-2024-6157 cybersecurity@ch.abb.com
 
adamskaat–Read more By Adam
 
The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons. 2024-10-12 4.3 CVE-2024-9187 security@wordfence.com
security@wordfence.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-47419 psirt@adobe.com
 
adobe — animate
 
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-47420 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 6.5 CVE-2024-45118 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs and have a low impact on both confidentiality and integrity. Exploitation of this issue does not require user interaction and scope is changed. 2024-10-10 6.4 CVE-2024-45119 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-10-10 6.1 CVE-2024-45123 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction. 2024-10-10 6.5 CVE-2024-45132 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. 2024-10-10 6.5 CVE-2024-45148 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 5.3 CVE-2024-45124 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction. 2024-10-10 5.4 CVE-2024-45128 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction. 2024-10-10 5.4 CVE-2024-45131 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45121 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45122 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45125 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-10-10 4.8 CVE-2024-45127 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45129 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45130 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45149 psirt@adobe.com
 
Adobe–Adobe Experience Manager
 
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-10-07 5.4 CVE-2024-45153 psirt@adobe.com
 
Adobe–Lightroom Desktop
 
Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-45145 psirt@adobe.com
 
Adobe–Substance3D – Painter
 
Substance3D – Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-20787 psirt@adobe.com
 
afragen–Embed PDF Viewer
 
The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ and ‘width’ parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-09 6.4 CVE-2024-9451 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
algoritmika–Download Plugins and Themes in ZIP from Dashboard
 
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9232 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
algoritmika–Maximum Products per User for WooCommerce
 
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-10 6.1 CVE-2024-9205 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
amandato–PowerPress Podcasting plugin by Blubrry
 
The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘skipto’ shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-11 6.4 CVE-2024-9543 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
amirhelzer–WooCommerce Multilingual & Multicurrency with WPML
 
The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-08 6.1 CVE-2024-8629 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
ampache–ampache
 
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent. 2024-10-09 5.3 CVE-2024-47828 security-advisories@github.com
 
angeljudesuarez — placement_management_system
 
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. 2024-10-07 6.1 CVE-2024-46300 cve@mitre.org
cve@mitre.org
 
ays-pro–Survey Maker
 
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-10-08 4.4 CVE-2024-8488 security@wordfence.com
security@wordfence.com
 
azexo–Mynx Page Builder
 
The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-12 6.4 CVE-2024-9656 security@wordfence.com
security@wordfence.com
 
bfintal–Stackable Page Builder Gutenberg Blocks
 
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don’t perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users. 2024-10-12 5.3 CVE-2024-8760 security@wordfence.com
security@wordfence.com
 
bitpressadmin–Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
 
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to leverage a PHP filter chain attack and read the contents of arbitrary files on the server, which can contain sensitive information. 2024-10-11 4.9 CVE-2024-9507 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
BlackBerry–QNX Software Development Platform (SDP)
 
NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process. 2024-10-08 6.2 CVE-2024-35215 secure@blackberry.com
 
blockmeister–BlockMeister Block Pattern Builder
 
The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9616 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
boonebgorges–BuddyPress Docs
 
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-08 6.1 CVE-2024-9207 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
brechtvds–WP Ultimate Post Grid
 
The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-11 6.4 CVE-2024-9051 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
brevo — newsletter,_smtp,_email_marketing_and_subscribe
 
The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-10 4.3 CVE-2024-8477 security@wordfence.com
security@wordfence.com
 
butterflymedia–ImagePress Image Gallery
 
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-10-12 4.4 CVE-2024-9776 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
butterflymedia–ImagePress Image Gallery
 
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the ‘imagepress_admin_page’ function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-12 4.3 CVE-2024-9778 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
butterflymedia–ImagePress Image Gallery
 
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘ip_delete_post’ and ‘ip_update_post_title’ functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts and update post titles. 2024-10-12 4.3 CVE-2024-9824 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
bytecodealliance–wasmtime
 
Wasmtime is an open source runtime for WebAssembly. Wasmtime’s implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it’s possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern “C”` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google’s OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x – patched in 21.0.2 * 22.0.x – patched in 22.0.1 * 23.0.x – patched in 23.0.3 * 24.0.x – patched in 24.0.1 * 25.0.x – patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions. 2024-10-09 5.5 CVE-2024-47763 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Cacti–cacti
 
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.7 CVE-2024-43364 security-advisories@github.com
 
Cacti–cacti
 
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.7 CVE-2024-43365 security-advisories@github.com
 
cmsmasters–CMSMasters Content Composer
 
The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-09 6.4 CVE-2024-7963 security@wordfence.com
security@wordfence.com
 
code-projects–Blood Bank System
 
A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 6.3 CVE-2024-9817 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Blood Bank System
 
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-12 6.3 CVE-2024-9894 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Blood Bank System
 
A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. 2024-10-10 4.7 CVE-2024-9804 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Codezips–Online Shopping Portal
 
A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 6.3 CVE-2024-9794 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Codezips–Tourist Management System
 
A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 4.7 CVE-2024-9815 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Codezips–Tourist Management System
 
A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 4.7 CVE-2024-9816 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Contemporary Control System–BASrouter BACnet BASRT-B
 
A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 5.3 CVE-2024-9787 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
CreativeMindsSolutions–CM Tooltip Glossary
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.9. 2024-10-11 6.5 CVE-2024-48041 audit@patchstack.com
 
cssjockey–WP Builder
 
The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9457 security@wordfence.com
security@wordfence.com
 
curatorio–Curator.io: Show all your social media posts in a beautiful feed.
 
The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘feed_id’ attribute in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-10 6.4 CVE-2024-9057 security@wordfence.com
security@wordfence.com
 
D-Link–DIR-619L B1
 
A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used. 2024-10-13 5.5 CVE-2024-9908 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
dale668–Marketing and SEO Booster
 
The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9066 security@wordfence.com
security@wordfence.com
 
devitemsllc–ShopLentor WooCommerce Builder for Elementor & Gutenberg +12 Modules All in One Solution (formerly WooLentor)
 
The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the ‘render’ function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. 2024-10-11 4.3 CVE-2024-9538 security@wordfence.com
security@wordfence.com
 
directus–directus
 
Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-08 4.2 CVE-2024-47822 security-advisories@github.com
 
discourse–discourse
 
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users’ browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure. 2024-10-07 6.5 CVE-2024-47772 security-advisories@github.com
security-advisories@github.com
 
discourse–discourse
 
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.3 CVE-2024-45297 security-advisories@github.com
 
dvankooten–Social Sharing (by Danny)
 
The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘dvk_social_sharing’ shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-12 6.4 CVE-2024-9704 security@wordfence.com
security@wordfence.com
 
essamamdani–Advanced Blocks Pro
 
The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9074 security@wordfence.com
security@wordfence.com
 
EventPrime Events–EventPrime
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5. 2024-10-10 4.7 CVE-2024-47648 audit@patchstack.com
 
fatcatapps–Forms for Mailchimp by Optin Cat Grow Your MailChimp List
 
The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-10-12 4.4 CVE-2024-7489 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Fortra–Robot Schedule Enterprise
 
Fortra’s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled. 2024-10-09 5.5 CVE-2024-8264 df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff
 
fullservices–FULL Cliente
 
The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9211 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
gdprextensionscom–GDPR-Extensions-com Consent Manager
 
The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9072 security@wordfence.com
security@wordfence.com
 
GitLab–GitLab
 
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API. 2024-10-11 4.3 CVE-2024-5005 cve@gitlab.com
cve@gitlab.com
 
GitLab–GitLab
 
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. 2024-10-10 4.9 CVE-2024-9623 cve@gitlab.com
 
google — android
 
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701. 2024-10-07 4.4 CVE-2024-20091 security@mediatek.com
 
google — android
 
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699. 2024-10-07 4.4 CVE-2024-20093 security@mediatek.com
 
google — android
 
In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636. 2024-10-07 4.4 CVE-2024-20095 security@mediatek.com
 
google — android
 
In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635. 2024-10-07 4.4 CVE-2024-20096 security@mediatek.com
 
google — android
 
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630. 2024-10-07 4.4 CVE-2024-20097 security@mediatek.com
 
google — android
 
In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601. 2024-10-07 4.9 CVE-2024-20102 security@mediatek.com
 
gregross–Auto iFrame
 
The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag’ parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-09 6.4 CVE-2024-9449 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
h2o–h2o
 
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue. 2024-10-11 5.9 CVE-2024-45397 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
hcltech — connections
 
