High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47410 | psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47411 | psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47412 | psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47413 | psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47414 | psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47415 | psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47416 | psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47417 | psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47418 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | 2024-10-10 | 9.8 | CVE-2024-45115 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim’s browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction. | 2024-10-10 | 8.1 | CVE-2024-45116 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed. | 2024-10-10 | 7.6 | CVE-2024-45117 | psirt@adobe.com |
| Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47421 | psirt@adobe.com |
| Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction. | 2024-10-09 | 7.8 | CVE-2024-47422 | psirt@adobe.com |
| Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which can be automatically processed or executed by the system. Exploitation of this issue requires user interaction. | 2024-10-09 | 7.8 | CVE-2024-47423 | psirt@adobe.com |
| Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47424 | psirt@adobe.com |
| Adobe–Adobe Framemaker |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-47425 | psirt@adobe.com |
| Adobe–Dimension |
Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45146 | psirt@adobe.com |
| Adobe–Dimension |
Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45150 | psirt@adobe.com |
| Adobe–InCopy |
InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue requires user interaction. | 2024-10-09 | 7.8 | CVE-2024-45136 | psirt@adobe.com |
| Adobe–InDesign Desktop |
InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction. | 2024-10-09 | 7.8 | CVE-2024-45137 | psirt@adobe.com |
| Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45138 | psirt@adobe.com |
| Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45139 | psirt@adobe.com |
| Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45140 | psirt@adobe.com |
| Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45141 | psirt@adobe.com |
| Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45142 | psirt@adobe.com |
| Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45143 | psirt@adobe.com |
| Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45144 | psirt@adobe.com |
| Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 7.8 | CVE-2024-45152 | psirt@adobe.com |
| afthemes–WP Post Author Boost Your Blog’s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder |
The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-10-12 | 7.2 | CVE-2024-8757 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Apache Software Foundation–Apache Subversion |
On Windows platforms, a “best fit” character encoding conversion of command line arguments to Subversion’s executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms. | 2024-10-09 | 8.2 | CVE-2024-45720 | security@apache.org |
| Apache Software Foundation–Apache XML Graphics FOP |
Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue. | 2024-10-09 | 7.5 | CVE-2024-28168 | security@apache.org |
| ataurr–GutenKit Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor |
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins. | 2024-10-11 | 9.8 | CVE-2024-9234 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Bit Form–Bit Form Contact Form Plugin |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11. | 2024-10-07 | 7.6 | CVE-2024-47335 | audit@patchstack.com |
| btcsuite–btcd |
btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core’s “FindAndDelete()” functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn’t return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a “standard” Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = “<data> <data||foo>”` and `dataToRemove = “data”` btcd will remove both data pushes but Bitcoin Core’s `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue. | 2024-10-11 | 7.4 | CVE-2024-38365 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Cacti–cacti |
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue. | 2024-10-07 | 7.3 | CVE-2024-43362 | security-advisories@github.com |
| Cacti–cacti |
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 7.2 | CVE-2024-43363 | security-advisories@github.com |
| Canonical Ltd.–Authd |
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user’s ID and gain their privileges. | 2024-10-10 | 7.5 | CVE-2024-9312 | security@ubuntu.com security@ubuntu.com |
| checkmk — checkmk |
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | 2024-10-10 | 7.5 | CVE-2024-6747 | security@checkmk.com |
| code-projects–Blood Bank System |
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file register.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9797 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Crud Operation System |
A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9812 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Restaurant Reservation System |
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9811 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Codezips–Pharmacy Management System |
A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9813 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Codezips–Pharmacy Management System |
A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. Affected is an unknown function of the file product/update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9814 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| cure53–DOMPurify |
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. | 2024-10-11 | 10 | CVE-2024-47875 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formEasySetupWWConfig of the file /goform/formEasySetupWWConfig. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9782 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formLogDnsquery of the file /goform/formLogDnsquery. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9783 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9784 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9785 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 8.8 | CVE-2024-9786 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9909 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9910 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9911 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9912 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability was found in D-Link DIR-619L B1 2.06. It has been rated as critical. This issue affects the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9913 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formSetWizardSelectMode of the file /goform/formSetWizardSelectMode. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9914 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DIR-619L B1 |
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 8.8 | CVE-2024-9915 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| discourse–discourse |
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 8.2 | CVE-2024-45051 | security-advisories@github.com |
| discourse–discourse |
Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value. | 2024-10-08 | 8.2 | CVE-2024-47773 | security-advisories@github.com |
| discourse–discourse |
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 7.5 | CVE-2024-43789 | security-advisories@github.com |
| dlink — dir-605l_firmware |
A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9563 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dlink — dir-605l_firmware |
A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9564 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dlink — dir-605l_firmware |
A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9565 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dlink — dir-619l_firmware |
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9566 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dlink — dir-619l_firmware |
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9567 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dlink — dir-619l_firmware |
A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument curTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9568 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dlink — dir-619l_firmware |
A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9569 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dlink — dir-619l_firmware |
A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-07 | 8.8 | CVE-2024-9570 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Elie Burstein, Baptiste Gourdin–Talkback |
Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback allows Object Injection.This issue affects Talkback: from n/a through 1.0. | 2024-10-11 | 9.8 | CVE-2024-48033 | audit@patchstack.com |
| Eyecix–JobSearch |
Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9. | 2024-10-10 | 9.8 | CVE-2024-47636 | audit@patchstack.com |
| Fortinet–FortiAnalyzer |
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | 2024-10-08 | 7.2 | CVE-2024-45330 | psirt@fortinet.com |
| GitLab–GitLab |
An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. | 2024-10-11 | 9.6 | CVE-2024-9164 | cve@gitlab.com cve@gitlab.com |
| GitLab–GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | 2024-10-11 | 8.2 | CVE-2024-8970 | cve@gitlab.com cve@gitlab.com |