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. 2024-10-09 5.7 CVE-2024-30118 psirt@hcl.com
 
HuangDou–UTCMS
 
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-13 6.3 CVE-2024-9917 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
HuangDou–UTCMS
 
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-13 4.7 CVE-2024-9918 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
idiom — easy_social_share_buttons
 
The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-10 6.1 CVE-2024-8729 security@wordfence.com
security@wordfence.com
 
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API 2024-10-08 6.5 CVE-2024-47161 cve@jetbrains.com
 
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings 2024-10-08 5.4 CVE-2024-47950 cve@jetbrains.com
 
jetbrains — teamcity
 
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings 2024-10-08 5.4 CVE-2024-47951 cve@jetbrains.com
 
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API 2024-10-10 5.4 CVE-2024-48902 cve@jetbrains.com
 
Juniper Networks–Junos OS
 
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS).  Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only occurs if DHCP snooping is enabled. See configuration below. This issue can be detected using following commands. Their output will display the interface status going down: user@device>show interfaces <if–x/x/x> user@device>show log messages | match <if–x/x/x> user@device>show log messages ==> will display the “[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no,” logs. This issue affects: Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304: * All versions before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.2 before 22.2R3-S3, * all versions of 22.3, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved on PTX Series: * from 19.3R1-EVO before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S5-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S1-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO. Junos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability 2024-10-11 6.5 CVE-2024-39526 sirt@juniper.net
 
Juniper Networks–Junos OS
 
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the SRX5K, SRX4600 and MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes local FPC to eventually run out of memory and crash.   Below CLI command can be used to check the memory usage over a period of time: ??user@host> show chassis fpc                 Temp CPU Utilization (%)   CPU Utilization (%) Memory   Utilization (%)   Slot State     (C)  Total  Interrupt     1min   5min   15min DRAM (MB) Heap     Buffer   0 Online       43     41         2                           2048       49         14   1 Online       43     41         2                           2048       49         14   2 Online       43     41         2                           2048       49         14 This issue affects Junos OS on SRX5K, SRX4600 and MX Series:  * All versions before 21.2R3-S7,  * from 21.4 before 21.4R3-S6,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R2. 2024-10-11 6.5 CVE-2024-47493 sirt@juniper.net
sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS). If in a multicast scenario a sequence of specific PIM packets is received, this will cause a flowd crash and restart, which leads to momentary service interruption. This issue affects Junos OS on SRX 4600 and SRX 5000 Series: * All versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.3 versions before 22.3R3-S4, * 22.4 versions before 22.4R3-S4, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2,  * 24.2 versions before 24.2R1-S1, 24.2R2. 2024-10-11 6.5 CVE-2024-47503 sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of protected files on the file system. Through the execution of crafted CLI commands, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS on SRX Series:  * All versions before 21.4R3-S8,  * 22.2 before 22.2R3-S5,  * 22.3 before 22.3R3-S4,  * 22.4 before 22.4R3-S4,  * 23.2 before 23.2R2-S2,  * 23.4 before 23.4R2. 2024-10-11 5.5 CVE-2024-39527 sirt@juniper.net
 
Juniper Networks–Junos OS
 
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS:  * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved. 2024-10-11 5.9 CVE-2024-47494 sirt@juniper.net
 
Juniper Networks–Junos OS
 
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2. 2024-10-11 5.5 CVE-2024-47496 sirt@juniper.net
 
Juniper Networks–Junos OS
 
A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart. This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C:  * All version before 21.2R3-S1, * 21.3 versions before 21.3R3,  * 21.4 versions before 21.4R2. 2024-10-11 5.5 CVE-2024-47501 sirt@juniper.net
 
Juniper Networks–Junos OS
 
A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. Whether the crash occurs, depends on system internal timing that is outside the attackers control. This issue affects Junos OS on SRX Series: * All versions before 21.3R3-S1, * 21.4 versions before 21.4R3, * 22.1 versions before 22.1R2, * 22.2 versions before 22.2R1-S2, 22.2R2. 2024-10-11 5.9 CVE-2024-47506 sirt@juniper.net
 
Juniper Networks–Junos OS
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this. This issue affects: Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.4 versions before 22.4R3;  Junos OS Evolved:  * All versions before 21.4R3-S7-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 versions before 22.4R3-EVO. 2024-10-11 5.8 CVE-2024-47507 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices. This issue affects: Juniper Networks Junos OS Evolved with dual-REs: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R2-S1-EVO. This issue does not affect Juniper Networks Junos OS. 2024-10-11 6.7 CVE-2024-47495 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic. This issue affects Junos OS Evolved on QFX5000 Series: * All versions before 21.4R3-S8-EVO, * 22.2-EVO versions before 22.2R3-S5-EVO, * 22.4-EVO versions before 22.4R3-EVO, * 23.2-EVO versions before 23.2R2-EVO. 2024-10-11 6.5 CVE-2024-47498 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * 22.1 versions before 22.1R3-S6-EVO, * 22.2 versions before 22.2R3-EVO,  * 22.3 versions before 22.3R3-EVO, * 22.4 versions before 22.4R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47508 and CVE-2024-47509. 2024-10-11 6.5 CVE-2024-47505 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.3 versions before 21.3R3-EVO; * 21.4 versions before 22.1R2-EVO, * 22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509. 2024-10-11 6.5 CVE-2024-47508 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.4R2-EVO, * 22.1 versions before 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47508. 2024-10-11 6.5 CVE-2024-47509 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * 22.2-EVO before 22.2R3-S4-EVO,  * 22.3-EVO before 22.3R3-S4-EVO,  * 22.4-EVO before 22.4R3-S3-EVO,  * 23.2-EVO before 23.2R2-S1-EVO,  * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO. 2024-10-11 5.4 CVE-2024-39534 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentiality of the system. Junos OS Evolved:  * All versions before 20.4R3-S9-EVO,  * 21.2-EVO before 21.2R3-S7-EVO,  * 21.4-EVO before 21.4R3-S5-EVO,  * 22.1-EVO before 22.1R3-S5-EVO,  * 22.2-EVO before 22.2R3-S3-EVO,  * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,  * 22.4-EVO before 22.4R3-EVO,  * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. 2024-10-11 5 CVE-2024-39544 sirt@juniper.net
 
Juniper Networks–Junos OS Evolved
 
An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices. Receipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols. This influx of transit protocol packets causes DDoS protection violations, resulting in protocol flaps which can affect connectivity to networking devices. This issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled. The following commands can be used to monitor the DDoS protection queue:        labuser@re0> show evo-pfemand host pkt-stats ??  labuser@re0> show host-path ddos all-policers This issue affects Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * from 22.2 before 22.2R3-S4-EVO,  * from 22.3 before 22.3R3-S4-EVO,  * from 22.4 before 22.4R3-S3-EVO,  * from 23.2 before 23.2R2-EVO,  * from 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO,  * from 24.2 before 24.2R2-EVO. 2024-10-11 5.8 CVE-2024-47489 sirt@juniper.net
 
kevinb–PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes
 
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9436 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
lara-zeus–dynamic-dashboard
 
Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a paragraph widget is rendered. Users are advised to upgrade to the appropriate fix versions detailed in the advisory metadata. There are no known workarounds for this vulnerability. 2024-10-07 6.1 CVE-2024-47817 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Lenovo–Dolby Vision Provisioning software
 
A potential information disclosure vulnerability was reported in Lenovo’s packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. 2024-10-11 5.5 CVE-2024-5474 psirt@lenovo.com
 
leogermani–Tainacan
 
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9221 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
limesurvey — limesurvey
 
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. 2024-10-07 6.1 CVE-2024-28709 cve@mitre.org
cve@mitre.org
 
limesurvey — limesurvey
 
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget’s message component. 2024-10-07 6.1 CVE-2024-28710 cve@mitre.org
cve@mitre.org
 
matbao–WP Helper Premium
 
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘whp_smtp_send_mail_test’ function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient. 2024-10-10 5.3 CVE-2024-9065 security@wordfence.com
security@wordfence.com
 
MediaTek, Inc.–MT6761, MT6765, MT6768, MT6779, MT6785, MT6853, MT6873, MT6885, MT8385, MT8666, MT8667, MT8766, MT8768, MT8781, MT8788, MT8789
 
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703. 2024-10-07 6.7 CVE-2024-20090 security@mediatek.com
 
MediaTek, Inc.–MT6768, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8532, MT8675, MT8766, MT8768, MT8781, MT8786, MT8788
 
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626. 2024-10-07 6.7 CVE-2024-20098 security@mediatek.com
 
MediaTek, Inc.–MT6768, MT6833, MT6853, MT6877, MT6893, MT8532
 
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625. 2024-10-07 6.7 CVE-2024-20099 security@mediatek.com
 
meshtastic–firmware
 
Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 6.4 CVE-2024-47079 security-advisories@github.com
 
michaelzangl–Embed videos and respect privacy
 
The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘v’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9346 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Microsoft–Azure Service Fabric for Linux
 
Azure Service Fabric for Linux Remote Code Execution Vulnerability 2024-10-08 6.6 CVE-2024-43480 secure@microsoft.com
 
Microsoft–Microsoft Defender for Endpoint for Linux
 
Microsoft Defender for Endpoint for Linux Spoofing Vulnerability 2024-10-08 5.5 CVE-2024-43614 secure@microsoft.com
 
Microsoft–Microsoft Office LTSC 2024
 
Microsoft Office Spoofing Vulnerability 2024-10-08 6.5 CVE-2024-43609 secure@microsoft.com
 
Microsoft–Microsoft Outlook for Android
 
Outlook for Android Elevation of Privilege Vulnerability 2024-10-08 5.7 CVE-2024-43604 secure@microsoft.com
 
Microsoft–Microsoft Visual Studio 2022 version 17.11
 
Visual Studio Collector Service Denial of Service Vulnerability 2024-10-08 5.5 CVE-2024-43603 secure@microsoft.com
 
Microsoft–Power BI Report Server – May 2024
 
Power BI Report Server Spoofing Vulnerability 2024-10-08 6.5 CVE-2024-43481 secure@microsoft.com
 
Microsoft–Power BI Report Server – May 2024
 
Power BI Report Server Spoofing Vulnerability 2024-10-08 6.9 CVE-2024-43612 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
BitLocker Security Feature Bypass Vulnerability 2024-10-08 6.4 CVE-2024-43513 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43523 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43524 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43525 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43526 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Graphics Component Information Disclosure Vulnerability 2024-10-08 6.5 CVE-2024-43534 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43536 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43537 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43538 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43540 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43542 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43543 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Kerberos Information Disclosure Vulnerability 2024-10-08 6.5 CVE-2024-43547 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43555 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43557 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43558 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43559 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43561 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Kernel Denial of Service Vulnerability 2024-10-08 5 CVE-2024-43520 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Windows Kernel-Mode Driver Information Disclosure Vulnerability 2024-10-08 5.5 CVE-2024-43554 secure@microsoft.com
 
Microsoft–Windows 10 Version 1809
 
Code Integrity Guard Security Feature Bypass Vulnerability 2024-10-08 5.5 CVE-2024-43585 secure@microsoft.com
 
Microsoft–Windows 11 version 22H2
 
Windows Resilient File System (ReFS) Information Disclosure Vulnerability 2024-10-08 5.5 CVE-2024-43500 secure@microsoft.com
 
Microsoft–Windows 11 version 22H2
 
Windows Graphics Component Information Disclosure Vulnerability 2024-10-08 5.5 CVE-2024-43508 secure@microsoft.com
 
Microsoft–Windows 11 Version 24H2
 
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability 2024-10-08 6.7 CVE-2024-37976 secure@microsoft.com
 
Microsoft–Windows 11 Version 24H2
 
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability 2024-10-08 6.7 CVE-2024-37982 secure@microsoft.com
 
Microsoft–Windows 11 Version 24H2
 
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability 2024-10-08 6.7 CVE-2024-37983 secure@microsoft.com
 
Microsoft–Windows 11 Version 24H2
 
Windows Kernel Elevation of Privilege Vulnerability 2024-10-08 6.4 CVE-2024-43570 secure@microsoft.com
 
Microsoft–Windows 11 Version 24H2
 
Sudo for Windows Spoofing Vulnerability 2024-10-08 5.6 CVE-2024-43571 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Kernel Elevation of Privilege Vulnerability 2024-10-08 6.7 CVE-2024-37979 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Standards-Based Storage Management Service Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43512 secure@microsoft.com
 
Microsoft–Windows Server 2019
 
Windows Remote Desktop Services Tampering Vulnerability 2024-10-08 4.8 CVE-2024-43456 secure@microsoft.com
 
Microsoft–Windows Server 2022
 
Windows Cryptographic Information Disclosure Vulnerability 2024-10-08 5.6 CVE-2024-43546 secure@microsoft.com
 
Milestone Systems–XProtect VMS
 
A possible buffer overflow in selected cameras’ drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions. 2024-10-08 6.7 CVE-2024-3506 cf45122d-9d50-442a-9b23-e05cde9943d8
 
miraheze–ImportDump
 
ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether. 2024-10-09 6 CVE-2024-47812 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
miraheze–ImportDump
 
ImportDump is a mediawiki extension designed to automate user import requests. A user’s local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they’re the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it’s marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that. 2024-10-09 6.4 CVE-2024-47816 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
miraheze–IncidentReporting
 
IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page. 2024-10-09 6 CVE-2024-47815 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
n/a–07FLYCMS
 
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. 2024-10-11 4.7 CVE-2024-9855 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
n/a–07FLYCMS
 
A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. 2024-10-12 4.7 CVE-2024-9903 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
n/a–07FLYCMS
 
A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. 2024-10-13 4.7 CVE-2024-9904 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
n/a–ggit
 
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (–) to communicate the end of options. 2024-10-08 6.5 CVE-2024-21533 report@snyk.io
report@snyk.io
 
n/a–LyLme_spage
 
A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 4.7 CVE-2024-9788 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
n/a–LyLme_spage
 
A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 4.7 CVE-2024-9789 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
n/a–LyLme_spage
 
A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 4.7 CVE-2024-9790 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
n/a–n/a
 
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup. 2024-10-09 6.5 CVE-2023-45359 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages. 2024-10-09 6.1 CVE-2023-45361 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
3DSecure 2.0 allows form action hijacking via threeDsMethod.jsp?threeDSMethodData= or the threeDSMethodNotificationURL parameter. The destination web site for a form submission can be modified. 2024-10-09 6.1 CVE-2024-25285 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A reflected cross-site scripting (XSS) vulnerability in Elaine’s Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php. 2024-10-07 6.1 CVE-2024-42831 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests. 2024-10-07 6.5 CVE-2024-45919 cve@mitre.org
 
n/a–n/a
 
OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. 2024-10-07 6.6 CVE-2024-45933 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. 2024-10-09 6.1 CVE-2024-48933 cve@mitre.org
 
n/a–n/a
 
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product’s repository, that have default APP_KEY values. 2024-10-11 6.6 CVE-2024-48987 cve@mitre.org
 
n/a–n/a
 
3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. 2024-10-09 5.4 CVE-2024-25282 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. 2024-10-09 5.4 CVE-2024-25283 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via the threeDsMethod.jsp threeDSMethodData parameter. 2024-10-09 5.4 CVE-2024-25284 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src. 2024-10-07 5.7 CVE-2024-44674 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. 2024-10-07 5.5 CVE-2024-46325 cve@mitre.org
 
n/a–n/a
 
An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory. 2024-10-08 4.9 CVE-2024-36814 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature 2024-10-08 4.8 CVE-2024-46410 cve@mitre.org
cve@mitre.org
 
n/a–VMware NSX, VMware Cloud Foundation
 
VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. 2024-10-09 6.7 CVE-2024-38817 security@vmware.com
 
n/a–VMware NSX, VMware Cloud Foundation
 
VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. 2024-10-09 6.7 CVE-2024-38818 security@vmware.com
 
n/a–VMware NSX, VMware Cloud Foundation
 
VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. 2024-10-09 4.3 CVE-2024-38815 security@vmware.com
 
namogo–Elementor Inline SVG
 
The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9064 security@wordfence.com
security@wordfence.com
 
omardabbas–Products, Order & Customers Export for WooCommerce
 
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-10 6.1 CVE-2024-9377 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Open Mainframe Project–Zowe
 
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running. 2024-10-10 5.3 CVE-2024-9802 zowe-security@lists.openmainframeproject.org
 
OpenHarmony–OpenHarmony
 
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. 2024-10-08 5.5 CVE-2024-39806 scy@openharmony.io
 
OpenHarmony–OpenHarmony
 
in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. 2024-10-08 4.4 CVE-2024-39831 scy@openharmony.io
 
PAX–POS terminals
 
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226. 2024-10-11 6.7 CVE-2023-42133 cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
 