| GitLab–GitLab |
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks. | 2024-10-10 | 8.2 | CVE-2024-8977 | cve@gitlab.com cve@gitlab.com |
| GitLab–GitLab |
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When adding a authorizing an application, it can be made to render as HTML under specific circumstances. | 2024-10-10 | 7.3 | CVE-2024-6530 | cve@gitlab.com cve@gitlab.com |
| Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | 2024-10-08 | 8.8 | CVE-2024-9602 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-10-08 | 8.8 | CVE-2024-9603 | chrome-cve-admin@google.com chrome-cve-admin@google.com |
| guruteam–Bot for Telegram on WooCommerce |
The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the ‘stm_wpcfto_get_settings’ AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature. | 2024-10-12 | 8.8 | CVE-2024-9821 | security@wordfence.com security@wordfence.com |
| h2o–picotls |
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d. | 2024-10-11 | 8.6 | CVE-2024-45402 | security-advisories@github.com security-advisories@github.com |
| h2o–quicly |
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c. | 2024-10-11 | 7.5 | CVE-2024-45396 | security-advisories@github.com security-advisories@github.com |
| happyplugins–Shortcodes AnyWhere |
The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-10-10 | 7.3 | CVE-2024-9581 | security@wordfence.com security@wordfence.com |
| HashiCorp–Vault |
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. | 2024-10-10 | 7.2 | CVE-2024-9180 | security@hashicorp.com |
| HP, Inc.–HP Hotkey Support |
A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. | 2024-10-07 | 8.8 | CVE-2024-27458 | hp-security-alert@hp.com |
| HuangDou–UTCMS |
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-13 | 7.3 | CVE-2024-9916 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| inventree–InvenTree |
InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addressed as follows: 1. HTML sanitization has been enabled in the front-end markdown rendering library – `easymde`. 2. Stored markdown is also validated on the backend, to ensure that malicious markdown is not stored in the database. These changes are available in release versions 0.16.5 and later. All users are advised to upgrade. There are no workarounds, an update is required to get the new validation functions. | 2024-10-07 | 7.3 | CVE-2024-47610 | security-advisories@github.com security-advisories@github.com |
| ivanti — endpoint_manager_cloud_services_appliance |
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | 2024-10-08 | 7.2 | CVE-2024-9379 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| ivanti — endpoint_manager_cloud_services_appliance |
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | 2024-10-08 | 7.2 | CVE-2024-9380 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| Ivanti–Avalanche |
A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | 2024-10-08 | 7.5 | CVE-2024-47007 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| Ivanti–Avalanche |
Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | 2024-10-08 | 7.5 | CVE-2024-47008 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| Ivanti–Avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 2024-10-08 | 7.3 | CVE-2024-47009 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| Ivanti–Avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | 2024-10-08 | 7.3 | CVE-2024-47010 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| Ivanti–Avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | 2024-10-08 | 7.5 | CVE-2024-47011 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| Ivanti–CSA (Cloud Services Appliance) |
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | 2024-10-08 | 7.2 | CVE-2024-9381 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| Ivanti–Endpoint Manager Mobile |
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to access or modify sensitive configuration files without proper authorization. | 2024-10-08 | 8.8 | CVE-2024-7612 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| Ivanti–Velocity License Server |
Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | 2024-10-08 | 7 | CVE-2024-9167 | 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups | 2024-10-08 | 7.5 | CVE-2024-47948 | cve@jetbrains.com |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location | 2024-10-08 | 7.5 | CVE-2024-47949 | cve@jetbrains.com |
| Juniper Networks–Junos OS |
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. In some cases, rpd fails to restart requiring a manual restart via the ‘restart routing’ CLI command. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5, * 22.3 before 22.3R3-S4, * 22.4 before 22.4R3-S3, * 23.2 before 23.2R2-S2, * 23.4 before 23.4R2; Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S5-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S2-EVO, * 23.4-EVO before 23.4R2-EVO. | 2024-10-09 | 7.5 | CVE-2024-39515 | sirt@juniper.net sirt@juniper.net |
| Juniper Networks–Junos OS |
An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP with any address family configured. This issue affects: Junos OS: * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5, * 22.3 before 22.3R3-S4, * 22.4 before 22.4R3-S3, * 23.2 before 23.2R2-S2, * 23.4 before 23.4R2; Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S5-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S2-EVO, * 23.4-EVO before 23.4R2-EVO. | 2024-10-09 | 7.5 | CVE-2024-39516 | sirt@juniper.net |
| Juniper Networks–Junos OS |
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R2-EVO. | 2024-10-09 | 7.5 | CVE-2024-39525 | sirt@juniper.net sirt@juniper.net |
| Juniper Networks–Junos OS |
An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS). If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process. While not explicitly required, the impact is more severe when RIB sharding is enabled. Task accounting shows unexpected reads by the RPD Server jobs for shards: user@junos> show task accounting detail … read:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888 read:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888 read:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888 read:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888 This issue affects: Junos OS with cRPD: * All versions before 21.2R3-S8, * 21.4 before 21.4R3-S7, * 22.1 before 22.1R3-S6, * 22.2 before 22.2R3-S4, * 22.3 before 22.3R3-S3, * 22.4 before 22.4R3-S2, * 23.2 before 23.2R2-S2, * 24.2 before 24.2R2; Junos OS Evolved with cRPD: * All versions before 21.4R3-S7-EVO, * 22.2 before 22.2R3-S4-EVO, * 22.3 before 22.3R3-S3-EVO, * 22.4 before 22.4R3-S2-EVO, * 23.2 before 23.2R2-EVO. | 2024-10-11 | 7.5 | CVE-2024-39547 | sirt@juniper.net |
| Juniper Networks–Junos OS |
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. Continuous receipt of a BGP UPDATE with a specifically malformed path attribute will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects: ?Juniper Networks Junos OS: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2. ?Juniper Networks Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO. | 2024-10-11 | 7.5 | CVE-2024-47491 | sirt@juniper.net |
| Juniper Networks–Junos OS |
An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS). An attacker can send specific HTTPS connection requests to the device, triggering the creation of processes that are not properly terminated. Over time, this leads to resource exhaustion, ultimately causing the device to crash and restart. The following command can be used to monitor the resource usage: user@host> show system processes extensive | match mgd | count This issue affects Junos OS on SRX Series and EX Series: All versions before 21.4R3-S7, from 22.2 before 22.2R3-S4, from 22.3 before 22.3R3-S3, from 22.4 before 22.4R3-S2, from 23.2 before 23.2R2-S1, from 23.4 before 23.4R1-S2, 23.4R2. | 2024-10-11 | 7.5 | CVE-2024-47497 | sirt@juniper.net |
| Juniper Networks–Junos OS |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4 versions before 21.4R3-S8-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R3-S2-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO. | 2024-10-11 | 7.5 | CVE-2024-47499 | sirt@juniper.net |
| Juniper Networks–Junos OS |
An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos). When a non-clustered SRX5000 device receives a specifically malformed packet this will cause a flowd crash and restart. This issue affects Junos OS: * 22.1 releases 22.1R1 and later before 22.2R3-S5, * 22.3 releases before 22.3R3-S4, * 22.4 releases before 22.4R3-S4, * 23.2 releases before 23.2R2-S2, * 23.4 releases before 23.4R2-S1, * 24.2 releases before 24.2R1-S1, 24.2R2. Please note that the PR does indicate that earlier versions have been fixed as well, but these won’t be adversely impacted by this. | 2024-10-11 | 7.5 | CVE-2024-47504 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue. This issue affects Junos OS Evolved ACX 7000 Series: * All versions before 21.4R3-S9-EVO, * 22.2-EVO before 22.2R3-S4-EVO, * 22.3-EVO before 22.3R3-S3-EVO, * 22.4-EVO before 22.4R3-S2-EVO, * 23.2-EVO before 23.2R2-EVO, * 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO. | 2024-10-11 | 8.2 | CVE-2024-47490 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established. A continuously increasing number of connections shown by: user@host > show system connections is indicative of the problem. To recover the respective RE needs to be restarted manually. This issue only affects IPv4 but does not affect IPv6. This issue only affects TCP sessions established in-band (over an interface on an FPC) but not out-of-band (over the management ethernet port on the routing-engine). This issue affects Junos OS Evolved:Â * All versions before 21.4R3-S9-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 version before 22.4R3-S3-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R2-EVO. | 2024-10-11 | 7.5 | CVE-2024-47502 | sirt@juniper.net |