PHPOffice–PhpSpreadsheet
 
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It’s possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file’s type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability. 2024-10-07 6.3 CVE-2024-45291 security-advisories@github.com
 
PHPOffice–PhpSpreadsheet
 
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `PhpOfficePhpSpreadsheetWriterHtml` does not sanitize “javascript:” URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.4 CVE-2024-45292 security-advisories@github.com
 
pixelgrade–Category Icon
 
The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-12 6.4 CVE-2024-8915 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
posimyththemes–The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
 
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. 2024-10-11 4.3 CVE-2024-8913 security@wordfence.com
security@wordfence.com
 
QODE–Bridge Core
 
The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘formforall’ shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-08 6.4 CVE-2024-9292 security@wordfence.com
security@wordfence.com
 
QODE–Bridge Core
 
The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the ‘import_action’ and ‘install_plugin_per_demo’ functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change plugin settings, import demo data, and install limited plugins. 2024-10-12 6.5 CVE-2024-9860 security@wordfence.com
security@wordfence.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. 2024-10-07 6.7 CVE-2024-23370 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. 2024-10-07 6.7 CVE-2024-23374 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption during the network scan request. 2024-10-07 6.7 CVE-2024-23375 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. 2024-10-07 6.7 CVE-2024-23376 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. 2024-10-07 6.7 CVE-2024-23378 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. 2024-10-07 6.7 CVE-2024-23379 product-security@qualcomm.com
 
Qualcomm, Inc.–Snapdragon
 
Information disclosure while sending implicit broadcast containing APP launch information. 2024-10-07 6.1 CVE-2024-38425 product-security@qualcomm.com
 
quarka — qa_analytics
 
The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin’s settings. 2024-10-10 5.3 CVE-2024-8513 security@wordfence.com
security@wordfence.com
 
QuomodoSoft–ElementsReady Addons for Elementor
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. 2024-10-11 4.7 CVE-2024-47353 audit@patchstack.com
 
rafasashi–Language Switcher
 
The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9610 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
rainafarai–Notification for Telegram
 
The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the ‘nftb_test_action’ function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings. 2024-10-10 4.3 CVE-2024-9685 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Red Hat–OpenShift Developer Tools and Services
 
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. 2024-10-09 4.4 CVE-2024-9675 secalert@redhat.com
secalert@redhat.com
 
Red Hat–Red Hat 3scale API Management Platform 2
 
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed. 2024-10-09 5.3 CVE-2024-9671 secalert@redhat.com
secalert@redhat.com
 
Red Hat–Red Hat Ansible Automation Platform 2
 
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases. 2024-10-08 5.3 CVE-2024-9620 secalert@redhat.com
secalert@redhat.com
 
Red Hat–Red Hat build of Apache Camel for Quarkus
 
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log. 2024-10-08 5.3 CVE-2024-9621 secalert@redhat.com
secalert@redhat.com
 
Red Hat–Red Hat JBoss Data Grid 7
 
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk. 2024-10-08 5.3 CVE-2024-9622 secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
 
redis–redis
 
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.5 CVE-2024-31228 security-advisories@github.com
security-advisories@github.com
 
redis–redis
 
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 4.4 CVE-2024-31227 security-advisories@github.com
security-advisories@github.com
 
rescuethemes–Rescue Shortcodes
 
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rescue_tab’ shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-12 6.4 CVE-2024-9696 security@wordfence.com
security@wordfence.com
 
robosoft–Photo Gallery, Images, Slider in Rbs Image Gallery
 
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles. 2024-10-08 4.3 CVE-2024-8431 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Rocket.Chat–Mobile
 
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. 2024-10-07 6.7 CVE-2024-42027 support@hackerone.com
 
saltcorn–saltcorn
 
Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`. This issue has been addressed in release version 1.0.0-beta16 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 6.5 CVE-2024-47818 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Samsung Mobile–Samsung Mobile Devices
 
Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors. 2024-10-08 6.2 CVE-2024-34662 mobile.security@samsung.com
 
Samsung Mobile–Samsung Mobile Devices
 
Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. 2024-10-08 5.3 CVE-2024-34663 mobile.security@samsung.com
 
Samsung Mobile–Samsung Mobile Devices
 
Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment. 2024-10-08 4.1 CVE-2024-34664 mobile.security@samsung.com
 
Samsung Mobile–SamsungVideoPlayer
 
Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users. 2024-10-08 5.5 CVE-2024-34672 mobile.security@samsung.com
 
Samsung Mobile–Sound Assistant
 
Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information. 2024-10-08 4 CVE-2024-34670 mobile.security@samsung.com
 
SAP_SE–SAP Commerce Backoffice
 
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. 2024-10-08 5.4 CVE-2024-45278 cna@sap.com
cna@sap.com
 
SAP_SE–SAP HANA Client
 
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity. 2024-10-08 4.3 CVE-2024-45277 cna@sap.com
cna@sap.com
cna@sap.com
 
SAP_SE–SAP NetWeaver Enterprise Portal (KMC)
 
SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised. 2024-10-08 5.4 CVE-2024-47594 cna@sap.com
cna@sap.com
 
SAP_SE–SAP S/4 HANA (Manage Bank Statements)
 
Fields which are in ‘read only’ state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted. 2024-10-08 4.3 CVE-2024-45282 cna@sap.com
cna@sap.com
 
Schneider Electric–Data Center Expert
 
CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. 2024-10-11 5.9 CVE-2024-8530 cybersecurity@se.com
 
scottpaterson–Easy PayPal Gift Certificate
 
The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the ‘wpppgc_plugin_options’ function. This makes it possible for unauthenticated attackers to update the plugin’s settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-12 6.1 CVE-2024-9592 security@wordfence.com
security@wordfence.com
 
siemens — sinec_security_monitor
 
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories. 2024-10-08 5.3 CVE-2024-47563 productcert@siemens.com
 
siemens — sinec_security_monitor
 
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote attacker to compromise the integrity of the configuration of the affected application. 2024-10-08 4.3 CVE-2024-47565 productcert@siemens.com
 
Siemens–ModelSim
 
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. 2024-10-08 6.7 CVE-2024-47194 productcert@siemens.com
 
Siemens–ModelSim
 
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. 2024-10-08 6.7 CVE-2024-47195 productcert@siemens.com
 
Siemens–ModelSim
 
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. 2024-10-08 6.7 CVE-2024-47196 productcert@siemens.com
 
Siemens–SIMATIC Drive Controller CPU 1504D TF
 
The web server of affected devices do not properly authenticate user request to the ‘/ClientArea/RuntimeInfoData.mwsl’ endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load. 2024-10-08 5.3 CVE-2024-46887 productcert@siemens.com
 
Siemens–SIMATIC Drive Controller CPU 1504D TF
 
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. 2024-10-08 4.7 CVE-2024-46886 productcert@siemens.com
 
silabs.com–EFR32 BLE SDK
 
A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device. 2024-10-11 6.5 CVE-2024-6657 product-security@silabs.com
 
sirv–Image Optimizer, Resizer and CDN Sirv
 
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-08 6.4 CVE-2024-8964 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
sldesignpl–Order Attachments for WooCommerce
 
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types. 2024-10-12 4.3 CVE-2024-9756 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
smp7, wp.insider–Simple Membership After Login Redirection
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6. 2024-10-10 4.7 CVE-2024-47354 audit@patchstack.com
 
Solidigm–D5-P5316
 
Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service. 2024-10-07 6.5 CVE-2024-47971 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
 
Solidigm–D7-P5510
 
Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. 2024-10-07 4.4 CVE-2024-47967 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
 
Solidigm–D7-P5510
 
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource. 2024-10-07 4 CVE-2024-47972 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
 
Solidigm–D7-P5510
 
Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. 2024-10-07 4.4 CVE-2024-47974 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
 
Solidigm–D7-P5520
 
In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker. 2024-10-07 5.1 CVE-2024-47973 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
 
Solidigm–DC P4510
 
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. 2024-10-07 6.2 CVE-2024-47969 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
 
Solidigm–DC P4510
 
Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. 2024-10-07 6.7 CVE-2024-47976 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
 
Solidigm–DC P4510
 
Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. 2024-10-07 4.4 CVE-2024-47968 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
 
soplanning — soplanning
 
SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. 2024-10-07 6.5 CVE-2024-9573 cve-coordination@incibe.es
 
soplanning — soplanning
 
SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. 2024-10-07 6.5 CVE-2024-9574 cve-coordination@incibe.es
 
soplanning — soplanning
 
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session. 2024-10-07 5.4 CVE-2024-9571 cve-coordination@incibe.es
 
soplanning — soplanning
 
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details. 2024-10-07 5.4 CVE-2024-9572 cve-coordination@incibe.es
 
SourceCodester–Online Eyewear Shop
 
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=products/view_product. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 6.3 CVE-2024-9808 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
SourceCodester–Online Eyewear Shop
 
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=delete_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 6.3 CVE-2024-9809 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
SourceCodester–Online Eyewear Shop
 
A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 6.3 CVE-2024-9905 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
StylemixThemes–uListing
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. 2024-10-07 5.3 CVE-2024-47344 audit@patchstack.com
 
sujin2f–2D Tag Cloud
 
The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-12 6.1 CVE-2024-9670 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
syracom — secure_login
 
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted. 2024-10-10 5.4 CVE-2024-48941 cve@mitre.org
 
syracom — secure_login
 
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid. 2024-10-10 5.9 CVE-2024-48942 cve@mitre.org
 
Tenda–AC1206
 
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 6.3 CVE-2024-9793 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
themehunk–Easy Mega Menu Plugin for WordPress ThemeHunk
 
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added. 2024-10-08 6.4 CVE-2024-8433 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
tobiasbg–TablePress Tables in WordPress made easy
 
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-12 6.4 CVE-2024-9595 security@wordfence.com
security@wordfence.com
 
ttodua–Increase upload file size & Maximum Execution Time limit
 
The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9611 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
 
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. 2024-10-09 6.5 CVE-2024-39436 security@unisoc.com
 
Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
 
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. 2024-10-09 6.5 CVE-2024-39437 security@unisoc.com
 
Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
 
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. 2024-10-09 6.5 CVE-2024-39438 security@unisoc.com
 
Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000
 
In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. 2024-10-09 6.2 CVE-2024-39439 security@unisoc.com
 
Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000
 
In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed. 2024-10-09 6.2 CVE-2024-39440 security@unisoc.com
 
Unknown–Custom Twitter Feeds
 
Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts. 2024-10-08 4.8 CVE-2024-8983 contact@wpscan.com
 
Unknown–Relevanssi
 
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor 2024-10-08 5.4 CVE-2024-9021 contact@wpscan.com
 
Unknown–TI WooCommerce Wishlist
 
The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-10-10 5.9 CVE-2024-9156 contact@wpscan.com
 
Unknown–WP-Advanced-Search
 
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks 2024-10-10 5.9 CVE-2024-9796 contact@wpscan.com
 
userplus–User registration & user profile UserPlus
 
The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options. 2024-10-10 6.3 CVE-2024-9520 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
 
vittor1o–Linkz.ai Automatic link previews on hover
 
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘check_auth’ and ‘check_logout’ functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings. 2024-10-11 6.5 CVE-2024-9586 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
vittor1o–Linkz.ai Automatic link previews on hover
 
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ajax_linkz’ function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings. 2024-10-11 5.4 CVE-2024-9587 security@wordfence.com
security@wordfence.com
 
webkul — krayin_crm
 
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. 2024-10-07 4.8 CVE-2024-45932 cve@mitre.org
cve@mitre.org
 
webtechstreet–Elementor Addon Elements
 
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. 2024-10-12 4.3 CVE-2024-8902 security@wordfence.com
security@wordfence.com
 
webtoffee–WordPress Comments Import & Export
 
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9 2024-10-11 6.5 CVE-2024-7514 security@wordfence.com
security@wordfence.com
 
wp-buy–Limit Login Attempts (Spam Protection)
 
The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. 2024-10-08 5.3 CVE-2022-4534 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
wproyal–Royal Elementor Addons and Templates
 
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-08 6.4 CVE-2024-8482 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
 
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-10 6.4 CVE-2024-8987 security@wordfence.com
security@wordfence.com
security@wordfence.com
 
youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
 
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘delete_attachment’ function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. 2024-10-10 4.3 CVE-2024-9067 security@wordfence.com
security@wordfence.com
 
ZTE–ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series
 
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. 2024-10-10 6 CVE-2024-22068 psirt@zte.com.cn
 

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction. 2024-10-10 3.1 CVE-2024-45120 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. 2024-10-10 2.7 CVE-2024-45133 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. 2024-10-10 2.7 CVE-2024-45134 psirt@adobe.com
 
adobe — commerce
 
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 2.7 CVE-2024-45135 psirt@adobe.com
 
bytecodealliance–wasmtime
 
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`’s internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption could, following an additional and particular sequence of concurrent events, lead to violations of WebAssembly’s control-flow integrity (CFI) and type safety. Users that do not use `wasmtime::Engine` across multiple threads are not affected. Users that only create new modules across threads over time are additionally not affected. Reproducing this bug requires creating and dropping multiple type instances (such as `wasmtime::FuncType` or `wasmtime::ArrayType`) concurrently on multiple threads, where all types are associated with the same `wasmtime::Engine`. **Wasm guests cannot trigger this bug.** See the “References” section below for a list of Wasmtime types-related APIs that are affected. Wasmtime maintains an internal registry of types within a `wasmtime::Engine` and an engine is shareable across threads. Types can be created and referenced through creation of a `wasmtime::Module`, creation of `wasmtime::FuncType`, or a number of other APIs where the host creates a function (see “References” below). Each of these cases interacts with an engine to deduplicate type information and manage type indices that are used to implement type checks in WebAssembly’s `call_indirect` function, for example. This bug is a race condition in this management where the internal type registry could be corrupted to trigger an assert or contain invalid state. Wasmtime’s internal representation of a type has individual types (e.g. one-per-host-function) maintain a registration count of how many time it’s been used. Types additionally have state within an engine behind a read-write lock such as lookup/deduplication information. The race here is a time-of-check versus time-of-use (TOCTOU) bug where one thread atomically decrements a type entry’s registration count, observes zero registrations, and then acquires a lock in order to unregister that entry. However, between when this first thread observed the zero-registration count and when it acquires that lock, another thread could perform the following sequence of events: re-register another copy of the type, which deduplicates to that same entry, resurrecting it and incrementing its registration count; then drop the type and decrement its registration count; observe that the registration count is now zero; acquire the type registry lock; and finally unregister the type. Now, when the original thread finally acquires the lock and unregisters the entry, it is the second time this entry has been unregistered. This bug was originally introduced in Wasmtime 19’s development of the WebAssembly GC proposal. This bug affects users who are not using the GC proposal, however, and affects Wasmtime in its default configuration even when the GC proposal is disabled. Wasmtime users using 19.0.0 and after are all affected by this issue. We have released the following Wasmtime versions, all of which have a fix for this bug: * 21.0.2 * 22.0.1 * 23.0.3 * 24.0.1 * 25.0.2. If your application creates and drops Wasmtime types on multiple threads concurrently, there are no known workarounds. Users are encouraged to upgrade to a patched release. 2024-10-09 2.9 CVE-2024-47813 security-advisories@github.com
security-advisories@github.com
 
code-projects–Blood Bank Management System
 
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file blooddetails.php. The manipulation of the argument Availibility leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. 2024-10-10 3.5 CVE-2024-9803 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
code-projects–Blood Bank System
 
A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “hospital”. 2024-10-10 3.5 CVE-2024-9805 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Craig Rodway–Classroombookings
 
A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields of the component Room Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.7 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional. 2024-10-10 3.5 CVE-2024-9806 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Craig Rodway–Classroombookings
 
A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.8.8 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional. 2024-10-10 2.4 CVE-2024-9807 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
D-Link–DSL-2750U
 
A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely. 2024-10-10 2.4 CVE-2024-9792 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
Dell–AppSync
 
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. 2024-10-09 2.9 CVE-2024-39586 security_alert@emc.com
 
Fortinet–FortiManager
 
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests. 2024-10-08 3.3 CVE-2024-33506 psirt@fortinet.com
 
GitLab–GitLab
 
An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance. 2024-10-10 3.7 CVE-2024-9596 cve@gitlab.com
 
h2o–h2o
 
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes (e.g., path level) are expected to inherit the configuration defined in outer scopes (e.g., global level). However, if a header directive is used in the inner scope, all the definition in outer scopes are ignored. This can lead to headers not being modified as expected. Depending on the headers being added or removed unexpectedly, this behavior could lead to unexpected client behavior. This vulnerability is fixed in commit 123f5e2b65dcdba8f7ef659a00d24bd1249141be. 2024-10-11 3.1 CVE-2024-25622 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
h2o–h2o
 