| Juniper Networks–Junos Space |
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance. This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability. | 2024-10-11 | 7.3 | CVE-2024-39563 | sirt@juniper.net |
| lagunaisw–WP Users Masquerade |
The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the ‘ajax_masq_login’ function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. | 2024-10-10 | 8.8 | CVE-2024-9522 | security@wordfence.com security@wordfence.com |
| latepoint–LatePoint Plugin |
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note that changing a WordPress user’s password is only possible if the “Use WordPress users as customers” setting is enabled, which is disabled by default. Without this setting enabled, only the passwords of plugin customers, which are stored and managed in a separate database table, can be modified. | 2024-10-08 | 9.8 | CVE-2024-8911 | security@wordfence.com security@wordfence.com |
| latepoint–LatePoint Plugin |
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the “Use WordPress users as customers” setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13. | 2024-10-08 | 9.8 | CVE-2024-8943 | security@wordfence.com security@wordfence.com |
| Lenovo–App Store |
A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-4130 | psirt@lenovo.com |
| Lenovo–Baiying |
A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33579 | psirt@lenovo.com |
| Lenovo–Emulator |
A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-4131 | psirt@lenovo.com |
| Lenovo–Leyun |
A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33578 | psirt@lenovo.com |
| Lenovo–Lock Screen |
A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-4132 | psirt@lenovo.com |
| Lenovo–PC Manager AI intelligent scenario |
A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33581 | psirt@lenovo.com |
| Lenovo–Personal Cloud |
A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33580 | psirt@lenovo.com |
| Lenovo–Service Framework |
A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-33582 | psirt@lenovo.com |
| Lenovo–stARstudio |
A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-9046 | psirt@lenovo.com |
| Lenovo–SuperFile |
A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. | 2024-10-11 | 7.8 | CVE-2024-4089 | psirt@lenovo.com |
| libarchive — libarchive |
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 2024-10-10 | 7.8 | CVE-2024-48957 | cve@mitre.org cve@mitre.org |
| libarchive — libarchive |
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 2024-10-10 | 7.8 | CVE-2024-48958 | cve@mitre.org cve@mitre.org |
| Linux Workbooth–Linux Workbooth |
Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script. | 2024-10-07 | 7 | CVE-2024-9576 | cve-coordination@incibe.es |
| makeplane–plane |
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0. | 2024-10-11 | 9.3 | CVE-2024-47830 | security-advisories@github.com security-advisories@github.com |
| mecha-cms — mecha |
Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover. | 2024-10-07 | 9.8 | CVE-2024-46446 | cve@mitre.org cve@mitre.org |
| MediaTek, Inc.–MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797 |
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535. | 2024-10-07 | 7.5 | CVE-2024-20094 | security@mediatek.com |
| MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7927, MT8183, MT8365, MT8512, MT8676, MT8678, MT8695, MT8698, MT8755, MT8775, MT8792, MT8796 |
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603. | 2024-10-07 | 9.8 | CVE-2024-20100 | security@mediatek.com |
| MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7927, MT8183, MT8512, MT8676, MT8678, MT8695, MT8698, MT8755, MT8775, MT8792, MT8796 |
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602. | 2024-10-07 | 9.8 | CVE-2024-20101 | security@mediatek.com |
| MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7927, MT8183, MT8512, MT8678, MT8695, MT8698, MT8796, MT8893 |
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599. | 2024-10-07 | 9.8 | CVE-2024-20103 | security@mediatek.com |
| MediaTek, Inc.–MT6761, MT6765, MT6768, MT6779, MT6785, MT6853, MT6873, MT6885, MT8385, MT8666, MT8667, MT8766, MT8768, MT8781, MT8788, MT8789 |
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700. | 2024-10-07 | 7.8 | CVE-2024-20092 | security@mediatek.com |
| microsoft — windows_10_1809 |
Microsoft Management Console Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43572 | secure@microsoft.com |
| microsoft — windows_10_22h2 |
Windows MSHTML Platform Spoofing Vulnerability | 2024-10-08 | 8.1 | CVE-2024-43573 | secure@microsoft.com |
| Microsoft–Azure CLI |
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | 2024-10-08 | 8.7 | CVE-2024-43591 | secure@microsoft.com |
| Microsoft–Azure Monitor |
Azure Monitor Agent Elevation of Privilege Vulnerability | 2024-10-08 | 7.1 | CVE-2024-38097 | secure@microsoft.com |
| Microsoft–Azure Stack HCI |
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | 2024-10-08 | 8.8 | CVE-2024-38179 | secure@microsoft.com |
| Microsoft–DeepSpeed |
DeepSpeed Remote Code Execution Vulnerability | 2024-10-08 | 8.4 | CVE-2024-43497 | secure@microsoft.com |
| Microsoft–Microsoft 365 Apps for Enterprise |
Microsoft Office Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43576 | secure@microsoft.com |
| Microsoft–Microsoft Configuration Manager |
Microsoft Configuration Manager Remote Code Execution Vulnerability | 2024-10-08 | 9.8 | CVE-2024-43468 | secure@microsoft.com |
| Microsoft–Microsoft Copilot Studio |
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector | 2024-10-09 | 7.4 | CVE-2024-43610 | secure@microsoft.com |
| Microsoft–Microsoft Office 2019 |
Microsoft Office Visio Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43505 | secure@microsoft.com |
| Microsoft–Microsoft Office 2019 |
Microsoft Office Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43616 | secure@microsoft.com |
| Microsoft–Microsoft Office LTSC 2024 |
Microsoft Excel Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43504 | secure@microsoft.com |
| Microsoft–Microsoft SharePoint Enterprise Server 2016 |
Microsoft SharePoint Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43503 | secure@microsoft.com |
| Microsoft–Microsoft Visual Studio 2022 version 17.6 |
.NET and Visual Studio Remote Code Execution Vulnerability | 2024-10-08 | 8.1 | CVE-2024-38229 | secure@microsoft.com |
| Microsoft–Microsoft Visual Studio 2022 version 17.6 |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43483 | secure@microsoft.com |
| Microsoft–Microsoft Visual Studio 2022 version 17.6 |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43484 | secure@microsoft.com |
| Microsoft–Microsoft Visual Studio 2022 version 17.6 |
.NET and Visual Studio Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43485 | secure@microsoft.com |
| Microsoft–Remote Desktop client for Windows Desktop |
Remote Desktop Client Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43533 | secure@microsoft.com |
| Microsoft–Visual C++ Redistributable Installer |
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43590 | secure@microsoft.com |
| Microsoft–Visual Studio Code |
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | 2024-10-08 | 8.8 | CVE-2024-43488 | secure@microsoft.com |
| Microsoft–Visual Studio Code |
Visual Studio Code for Linux Remote Code Execution Vulnerability | 2024-10-08 | 7.1 | CVE-2024-43601 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Hyper-V Remote Code Execution Vulnerability | 2024-10-08 | 8 | CVE-2024-30092 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43517 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Telephony Server Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43518 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43519 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Remote Registry Service Elevation of Privilege Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43532 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Remote Desktop Protocol Server Remote Code Execution Vulnerability | 2024-10-08 | 8.1 | CVE-2024-43582 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Remote Desktop Client Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43599 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Hyper-V Security Feature Bypass Vulnerability | 2024-10-08 | 7.1 | CVE-2024-20659 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
BranchCache Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-38149 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43501 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 7.1 | CVE-2024-43502 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
BranchCache Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43506 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Graphics Component Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43509 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 7 | CVE-2024-43511 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43515 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43516 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43528 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Secure Channel Spoofing Vulnerability | 2024-10-08 | 7.4 | CVE-2024-43550 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Storage Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43551 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