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue. 2024-10-11 3.7 CVE-2024-45403 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
n/a–07FLYCMS
 
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. 2024-10-11 2.4 CVE-2024-9856 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
n/a–Intel(R) TDX Module firmware
 
Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information disclosure via local access. 2024-10-08 2.5 CVE-2024-27457 secure@intel.com
 
n/a–QileCMS
 
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-13 3.7 CVE-2024-9907 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
OpenHarmony–OpenHarmony
 
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak. 2024-10-08 3.3 CVE-2024-43696 scy@openharmony.io
 
OpenHarmony–OpenHarmony
 
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input. 2024-10-08 3.3 CVE-2024-43697 scy@openharmony.io
 
OpenHarmony–OpenHarmony
 
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write. 2024-10-08 3.3 CVE-2024-45382 scy@openharmony.io
 
PHP Group–PHP
 
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. 2024-10-08 3.1 CVE-2024-8925 security@php.net
 
PHP Group–PHP
 
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. 2024-10-08 3.3 CVE-2024-9026 security@php.net
 
Samsung Mobile–Samsung Internet
 
Use of implicit intent for sensitive communication in translation?in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. 2024-10-08 3.3 CVE-2024-34671 mobile.security@samsung.com
 
Schneider Electric–Zelio Soft 2
 
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user. 2024-10-08 3.3 CVE-2024-8518 cybersecurity@se.com
 
Siemens–Tecnomatix Plant Simulation V2302
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2024-10-08 3.3 CVE-2024-45476 productcert@siemens.com
 
SourceCodester–Online Eyewear Shop
 
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 3.5 CVE-2024-9906 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
SourceCodester–Profile Registration without Reload Refresh
 
A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation of the argument email_address/address/company_name/job_title/jobDescriptionparameter leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 3.5 CVE-2024-9799 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
SourceCodester–Record Management System
 
A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file sort2_user.php. The manipulation of the argument qualification leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 3.5 CVE-2024-9810 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
 
TYPO3–typo3
 
TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to “everybody.” However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability. 2024-10-08 3.1 CVE-2024-47780 security-advisories@github.com
security-advisories@github.com
 
vim–vim
 
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 3.9 CVE-2024-47814 security-advisories@github.com
security-advisories@github.com
 

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
Apple–Apple TV for Windows
 
A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination. 2024-10-11 not yet calculated CVE-2024-44157 product-security@apple.com
product-security@apple.com
 
Avaiga–taipy
 
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-09 not yet calculated CVE-2024-47833 security-advisories@github.com
 
codeclysm–extract
 
Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you’re using the Extractor.FS interface, then upgrading to /v4 will require to implement the new methods that have been added. 2024-10-11 not yet calculated CVE-2024-47877 security-advisories@github.com
security-advisories@github.com
 
dataease–dataease
 
DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, PgConfiguration class don’t filter any parameters, directly concat user input. So, if the attacker adds some parameters in JDBC url, and connect to evil PG server, the attacker can trigger the PG jdbc deserialization vulnerability, and eventually the attacker can execute through the deserialization vulnerability system commands and obtain server privileges. The vulnerability has been fixed in v1.18.25. 2024-10-11 not yet calculated CVE-2024-47074 security-advisories@github.com
security-advisories@github.com
 
Delta Electronics–CNCSoft-G2
 
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. 2024-10-10 not yet calculated CVE-2024-47962 ics-cert@hq.dhs.gov
 
Delta Electronics–CNCSoft-G2
 
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. 2024-10-10 not yet calculated CVE-2024-47963 ics-cert@hq.dhs.gov
 
Delta Electronics–CNCSoft-G2
 
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. 2024-10-10 not yet calculated CVE-2024-47964 ics-cert@hq.dhs.gov
 
Delta Electronics–CNCSoft-G2
 
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. 2024-10-10 not yet calculated CVE-2024-47965 ics-cert@hq.dhs.gov
 
Delta Electronics–CNCSoft-G2
 
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. 2024-10-10 not yet calculated CVE-2024-47966 ics-cert@hq.dhs.gov
 
Eclipse Foundation–Mosquitto
 
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of “CONNECT”, “DISCONNECT”, “SUBSCRIBE”, “UNSUBSCRIBE” and “PUBLISH” packets. 2024-10-11 not yet calculated CVE-2024-8376 emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
emo@eclipse.org
 
eWeLink–Zigbee Bridge Pro
 
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware 2024-10-08 not yet calculated CVE-2024-7206 68870bb1-d075-4169-957d-e580b18692b9
 
Follet School Solutions–Destiny
 
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of handleloginform.do. 2024-10-08 not yet calculated CVE-2024-47095 33c584b5-0579-4c06-b2a0-8d8329fcab9c
 
GitHub–Enterprise Server
 
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program. 2024-10-10 not yet calculated CVE-2024-9487 product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
 
GitHub–GitHub Enterprise Server
 
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program. 2024-10-11 not yet calculated CVE-2024-9539 product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
 
Google–Chrome
 
Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) 2024-10-11 not yet calculated CVE-2024-9859 chrome-cve-admin@google.com
 
Google–Looker
 
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation. * Looker (original) was not vulnerable to this issue. Customer-hosted Looker instances were found to be vulnerable and must be upgraded. This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ . For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page: * 23.12 -> 23.12.123+ * 23.18 -> 23.18.117+ * 24.0 -> 24.0.92+ * 24.6 -> 24.6.77+ * 24.8 -> 24.8.66+ * 24.10 -> 24.10.78+ * 24.12 -> 24.12.56+ * 24.14 -> 24.14.37+ 2024-10-11 not yet calculated CVE-2024-8912 cve-coordination@google.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication. Users are advised to upgrade to `gradio>4.44` to address this issue. As a workaround, users can manually enforce stricter CORS origin validation by modifying the `CustomCORSMiddleware` class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation. 2024-10-10 not yet calculated CVE-2024-47084 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file paths using `..` (parent directory) sequences. Attackers could potentially access restricted files if they are able to exploit this flaw, although the difficulty is high. This primarily impacts users relying on Gradio’s blocklist or directory access validation, particularly when handling file uploads. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually sanitize and normalize file paths in their Gradio deployment before passing them to the `is_in_or_equal` function. Ensuring that all file paths are properly resolved and absolute can help mitigate the bypass vulnerabilities caused by the improper handling of `..` sequences or malformed paths. 2024-10-10 not yet calculated CVE-2024-47164 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **CORS origin validation accepting a null origin**. When a Gradio server is deployed locally, the `localhost_aliases` variable includes “null” as a valid origin. This allows attackers to make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leading to data theft, such as user authentication tokens or uploaded files. This impacts users running Gradio locally, especially those using basic authentication. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually modify the `localhost_aliases` list in their local Gradio deployment to exclude “null” as a valid origin. By removing this value, the Gradio server will no longer accept requests from sandboxed iframes or sources with a null origin, mitigating the potential for exploitation. 2024-10-10 not yet calculated CVE-2024-47165 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Although the traversal is limited to a single directory level, it could expose proprietary or sensitive code that developers intended to keep private. This impacts users who have developed custom Gradio components and are hosting them on publicly accessible servers. Users are advised to upgrade to `gradio>=4.44` to address this issue. As a workaround, developers can sanitize the file paths and ensure that components are not stored in publicly accessible directories. 2024-10-10 not yet calculated CVE-2024-47166 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks. 2024-10-10 not yet calculated CVE-2024-47167 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. Users are advised to upgrade to gradio>=4.44 to address this issue. There are no known workarounds for this vulnerability. 2024-10-10 not yet calculated CVE-2024-47168 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file’s checksum or signature. Any users utilizing the Gradio server’s sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn’t been tampered with. 2024-10-10 not yet calculated CVE-2024-47867 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data. Vulnerable Components: 1. **String to FileData:** DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton. 2. **Complex data to FileData:** Chatbot, MultimodalTextbox. 3. **Direct file read in preprocess:** Code. 4. **Dictionary converted to FileData:** ParamViewer, Dataset. Exploit Scenarios: 1. A developer creates a Dropdown list that passes values to a DownloadButton. An attacker bypasses the allowed inputs, sends an arbitrary file path (like `/etc/passwd`), and downloads sensitive files. 2. An attacker crafts a malicious payload in a ParamViewer component, leaking sensitive files from a server through the arbitrary file leak. This issue has been resolved in `gradio>5.0`. Upgrading to the latest version will mitigate this vulnerability. There are no known workarounds for this vulnerability. 2024-10-10 not yet calculated CVE-2024-47868 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys. Users are advised to upgrade to `gradio>4.44` to mitigate this issue. To mitigate the risk before applying the patch, developers can manually patch the `analytics_dashboard` dashboard to use a **constant-time comparison** function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled. 2024-10-10 not yet calculated CVE-2024-47869 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to `gradio>=5` to address this issue. There are no known workarounds for this issue. 2024-10-10 not yet calculated CVE-2024-47870 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio’s `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication. 2024-10-10 not yet calculated CVE-2024-47871 security-advisories@github.com
 