NT OS Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 7.4 | CVE-2024-43553 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Graphics Component Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43556 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43560 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43562 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43563 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43565 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | 2024-10-08 | 7.1 | CVE-2024-43581 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Winlogon Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43583 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | 2024-10-08 | 7.1 | CVE-2024-43615 | secure@microsoft.com |
| Microsoft–Windows 11 version 22H2 |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 2024-10-08 | 7 | CVE-2024-43522 | secure@microsoft.com |
| Microsoft–Windows 11 version 22H2 |
Windows Shell Remote Code Execution Vulnerability | 2024-10-08 | 7.3 | CVE-2024-43552 | secure@microsoft.com |
| Microsoft–Windows 11 Version 24H2 |
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43514 | secure@microsoft.com |
| Microsoft–Windows 11 Version 24H2 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 7.8 | CVE-2024-43527 | secure@microsoft.com |
| Microsoft–Windows 11 Version 24H2 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-10-08 | 7 | CVE-2024-43535 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Netlogon Elevation of Privilege Vulnerability | 2024-10-08 | 9 | CVE-2024-38124 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-38212 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-38265 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43453 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43549 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43564 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43589 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43592 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43593 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43607 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43608 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 8.8 | CVE-2024-43611 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-10-08 | 7.8 | CVE-2024-38261 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | 2024-10-08 | 7.5 | CVE-2024-38262 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Hyper-V Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43521 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43541 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43544 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43545 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Hyper-V Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43567 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Hyper-V Denial of Service Vulnerability | 2024-10-08 | 7.5 | CVE-2024-43575 | secure@microsoft.com |
| Microsoft–Windows Server 2022 |
Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | 2024-10-08 | 8.3 | CVE-2024-43574 | secure@microsoft.com |
| Microsoft–Windows Server 2022 |
Windows Print Spooler Elevation of Privilege Vulnerability | 2024-10-08 | 7.3 | CVE-2024-43529 | secure@microsoft.com |
| Microsoft–Windows Server 2022 |
Windows Scripting Engine Security Feature Bypass Vulnerability | 2024-10-08 | 7.7 | CVE-2024-43584 | secure@microsoft.com |
| Microsoft–Windows Server 2022, 23H2 Edition (Server Core installation) |
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | 2024-10-08 | 7.5 | CVE-2024-38029 | secure@microsoft.com |
| Microsoft–Windows Server 2022, 23H2 Edition (Server Core installation) |
Windows Kerberos Elevation of Privilege Vulnerability | 2024-10-08 | 7.5 | CVE-2024-38129 | secure@microsoft.com |
| miraheze–WikiDiscover |
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name and/or description to an XSS payload, the XSS will execute whenever the wiki is shown on Special:WikiDiscover. This issue has been patched with commit `2ce846dd93` and all users are advised to apply that patch. User unable to upgrade should block access to `Special:WikiDiscover`. | 2024-10-07 | 7.6 | CVE-2024-47782 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Mozilla–Firefox |
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. | 2024-10-09 | 9.8 | CVE-2024-9680 | security@mozilla.org security@mozilla.org security@mozilla.org |
| n/a–ggit |
All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API. | 2024-10-08 | 7.3 | CVE-2024-21532 | report@snyk.io report@snyk.io |
| n/a–jsonpath-plus |
Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** The unsafe behavior is still available after applying the fix but it is not turned on by default. | 2024-10-11 | 9.8 | CVE-2024-21534 | report@snyk.io report@snyk.io |
| n/a–n/a |
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks ‘�’ termination of the path for CGI scripts because strncpy is misused. | 2024-10-09 | 9.1 | CVE-2023-46586 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password. | 2024-10-09 | 9.8 | CVE-2024-25825 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB. | 2024-10-08 | 9.8 | CVE-2024-44349 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). | 2024-10-09 | 9.1 | CVE-2024-45160 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length field. After a PSA call, the length of the output arguments behind the unchecked pointer is updated in mailbox_direct_reply, regardless of the call result. This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE). | 2024-10-09 | 9.8 | CVE-2024-45746 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. | 2024-10-07 | 9.8 | CVE-2024-45873 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. | 2024-10-07 | 9.8 | CVE-2024-45874 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. | 2024-10-07 | 9.8 | CVE-2024-46076 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-10-11 | 9.8 | CVE-2024-46088 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with ${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior. | 2024-10-09 | 8.4 | CVE-2023-37154 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
3DSecure 2.0 allows CSRF in the Authorization Method via modified Origin and Referer HTTP headers. | 2024-10-09 | 8.8 | CVE-2024-25286 | cve@mitre.org |
| n/a–n/a |
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. | 2024-10-11 | 8.4 | CVE-2024-35517 | cve@mitre.org |
| n/a–n/a |
Netgear EX3700 ‘ AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. | 2024-10-11 | 8.4 | CVE-2024-35522 | cve@mitre.org |
| n/a–n/a |
An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation. | 2024-10-07 | 8.1 | CVE-2024-44068 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to command injection. | 2024-10-11 | 8.8 | CVE-2024-44414 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input filtering. This allows malicious users to inject and execute arbitrary commands. | 2024-10-08 | 8 | CVE-2024-45880 | cve@mitre.org |
| n/a–n/a |
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. | 2024-10-07 | 8.8 | CVE-2024-46041 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. | 2024-10-07 | 8.4 | CVE-2024-46278 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message. | 2024-10-09 | 8 | CVE-2024-46316 | cve@mitre.org |
| n/a–n/a |
Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). | 2024-10-08 | 8.2 | CVE-2024-46539 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component. | 2024-10-11 | 8.8 | CVE-2024-48813 | cve@mitre.org |
| n/a–n/a |
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. | 2024-10-11 | 8.8 | CVE-2024-48827 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string. | 2024-10-08 | 7.5 | CVE-2024-25885 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block’s merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance. | 2024-10-10 | 7.5 | CVE-2024-35202 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITYSYSTEM. | 2024-10-09 | 7.8 | CVE-2024-35288 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to execute commands in the context of the Linux user www-data via shell metacharacters in HTTP POST data (e.g., the city parameter). The OS command injection vulnerability in the script settimezone.pml or setdatetime.pml (e.g., via the year parameter) requires an administrative user for the C-MOR web interface. By also exploiting a privilege-escalation vulnerability, it is possible to execute commands on the C-MOR system with root privileges. | 2024-10-09 | 7.2 | CVE-2024-45179 | cve@mitre.org |
| n/a–n/a |
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. | 2024-10-09 | 7.5 | CVE-2024-46292 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c. | 2024-10-09 | 7.5 | CVE-2024-46304 | cve@mitre.org |
| n/a–n/a |
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products. | 2024-10-09 | 7.5 | CVE-2024-46307 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. | 2024-10-09 | 7.1 | CVE-2024-47191 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| nickboss–WordPress File Upload |
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier. | 2024-10-12 | 9.8 | CVE-2024-9047 | security@wordfence.com security@wordfence.com |
| NinjaTeam–Multi Step for Contact Form |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7. | 2024-10-11 | 9.3 | CVE-2024-47331 | audit@patchstack.com |
| Open Mainframe Project–Zowe |
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers. | 2024-10-10 | 9 | CVE-2024-9798 | zowe-security@lists.openmainframeproject.org |
| pedaloagency–Pedalo Connector |
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the ‘login_admin_user’ function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator. | 2024-10-11 | 9.8 | CVE-2024-9822 | security@wordfence.com security@wordfence.com |
| PHP Group–PHP |
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows “Best Fit” codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | 2024-10-08 | 8.1 | CVE-2024-8926 | security@php.net |
| PHP Group–PHP |
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | 2024-10-08 | 7.5 | CVE-2024-8927 | security@php.net |
| PHPOffice–PhpSpreadsheet |
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting (XSS) vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in `45_Quadratic_equation_solver.php` concatenates the user supplied parameters directly into spreadsheet formulas. This allows an attacker to take control over the formula and output unsanitized data into the page, resulting in JavaScript execution. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 7.1 | CVE-2024-45060 | security-advisories@github.com security-advisories@github.com |
| PHPOffice–PhpSpreadsheet |
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It’s possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 7.7 | CVE-2024-45290 | security-advisories@github.com security-advisories@github.com |
| PHPOffice–PhpSpreadsheet |
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. The security scan function in src/PhpSpreadsheet/Reader/Security/XmlScanner.php contains a flawed XML encoding check to retrieve the input file’s XML encoding in the toUtf8 function. The function searches for the XML encoding through a defined regex which looks for `encoding=”*”` and/or `encoding=’*’`, if not found, it defaults to the UTF-8 encoding which bypasses the conversion logic. This logic can be used to pass a UTF-7 encoded XXE payload, by utilizing a whitespace before or after the = in the attribute definition. Sensitive information disclosure through the XXE on sites that allow users to upload their own excel spreadsheets, and parse them using PHPSpreadsheet’s Excel parser. This issue has been addressed in release versions 1.29.1, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 7.5 | CVE-2024-45293 | security-advisories@github.com |
| Progress Software Corporation–Telerik Report Server |
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. | 2024-10-09 | 7.5 | CVE-2024-7292 | security@progress.com |
| Progress Software Corporation–Telerik Report Server |
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. | 2024-10-09 | 7.5 | CVE-2024-7293 | security@progress.com |
| Progress Software Corporation–Telerik Report Server |
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. | 2024-10-09 | 7.5 | CVE-2024-7294 | security@progress.com |
| Progress Software–Telerik Reporting |
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | 2024-10-09 | 9.1 | CVE-2024-8015 | security@progress.com |
| Progress Software–Telerik Reporting |
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 2024-10-09 | 8.8 | CVE-2024-8014 | security@progress.com |
| Progress Software–Telerik Reporting |
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 2024-10-09 | 7.8 | CVE-2024-7840 | security@progress.com |
| Progress Software–Telerik Reporting |
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | 2024-10-09 | 7.8 | CVE-2024-8048 | security@progress.com |
| Progress–LoadMaster |
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: ?Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) ? From 7.2.49.0 to 7.2.54.12 (inclusive) ? 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | 2024-10-11 | 8.4 | CVE-2024-8755 | security@progress.com |
| PureStorage–FlashArray |
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. | 2024-10-08 | 9.8 | CVE-2024-3057 | psirt@purestorage.com |
| qualcomm — fastconnect_6700_firmware |
Memory corruption while maintaining memory maps of HLOS memory. | 2024-10-07 | 7.8 | CVE-2024-43047 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption while redirecting log file to any file location with any file name. | 2024-10-07 | 9.8 | CVE-2024-33066 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Information disclosure while parsing the multiple MBSSID IEs from the beacon. | 2024-10-07 | 8.2 | CVE-2024-33064 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption while taking snapshot when an offset variable is set by camera driver. | 2024-10-07 | 8.4 | CVE-2024-33065 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | 2024-10-07 | 8.2 | CVE-2024-33073 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption while processing user packets to generate page faults. | 2024-10-07 | 8.4 | CVE-2024-38399 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. | 2024-10-07 | 7.8 | CVE-2024-21455 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. | 2024-10-07 | 7.8 | CVE-2024-23369 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. | 2024-10-07 | 7.5 | CVE-2024-33049 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. | 2024-10-07 | 7.5 | CVE-2024-33069 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing ESP IE from beacon/probe response frame. | 2024-10-07 | 7.5 | CVE-2024-33070 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. | 2024-10-07 | 7.5 | CVE-2024-33071 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing probe response and assoc response frame. | 2024-10-07 | 7.5 | CVE-2024-38397 | product-security@qualcomm.com |
| rami.io GmbH–pretix Widget WordPress plugin |
Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5. | 2024-10-09 | 8.1 | CVE-2024-9575 | 655498c3-6ec5-4f0b-aea6-853b334d05a6 655498c3-6ec5-4f0b-aea6-853b334d05a6 |
| Red Hat–Red Hat Build of Keycloak |
A flaw was found in Keycloak. Certain endpoints in Keycloak’s admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. | 2024-10-09 | 8.1 | CVE-2024-3656 | secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| redis–redis |
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 7 | CVE-2024-31449 | security-advisories@github.com security-advisories@github.com |
| Revmakx–Backup and Staging by WP Time Capsule |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21. | 2024-10-11 | 8.5 | CVE-2024-48020 | audit@patchstack.com |
| Samsung Mobile–Samsung Mobile Devices |
Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | 2024-10-08 | 7.5 | CVE-2024-34665 | mobile.security@samsung.com |
| Samsung Mobile–Samsung Mobile Devices |
Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | 2024-10-08 | 7.5 | CVE-2024-34666 | mobile.security@samsung.com |
| Samsung Mobile–Samsung Mobile Devices |
Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | 2024-10-08 | 7.5 | CVE-2024-34667 | mobile.security@samsung.com |
| Samsung Mobile–Samsung Mobile Devices |
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | 2024-10-08 | 7.5 | CVE-2024-34668 | mobile.security@samsung.com |
| Samsung Mobile–Samsung Mobile Devices |
Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | 2024-10-08 | 7.5 | CVE-2024-34669 | mobile.security@samsung.com |
| SAP_SE–SAP BusinessObjects Business Intelligence Platform (Web Intelligence) |
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. | 2024-10-08 | 7.7 | CVE-2024-37179 | cna@sap.com cna@sap.com |
| Schneider Electric–Data Center Expert |
CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. | 2024-10-11 | 7.2 | CVE-2024-8531 | cybersecurity@se.com |
| Schneider Electric–Easergy Studio |
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries | 2024-10-11 | 7.8 | CVE-2024-9002 | cybersecurity@se.com |
| Schneider Electric–EcoStruxure Power Monitoring Expert (PME) |
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. | 2024-10-08 | 7.1 | CVE-2024-9005 | cybersecurity@se.com |
| Schneider Electric–EVlink Home Smart |
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary | 2024-10-13 | 8.5 | CVE-2024-8070 | cybersecurity@se.com |
| Schneider Electric–System Monitor application in Harmony Industrial PC HMIBMO/HMIBMI/HMIPSO/HMIBMP/HMIBMU/HMIPSP/HMIPEP series |
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http | 2024-10-08 | 9.8 | CVE-2024-8884 | cybersecurity@se.com |
| Schneider Electric–Zelio Soft 2 |
CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. | 2024-10-08 | 7.8 | CVE-2024-8422 | cybersecurity@se.com |
| SEUR–SEUR plugin |
The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. | 2024-10-10 | 9.4 | CVE-2024-9201 | cve-coordination@incibe.es |
| siemens — sinec_security_monitor |
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the “`ssmctl-client“` command. This could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS. | 2024-10-08 | 9.9 | CVE-2024-47553 | productcert@siemens.com |
| siemens — sinec_security_monitor |
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the “`ssmctl-client“` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS. | 2024-10-08 | 8.8 | CVE-2024-47562 | productcert@siemens.com |
| Siemens–HiMed Cockpit 12 pro |
A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system. | 2024-10-08 | 8.5 | CVE-2023-52952 | productcert@siemens.com |
| Siemens–JT2Go |
A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-41902 | productcert@siemens.com |
| Siemens–SENTRON 7KM PAC3200 |
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication. | 2024-10-08 | 9.8 | CVE-2024-41798 | productcert@siemens.com |
| Siemens–Simcenter Nastran 2306 |
A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-41981 | productcert@siemens.com |
| Siemens–Simcenter Nastran 2306 |