gradio-app–gradio
 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execute in their browser, allowing attackers to perform unauthorized actions or steal sensitive information from their sessions. This impacts any Gradio server that allows file uploads, particularly those using components that process or display user-uploaded files. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can restrict the types of files that can be uploaded to the Gradio server by limiting uploads to non-executable file types such as images or text. Additionally, developers can implement server-side validation to sanitize uploaded files, ensuring that HTML, JavaScript, and SVG files are properly handled or rejected before being stored or displayed to users. 2024-10-10 not yet calculated CVE-2024-47872 security-advisories@github.com
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why] DMCUB can intermittently take longer than expected to process commands. Old ASIC policy was to continue while logging a diagnostic error – which works fine for ASIC without IPS, but with IPS this could lead to a race condition where we attempt to access DCN state while it’s inaccessible, leading to a system hang when the NIU port is not disabled or register accesses that timeout and the display configuration in an undefined state. [How] We need to investigate why these accesses take longer than expected, but for now we should disable the timeout on DCN35 to avoid this race condition. Since the waits happen only at lower interrupt levels the risk of taking too long at higher IRQ and causing a system watchdog timeout are minimal. 2024-10-09 not yet calculated CVE-2024-46870 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes ‘6’ types in enum dmub_notification_type. Not 5. Using smaller number to create array dmub_callback & dmub_thread_offload has potential to access item out of array bound. Fix it. 2024-10-09 not yet calculated CVE-2024-46871 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp – call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process. 2024-10-09 not yet calculated CVE-2024-47658 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label ‘foo’ connects to a label ‘bar’ with tcp/ipv4, ‘foo’ always gets ‘foo’ in returned ipv4 packets. So, 1) returned packets are incorrectly labeled (‘foo’ instead of ‘bar’) 2) ‘bar’ can write to ‘foo’ without being authorized to write. Here is a scenario how to see this: * Take two machines, let’s call them C and S, with active Smack in the default state (no settings, no rules, no labeled hosts, only builtin labels) * At S, add Smack rule ‘foo bar w’ (labels ‘foo’ and ‘bar’ are instantiated at S at this moment) * At S, at label ‘bar’, launch a program that listens for incoming tcp/ipv4 connections * From C, at label ‘foo’, connect to the listener at S. (label ‘foo’ is instantiated at C at this moment) Connection succeedes and works. * Send some data in both directions. * Collect network traffic of this connection. All packets in both directions are labeled with the CIPSO of the label ‘foo’. Hence, label ‘bar’ writes to ‘foo’ without being authorized, and even without ever being known at C. If anybody cares: exactly the same happens with DCCP. This behavior 1st manifested in release 2.6.29.4 (see Fixes below) and it looks unintentional. At least, no explanation was provided. I changed returned packes label into the ‘bar’, to bring it into line with the Smack documentation claims. 2024-10-09 not yet calculated CVE-2024-47659 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode->i_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races with __fsnotify_update_child_dentry_flags() calls from __fsnotify_parent() happening on children. This can lead upto softlockup reports reported by users. Fix the problem by calling fsnotify_update_children_dentry_flags() to set PARENT_WATCHED flags only when parent starts watching children. When parent stops watching children, clear false positive PARENT_WATCHED flags lazily in __fsnotify_parent() for each accessed child. 2024-10-09 not yet calculated CVE-2024-47660 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd’s ramping_boundary has size of uint8_t and it is assigned 0xFFFF. Fix it by changing it to uint8_t with value of 0xFF. This fixes 2 INTEGER_OVERFLOW issues reported by Coverity. 2024-10-09 not yet calculated CVE-2024-47661 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection [Why] These registers should not be read from driver and triggering the security violation when DMCUB work times out and diagnostics are collected blocks Z8 entry. [How] Remove the register read from DCN35. 2024-10-09 not yet calculated CVE-2024-47662 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking ‘if (fout > (clk_freq / 2))’ doesn’t protect in case of ‘fout’ is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE. 2024-10-09 not yet calculated CVE-2024-47663 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware If the value of max_speed_hz is 0, it may cause a division by zero error in hisi_calc_effective_speed(). The value of max_speed_hz is provided by firmware. Firmware is generally considered as a trusted domain. However, as division by zero errors can cause system failure, for defense measure, the value of max_speed is validated here. So 0 is regarded as invalid and an error code is returned. 2024-10-09 not yet calculated CVE-2024-47664 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Definitely condition dma_get_cache_alignment * defined value > 256 during driver initialization is not reason to BUG_ON(). Turn that to graceful error out with -EINVAL. 2024-10-09 not yet calculated CVE-2024-47665 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash. 2024-10-09 not yet calculated CVE-2024-47666 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 (SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an inbound PCIe TLP spans more than two internal AXI 128-byte bursts, the bus may corrupt the packet payload and the corrupt data may cause associated applications or the processor to hang. The workaround for Errata #i2037 is to limit the maximum read request size and maximum payload size to 128 bytes. Add workaround for Errata #i2037 here. The errata and workaround is applicable only to AM65x SR 1.0 and later versions of the silicon will have this fixed. [1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf 2024-10-09 not yet calculated CVE-2024-47667 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we’ll still have a preallocated node that might be used later. If we then use that node for a new non-root node, it’ll still have a pointer to the old root instead of being zeroed – fix this by zeroing it in the cmpxchg failure path. 2024-10-09 not yet calculated CVE-2024-47668 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 (“nilfs2: separate wait function from nilfs_segctor_write”) was applied, the log writing function nilfs_segctor_do_construct() was able to issue I/O requests continuously even if user data blocks were split into multiple logs across segments, but two potential flaws were introduced in its error handling. First, if nilfs_segctor_begin_construction() fails while creating the second or subsequent logs, the log writing function returns without calling nilfs_segctor_abort_construction(), so the writeback flag set on pages/folios will remain uncleared. This causes page cache operations to hang waiting for the writeback flag. For example, truncate_inode_pages_final(), which is called via nilfs_evict_inode() when an inode is evicted from memory, will hang. Second, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. As a result, if the next log write involves checkpoint creation, that’s fine, but if a partial log write is performed that does not, inodes with NILFS_I_COLLECTED set are erroneously removed from the “sc_dirty_files” list, and their data and b-tree blocks may not be written to the device, corrupting the block mapping. Fix these issues by uniformly calling nilfs_segctor_abort_construction() on failure of each step in the loop in nilfs_segctor_do_construct(), having it clean up logs and segment usages according to progress, and correcting the conditions for calling nilfs_redirty_inodes() to ensure that the NILFS_I_COLLECTED flag is cleared. 2024-10-09 not yet calculated CVE-2024-47669 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn’t stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images. 2024-10-09 not yet calculated CVE-2024-47670 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. 2024-10-09 not yet calculated CVE-2024-47671 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don’t wait for tx queues if firmware is dead There is a WARNING in iwl_trans_wait_tx_queues_empty() (that was recently converted from just a message), that can be hit if we wait for TX queues to become empty after firmware died. Clearly, we can’t expect anything from the firmware after it’s declared dead. Don’t call iwl_trans_wait_tx_queues_empty() in this case. While it could be a good idea to stop the flow earlier, the flush functions do some maintenance work that is not related to the firmware, so keep that part of the code running even when the firmware is not running. [edit commit message] 2024-10-09 not yet calculated CVE-2024-47672 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING. bad state = 0 WARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] RIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] Call Trace: <TASK> iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm] iwl_mvm_config_scan+0x198/0x260 [iwlmvm] iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm] iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm] process_one_work+0x29e/0x640 worker_thread+0x2df/0x690 ? rescuer_thread+0x540/0x540 kthread+0x192/0x1e0 ? set_kthread_struct+0x90/0x90 ret_from_fork+0x22/0x30 2024-10-09 not yet calculated CVE-2024-47673 416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
 
livewire–livewire
 
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a “.php” file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file->getClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute “.php” files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-08 not yet calculated CVE-2024-47823 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
miraheze–CreateWiki
 