A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-47046 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45463 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45464 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45465 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45466 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45467 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45468 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45469 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45470 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45471 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45472 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45473 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45474 | productcert@siemens.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | 2024-10-08 | 7.8 | CVE-2024-45475 | productcert@siemens.com |
| Solidigm–D7-P5500 |
Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service. | 2024-10-07 | 7 | CVE-2024-47975 | f946a70c-00eb-42ce-8e9b-634d1f7b5a6f |
| SonicWall–Connect Tunnel |
The Improper link resolution before file access (‘Link Following’) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. | 2024-10-11 | 7.8 | CVE-2024-45316 | PSIRT@sonicwall.com |
| SourceCodester–Online Veterinary Appointment System |
A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 7.3 | CVE-2024-9818 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Tainacan.org–Tainacan |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tainacan.Org Tainacan allows SQL Injection.This issue affects Tainacan: from n/a through 0.21.8. | 2024-10-11 | 8.5 | CVE-2024-48040 | audit@patchstack.com |
| themehunk–Hunk Companion |
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | 2024-10-11 | 9.8 | CVE-2024-9707 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| totalsoft–TS Poll Survey, Versus Poll, Image Poll, Video Poll |
The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-10-10 | 7.2 | CVE-2024-9022 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| userplus–User registration & user profile UserPlus |
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the ‘form_actions’ and ‘userplus_update_user_profile’ functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the ‘role’ parameter during a registration. | 2024-10-10 | 9.8 | CVE-2024-9518 | security@wordfence.com security@wordfence.com |
| userplus–User registration & user profile UserPlus |
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the ‘save_metabox_form’ function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation. | 2024-10-10 | 7.2 | CVE-2024-9519 | security@wordfence.com security@wordfence.com |
| WinHex–WinHex |
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. | 2024-10-07 | 7.3 | CVE-2023-6361 | cve-coordination@incibe.es |
| WinHex–WinHex |
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. | 2024-10-07 | 7.3 | CVE-2023-6362 | cve-coordination@incibe.es |
| Wireshark Foundation–Wireshark |
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file | 2024-10-10 | 7.8 | CVE-2024-9780 | cve@gitlab.com cve@gitlab.com |
| Wireshark Foundation–Wireshark |
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file | 2024-10-10 | 7.8 | CVE-2024-9781 | cve@gitlab.com cve@gitlab.com |
| Xerox–FreeFlow Core |
Missing Authentication – User & System Configuration | 2024-10-07 | 8.3 | CVE-2024-47555 | 10b61619-3869-496c-8a1e-f291b0e71e3f |
| Xerox–FreeFlow Core |
Pre-Auth RCE via Path Traversal | 2024-10-07 | 8.3 | CVE-2024-47556 | 10b61619-3869-496c-8a1e-f291b0e71e3f |
| Xerox–FreeFlow Core |
Pre-Auth RCE via Path Traversal | 2024-10-07 | 8.3 | CVE-2024-47557 | 10b61619-3869-496c-8a1e-f291b0e71e3f |
| Xerox–FreeFlow Core |
Authenticated RCE via Path Traversal | 2024-10-07 | 7.6 | CVE-2024-47558 | 10b61619-3869-496c-8a1e-f291b0e71e3f |
| Xerox–FreeFlow Core |
Authenticated RCE via Path Traversal | 2024-10-07 | 7.6 | CVE-2024-47559 | 10b61619-3869-496c-8a1e-f291b0e71e3f |
| Zoho Flow–Zoho Flow for WordPress |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zoho Flow Zoho Flow for WordPress allows SQL Injection.This issue affects Zoho Flow for WordPress: from n/a through 2.7.1. | 2024-10-09 | 7.6 | CVE-2024-47334 | audit@patchstack.com |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| ABB–RobotWare 6 |
An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 | 2024-10-10 | 5.1 | CVE-2024-6157 | cybersecurity@ch.abb.com |
| adamskaat–Read more By Adam |
The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons. | 2024-10-12 | 4.3 | CVE-2024-9187 | security@wordfence.com security@wordfence.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 5.5 | CVE-2024-47419 | psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 5.5 | CVE-2024-47420 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction. | 2024-10-10 | 6.5 | CVE-2024-45118 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs and have a low impact on both confidentiality and integrity. Exploitation of this issue does not require user interaction and scope is changed. | 2024-10-10 | 6.4 | CVE-2024-45119 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2024-10-10 | 6.1 | CVE-2024-45123 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction. | 2024-10-10 | 6.5 | CVE-2024-45132 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. | 2024-10-10 | 6.5 | CVE-2024-45148 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | 2024-10-10 | 5.3 | CVE-2024-45124 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction. | 2024-10-10 | 5.4 | CVE-2024-45128 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction. | 2024-10-10 | 5.4 | CVE-2024-45131 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | 2024-10-10 | 4.3 | CVE-2024-45121 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | 2024-10-10 | 4.3 | CVE-2024-45122 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction. | 2024-10-10 | 4.3 | CVE-2024-45125 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-10-10 | 4.8 | CVE-2024-45127 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | 2024-10-10 | 4.3 | CVE-2024-45129 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | 2024-10-10 | 4.3 | CVE-2024-45130 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | 2024-10-10 | 4.3 | CVE-2024-45149 | psirt@adobe.com |
| Adobe–Adobe Experience Manager |
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-10-07 | 5.4 | CVE-2024-45153 | psirt@adobe.com |
| Adobe–Lightroom Desktop |
Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 5.5 | CVE-2024-45145 | psirt@adobe.com |
| Adobe–Substance3D – Painter |
Substance3D – Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-10-09 | 5.5 | CVE-2024-20787 | psirt@adobe.com |
| afragen–Embed PDF Viewer |
The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ and ‘width’ parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-09 | 6.4 | CVE-2024-9451 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| algoritmika–Download Plugins and Themes in ZIP from Dashboard |
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-11 | 6.1 | CVE-2024-9232 | security@wordfence.com security@wordfence.com security@wordfence.com |
| algoritmika–Maximum Products per User for WooCommerce |
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-10 | 6.1 | CVE-2024-9205 | security@wordfence.com security@wordfence.com security@wordfence.com |
| amandato–PowerPress Podcasting plugin by Blubrry |
The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘skipto’ shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-11 | 6.4 | CVE-2024-9543 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| amirhelzer–WooCommerce Multilingual & Multicurrency with WPML |
The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-08 | 6.1 | CVE-2024-8629 | security@wordfence.com security@wordfence.com security@wordfence.com |
| ampache–ampache |
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent. | 2024-10-09 | 5.3 | CVE-2024-47828 | security-advisories@github.com |
| angeljudesuarez — placement_management_system |
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. | 2024-10-07 | 6.1 | CVE-2024-46300 | cve@mitre.org cve@mitre.org |
| ays-pro–Survey Maker |
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-10-08 | 4.4 | CVE-2024-8488 | security@wordfence.com security@wordfence.com |
| azexo–Mynx Page Builder |
The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-12 | 6.4 | CVE-2024-9656 | security@wordfence.com security@wordfence.com |
| bfintal–Stackable Page Builder Gutenberg Blocks |
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don’t perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users. | 2024-10-12 | 5.3 | CVE-2024-8760 | security@wordfence.com security@wordfence.com |
| bitpressadmin–Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder |
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to leverage a PHP filter chain attack and read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-10-11 | 4.9 | CVE-2024-9507 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| BlackBerry–QNX Software Development Platform (SDP) |
NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process. | 2024-10-08 | 6.2 | CVE-2024-35215 | secure@blackberry.com |
| blockmeister–BlockMeister Block Pattern Builder |
The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-11 | 6.1 | CVE-2024-9616 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| boonebgorges–BuddyPress Docs |
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-08 | 6.1 | CVE-2024-9207 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| brechtvds–WP Ultimate Post Grid |
The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-11 | 6.4 | CVE-2024-9051 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| brevo — newsletter,_smtp,_email_marketing_and_subscribe |
The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-10 | 4.3 | CVE-2024-8477 | security@wordfence.com security@wordfence.com |
| butterflymedia–ImagePress Image Gallery |
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-10-12 | 4.4 | CVE-2024-9776 | security@wordfence.com security@wordfence.com security@wordfence.com |
| butterflymedia–ImagePress Image Gallery |
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the ‘imagepress_admin_page’ function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-12 | 4.3 | CVE-2024-9778 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| butterflymedia–ImagePress Image Gallery |
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘ip_delete_post’ and ‘ip_update_post_title’ functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts and update post titles. | 2024-10-12 | 4.3 | CVE-2024-9824 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| bytecodealliance–wasmtime |
Wasmtime is an open source runtime for WebAssembly. Wasmtime’s implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it’s possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern “C”` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google’s OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x – patched in 21.0.2 * 22.0.x – patched in 22.0.1 * 23.0.x – patched in 23.0.3 * 24.0.x – patched in 24.0.1 * 25.0.x – patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions. | 2024-10-09 | 5.5 | CVE-2024-47763 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Cacti–cacti |
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 5.7 | CVE-2024-43364 | security-advisories@github.com |
| Cacti–cacti |
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 5.7 | CVE-2024-43365 | security-advisories@github.com |
| cmsmasters–CMSMasters Content Composer |
The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-09 | 6.4 | CVE-2024-7963 | security@wordfence.com security@wordfence.com |
| code-projects–Blood Bank System |
A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 6.3 | CVE-2024-9817 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Blood Bank System |
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-12 | 6.3 | CVE-2024-9894 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Blood Bank System |
A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-10-10 | 4.7 | CVE-2024-9804 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Codezips–Online Shopping Portal |
A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 6.3 | CVE-2024-9794 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Codezips–Tourist Management System |
A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 4.7 | CVE-2024-9815 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Codezips–Tourist Management System |
A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 4.7 | CVE-2024-9816 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Contemporary Control System–BASrouter BACnet BASRT-B |
A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-10 | 5.3 | CVE-2024-9787 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| CreativeMindsSolutions–CM Tooltip Glossary |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.9. | 2024-10-11 | 6.5 | CVE-2024-48041 | audit@patchstack.com |
| cssjockey–WP Builder |
The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-10 | 6.4 | CVE-2024-9457 | security@wordfence.com security@wordfence.com |
| curatorio–Curator.io: Show all your social media posts in a beautiful feed. |
The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘feed_id’ attribute in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-10 | 6.4 | CVE-2024-9057 | security@wordfence.com security@wordfence.com |
| D-Link–DIR-619L B1 |
A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 5.5 | CVE-2024-9908 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dale668–Marketing and SEO Booster |
The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-10 | 6.4 | CVE-2024-9066 | security@wordfence.com security@wordfence.com |
| devitemsllc–ShopLentor WooCommerce Builder for Elementor & Gutenberg +12 Modules All in One Solution (formerly WooLentor) |
The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the ‘render’ function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. | 2024-10-11 | 4.3 | CVE-2024-9538 | security@wordfence.com security@wordfence.com |
| directus–directus |
Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-08 | 4.2 | CVE-2024-47822 | security-advisories@github.com |
| discourse–discourse |
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users’ browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure. | 2024-10-07 | 6.5 | CVE-2024-47772 | security-advisories@github.com security-advisories@github.com |
| discourse–discourse |
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 5.3 | CVE-2024-45297 | security-advisories@github.com |
| dvankooten–Social Sharing (by Danny) |
The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘dvk_social_sharing’ shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-12 | 6.4 | CVE-2024-9704 | security@wordfence.com security@wordfence.com |
| essamamdani–Advanced Blocks Pro |
The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-10 | 6.4 | CVE-2024-9074 | security@wordfence.com security@wordfence.com |
| EventPrime Events–EventPrime |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5. | 2024-10-10 | 4.7 | CVE-2024-47648 | audit@patchstack.com |
| fatcatapps–Forms for Mailchimp by Optin Cat Grow Your MailChimp List |
The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-10-12 | 4.4 | CVE-2024-7489 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Fortra–Robot Schedule Enterprise |
Fortra’s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled. | 2024-10-09 | 5.5 | CVE-2024-8264 | df4dee71-de3a-4139-9588-11b62fe6c0ff df4dee71-de3a-4139-9588-11b62fe6c0ff |
| fullservices–FULL Cliente |
The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-11 | 6.1 | CVE-2024-9211 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| gdprextensionscom–GDPR-Extensions-com Consent Manager |
The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-10 | 6.4 | CVE-2024-9072 | security@wordfence.com security@wordfence.com |
| GitLab–GitLab |
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API. | 2024-10-11 | 4.3 | CVE-2024-5005 | cve@gitlab.com cve@gitlab.com |
| GitLab–GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. | 2024-10-10 | 4.9 | CVE-2024-9623 | cve@gitlab.com |
| google — android |
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701. | 2024-10-07 | 4.4 | CVE-2024-20091 | security@mediatek.com |
| google — android |
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699. | 2024-10-07 | 4.4 | CVE-2024-20093 | security@mediatek.com |
| google — android |
In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636. | 2024-10-07 | 4.4 | CVE-2024-20095 | security@mediatek.com |
| google — android |
In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635. | 2024-10-07 | 4.4 | CVE-2024-20096 | security@mediatek.com |
| google — android |
In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630. | 2024-10-07 | 4.4 | CVE-2024-20097 | security@mediatek.com |
| google — android |
In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601. | 2024-10-07 | 4.9 | CVE-2024-20102 | security@mediatek.com |
| gregross–Auto iFrame |
The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag’ parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-09 | 6.4 | CVE-2024-9449 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| h2o–h2o |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue. | 2024-10-11 | 5.9 | CVE-2024-45397 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| hcltech — connections |
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. | 2024-10-09 | 5.7 | CVE-2024-30118 | psirt@hcl.com |
| HuangDou–UTCMS |
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-13 | 6.3 | CVE-2024-9917 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| HuangDou–UTCMS |
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-13 | 4.7 | CVE-2024-9918 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| idiom — easy_social_share_buttons |
The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-10 | 6.1 | CVE-2024-8729 | security@wordfence.com security@wordfence.com |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API | 2024-10-08 | 6.5 | CVE-2024-47161 | cve@jetbrains.com |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | 2024-10-08 | 5.4 | CVE-2024-47950 | cve@jetbrains.com |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | 2024-10-08 | 5.4 | CVE-2024-47951 | cve@jetbrains.com |
| JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API | 2024-10-10 | 5.4 | CVE-2024-48902 | cve@jetbrains.com |
| Juniper Networks–Junos OS |
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only occurs if DHCP snooping is enabled. See configuration below. This issue can be detected using following commands. Their output will display the interface status going down: user@device>show interfaces <if–x/x/x> user@device>show log messages | match <if–x/x/x> user@device>show log messages ==> will display the “[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no,” logs. This issue affects: Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304: * All versions before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.2 before 22.2R3-S3, * all versions of 22.3, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved on PTX Series: * from 19.3R1-EVO before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S5-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S1-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO. Junos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability | 2024-10-11 | 6.5 | CVE-2024-39526 | sirt@juniper.net |