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue). 2024-10-07 not yet calculated CVE-2024-47781 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
n/a–n/a
 
i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete. 2024-10-09 not yet calculated CVE-2023-36325 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an SVG document. 2024-10-09 not yet calculated CVE-2023-45872 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. 2024-10-09 not yet calculated CVE-2024-32608 cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration. Because these parameters are needed for initialization, there is no available mechanism to ensure access control on the management node, and a mitigation measure is normally put in place to prevent access to unprivileged users. It was discovered that this mitigation measure does not survive a reboot of diskful nodes. (Diskless nodes are not at risk.) The mistake lies in the cloudinit configuration: the iptables configuration should have been in the bootcmd instead of the runcmd section. 2024-10-11 not yet calculated CVE-2024-42018 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2024-10-11 not yet calculated CVE-2024-42640 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. 2024-10-09 not yet calculated CVE-2024-42934 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 – v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+. 2024-10-09 not yet calculated CVE-2024-42988 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. 2024-10-11 not yet calculated CVE-2024-44413 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. 2024-10-11 not yet calculated CVE-2024-44415 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. 2024-10-11 not yet calculated CVE-2024-44729 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. 2024-10-11 not yet calculated CVE-2024-44730 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections. 2024-10-11 not yet calculated CVE-2024-44731 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. 2024-10-11 not yet calculated CVE-2024-44734 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files. 2024-10-11 not yet calculated CVE-2024-44807 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service. 2024-10-11 not yet calculated CVE-2024-45184 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. 2024-10-08 not yet calculated CVE-2024-45230 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). 2024-10-08 not yet calculated CVE-2024-45231 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection can occur in the listing of configured reporting jobs. Exploitation is only accessible to authenticated users with high-privileged access. 2024-10-11 not yet calculated CVE-2024-45754 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. 2024-10-07 not yet calculated CVE-2024-45894 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. 2024-10-08 not yet calculated CVE-2024-45918 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired. 2024-10-07 not yet calculated CVE-2024-46040 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. 2024-10-11 not yet calculated CVE-2024-46215 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. 2024-10-09 not yet calculated CVE-2024-46237 cve@mitre.org
 
n/a–n/a
 
A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. 2024-10-11 not yet calculated CVE-2024-46468 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. 2024-10-11 not yet calculated CVE-2024-46532 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process 2024-10-11 not yet calculated CVE-2024-48768 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48769 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48770 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process 2024-10-11 not yet calculated CVE-2024-48771 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48772 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process 2024-10-11 not yet calculated CVE-2024-48773 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48774 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48775 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process 2024-10-11 not yet calculated CVE-2024-48776 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48777 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48778 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48784 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48786 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48787 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. 2024-10-11 not yet calculated CVE-2024-48788 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed. 2024-10-11 not yet calculated CVE-2024-48937 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process. 2024-10-11 not yet calculated CVE-2024-48938 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits “sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()” validation. 2024-10-10 not yet calculated CVE-2024-48949 cve@mitre.org
cve@mitre.org
 
n/a–n/a
 
Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization for ticket viewing, the mechanism for detecting spoofed e-mail messages is insufficient, and the support e-mail addresses associated with individual tickets are predictable. 2024-10-12 not yet calculated CVE-2024-49193 cve@mitre.org
cve@mitre.org
cve@mitre.org
 
netease-youdao–netease-youdao/qanything
 
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2. 2024-10-13 not yet calculated CVE-2024-7099 security@huntr.dev
security@huntr.dev
 
open-webui–open-webui/open-webui
 
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution. 2024-10-09 not yet calculated CVE-2024-7037 security@huntr.dev
 
open-webui–open-webui/open-webui
 
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information. 2024-10-09 not yet calculated CVE-2024-7038 security@huntr.dev
 
open-webui–open-webui/open-webui
 
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other users’ memories without proper authorization. 2024-10-09 not yet calculated CVE-2024-7041 security@huntr.dev
 
open-webui–open-webui/open-webui
 
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models. 2024-10-10 not yet calculated CVE-2024-7048 security@huntr.dev
 
open-webui–open-webui/open-webui
 
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process. 2024-10-10 not yet calculated CVE-2024-7049 security@huntr.dev
 
pac4j–pac4j
 
pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-10 not yet calculated CVE-2023-25581 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
Palo Alto Networks–Cortex XDR Agent
 
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. 2024-10-09 not yet calculated CVE-2024-9469 psirt@paloaltonetworks.com
 
Palo Alto Networks–Cortex XSOAR
 
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data. 2024-10-09 not yet calculated CVE-2024-9470 psirt@paloaltonetworks.com
 
Palo Alto Networks–Expedition
 
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. 2024-10-09 not yet calculated CVE-2024-9463 psirt@paloaltonetworks.com
 
Palo Alto Networks–Expedition
 
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. 2024-10-09 not yet calculated CVE-2024-9464 psirt@paloaltonetworks.com
 
Palo Alto Networks–Expedition
 
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. 2024-10-09 not yet calculated CVE-2024-9465 psirt@paloaltonetworks.com
 
Palo Alto Networks–Expedition
 
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. 2024-10-09 not yet calculated CVE-2024-9466 psirt@paloaltonetworks.com
 
Palo Alto Networks–Expedition
 
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. 2024-10-09 not yet calculated CVE-2024-9467 psirt@paloaltonetworks.com
 
Palo Alto Networks–GlobalProtect App
 
A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. 2024-10-09 not yet calculated CVE-2024-9473 psirt@paloaltonetworks.com
 
Palo Alto Networks–PAN-OS
 
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. 2024-10-09 not yet calculated CVE-2024-9468 psirt@paloaltonetworks.com
 
Palo Alto Networks–PAN-OS
 
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with “Virtual system administrator (read-only)” access could use an XML API key of a “Virtual system administrator” to perform write operations on the virtual system configuration even though they should be limited to read-only operations. 2024-10-09 not yet calculated CVE-2024-9471 psirt@paloaltonetworks.com
 
parisneo–parisneo/lollms
 
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim’s computer, potentially installing multiple packages and causing a crash. 2024-10-11 not yet calculated CVE-2024-6971 security@huntr.dev
 
parisneo–parisneo/lollms
 
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim’s computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files. 2024-10-11 not yet calculated CVE-2024-6985 security@huntr.dev
security@huntr.dev
 
parisneo–parisneo/lollms-webui
 
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime. 2024-10-13 not yet calculated CVE-2024-6959 security@huntr.dev
 
Payara Platform–Payara Server
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. 2024-10-08 not yet calculated CVE-2024-8215 769c9ae7-73c3-4e47-ae19-903170fc3eb8
769c9ae7-73c3-4e47-ae19-903170fc3eb8
769c9ae7-73c3-4e47-ae19-903170fc3eb8
 
Rockwell Automation–CompactLogix 5380 controllers
 
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. 2024-10-08 not yet calculated CVE-2024-8626 PSIRT@rockwellautomation.com
 
Rockwell Automation–Drives – PowerFlex 6000T
 
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests. 2024-10-08 not yet calculated CVE-2024-9124 PSIRT@rockwellautomation.com
 
Rockwell Automation–Verve Asset Manager
 
An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to. 2024-10-08 not yet calculated CVE-2024-9412 PSIRT@rockwellautomation.com
 
SonicWall–Connect Tunnel
 
The Improper link resolution before file access (‘Link Following’) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack. 2024-10-11 not yet calculated CVE-2024-45315 PSIRT@sonicwall.com
 
SonicWall–SMA1000
 
A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address. 2024-10-11 not yet calculated CVE-2024-45317 PSIRT@sonicwall.com
 
ssoready–ssoready
 
ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-… to sha-7f92a06. There are no known workarounds for this vulnerability. 2024-10-09 not yet calculated CVE-2024-47832 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
 
TE Informatics–Nova CMS
 
SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0. 2024-10-10 not yet calculated CVE-2024-4658 iletisim@usom.gov.tr
 
TRtek Software–Distant Education Platform
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), Improper Input Validation vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11. 2024-10-09 not yet calculated CVE-2024-9286 iletisim@usom.gov.tr
 
Unknown–Photo Gallery by 10Web
 
The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-10-09 not yet calculated CVE-2024-5968 contact@wpscan.com
 
zefr0x–foxmarks
 
foxmarks is a CLI read-only interface for Firefox’s bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox’s database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0. 2024-10-11 not yet calculated CVE-2024-47884 security-advisories@github.com
security-advisories@github.com
 

Back to top

Posted by

in