| Juniper Networks–Junos OS |
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the SRX5K, SRX4600 and MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes local FPC to eventually run out of memory and crash.  Below CLI command can be used to check the memory usage over a period of time: ??user@host> show chassis fpc         Temp CPU Utilization (%)  CPU Utilization (%) Memory  Utilization (%)  Slot State   (C) Total Interrupt   1min  5min  15min DRAM (MB) Heap   Buffer  0 Online    43   41     2              2048    49     14  1 Online    43   41     2              2048    49     14  2 Online    43   41     2              2048    49     14 This issue affects Junos OS on SRX5K, SRX4600 and MX Series: * All versions before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2. | 2024-10-11 | 6.5 | CVE-2024-47493 | sirt@juniper.net sirt@juniper.net |
| Juniper Networks–Junos OS |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS). If in a multicast scenario a sequence of specific PIM packets is received, this will cause a flowd crash and restart, which leads to momentary service interruption. This issue affects Junos OS on SRX 4600 and SRX 5000 Series: * All versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.3 versions before 22.3R3-S4, * 22.4 versions before 22.4R3-S4, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2, * 24.2 versions before 24.2R1-S1, 24.2R2. | 2024-10-11 | 6.5 | CVE-2024-47503 | sirt@juniper.net |
| Juniper Networks–Junos OS |
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of protected files on the file system. Through the execution of crafted CLI commands, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS on SRX Series: * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5, * 22.3 before 22.3R3-S4, * 22.4 before 22.4R3-S4, * 23.2 before 23.2R2-S2, * 23.4 before 23.4R2. | 2024-10-11 | 5.5 | CVE-2024-39527 | sirt@juniper.net |
| Juniper Networks–Junos OS |
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS: * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved. | 2024-10-11 | 5.9 | CVE-2024-47494 | sirt@juniper.net |
| Juniper Networks–Junos OS |
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2. | 2024-10-11 | 5.5 | CVE-2024-47496 | sirt@juniper.net |
| Juniper Networks–Junos OS |
A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart. This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C: * All version before 21.2R3-S1, * 21.3 versions before 21.3R3, * 21.4 versions before 21.4R2. | 2024-10-11 | 5.5 | CVE-2024-47501 | sirt@juniper.net |
| Juniper Networks–Junos OS |
A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. Whether the crash occurs, depends on system internal timing that is outside the attackers control. This issue affects Junos OS on SRX Series: * All versions before 21.3R3-S1, * 21.4 versions before 21.4R3, * 22.1 versions before 22.1R2, * 22.2 versions before 22.2R1-S2, 22.2R2. | 2024-10-11 | 5.9 | CVE-2024-47506 | sirt@juniper.net |
| Juniper Networks–Junos OS |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this. This issue affects: Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.4 versions before 22.4R3;Â Junos OS Evolved:Â * All versions before 21.4R3-S7-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 versions before 22.4R3-EVO. | 2024-10-11 | 5.8 | CVE-2024-47507 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices. This issue affects: Juniper Networks Junos OS Evolved with dual-REs: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R2-S1-EVO. This issue does not affect Juniper Networks Junos OS. | 2024-10-11 | 6.7 | CVE-2024-47495 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic. This issue affects Junos OS Evolved on QFX5000 Series: * All versions before 21.4R3-S8-EVO, * 22.2-EVO versions before 22.2R3-S5-EVO, * 22.4-EVO versions before 22.4R3-EVO, * 23.2-EVO versions before 23.2R2-EVO. | 2024-10-11 | 6.5 | CVE-2024-47498 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * 22.1 versions before 22.1R3-S6-EVO, * 22.2 versions before 22.2R3-EVO, * 22.3 versions before 22.3R3-EVO, * 22.4 versions before 22.4R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47508 and CVE-2024-47509. | 2024-10-11 | 6.5 | CVE-2024-47505 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.3 versions before 21.3R3-EVO; * 21.4 versions before 22.1R2-EVO, * 22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509. | 2024-10-11 | 6.5 | CVE-2024-47508 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.4R2-EVO, * 22.1 versions before 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47508. | 2024-10-11 | 6.5 | CVE-2024-47509 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S4-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S1-EVO, * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO. | 2024-10-11 | 5.4 | CVE-2024-39534 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentiality of the system. Junos OS Evolved: * All versions before 20.4R3-S9-EVO, * 21.2-EVO before 21.2R3-S7-EVO, * 21.4-EVO before 21.4R3-S5-EVO, * 22.1-EVO before 22.1R3-S5-EVO, * 22.2-EVO before 22.2R3-S3-EVO, * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO, * 22.4-EVO before 22.4R3-EVO, * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. | 2024-10-11 | 5 | CVE-2024-39544 | sirt@juniper.net |
| Juniper Networks–Junos OS Evolved |
An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices. Receipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols. This influx of transit protocol packets causes DDoS protection violations, resulting in protocol flaps which can affect connectivity to networking devices. This issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled. The following commands can be used to monitor the DDoS protection queue:     labuser@re0> show evo-pfemand host pkt-stats ?? labuser@re0> show host-path ddos all-policers This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO, * from 24.2 before 24.2R2-EVO. | 2024-10-11 | 5.8 | CVE-2024-47489 | sirt@juniper.net |
| kevinb–PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes |
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-11 | 6.1 | CVE-2024-9436 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| lara-zeus–dynamic-dashboard |
Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a paragraph widget is rendered. Users are advised to upgrade to the appropriate fix versions detailed in the advisory metadata. There are no known workarounds for this vulnerability. | 2024-10-07 | 6.1 | CVE-2024-47817 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Lenovo–Dolby Vision Provisioning software |
A potential information disclosure vulnerability was reported in Lenovo’s packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. | 2024-10-11 | 5.5 | CVE-2024-5474 | psirt@lenovo.com |
| leogermani–Tainacan |
The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-11 | 6.1 | CVE-2024-9221 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| limesurvey — limesurvey |
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. | 2024-10-07 | 6.1 | CVE-2024-28709 | cve@mitre.org cve@mitre.org |
| limesurvey — limesurvey |
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget’s message component. | 2024-10-07 | 6.1 | CVE-2024-28710 | cve@mitre.org cve@mitre.org |
| matbao–WP Helper Premium |
The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘whp_smtp_send_mail_test’ function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient. | 2024-10-10 | 5.3 | CVE-2024-9065 | security@wordfence.com security@wordfence.com |
| MediaTek, Inc.–MT6761, MT6765, MT6768, MT6779, MT6785, MT6853, MT6873, MT6885, MT8385, MT8666, MT8667, MT8766, MT8768, MT8781, MT8788, MT8789 |
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703. | 2024-10-07 | 6.7 | CVE-2024-20090 | security@mediatek.com |
| MediaTek, Inc.–MT6768, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8532, MT8675, MT8766, MT8768, MT8781, MT8786, MT8788 |
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626. | 2024-10-07 | 6.7 | CVE-2024-20098 | security@mediatek.com |
| MediaTek, Inc.–MT6768, MT6833, MT6853, MT6877, MT6893, MT8532 |
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625. | 2024-10-07 | 6.7 | CVE-2024-20099 | security@mediatek.com |
| meshtastic–firmware |
Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 6.4 | CVE-2024-47079 | security-advisories@github.com |
| michaelzangl–Embed videos and respect privacy |
The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘v’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-11 | 6.1 | CVE-2024-9346 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Microsoft–Azure Service Fabric for Linux |
Azure Service Fabric for Linux Remote Code Execution Vulnerability | 2024-10-08 | 6.6 | CVE-2024-43480 | secure@microsoft.com |
| Microsoft–Microsoft Defender for Endpoint for Linux |
Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | 2024-10-08 | 5.5 | CVE-2024-43614 | secure@microsoft.com |
| Microsoft–Microsoft Office LTSC 2024 |
Microsoft Office Spoofing Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43609 | secure@microsoft.com |
| Microsoft–Microsoft Outlook for Android |
Outlook for Android Elevation of Privilege Vulnerability | 2024-10-08 | 5.7 | CVE-2024-43604 | secure@microsoft.com |
| Microsoft–Microsoft Visual Studio 2022 version 17.11 |
Visual Studio Collector Service Denial of Service Vulnerability | 2024-10-08 | 5.5 | CVE-2024-43603 | secure@microsoft.com |
| Microsoft–Power BI Report Server – May 2024 |
Power BI Report Server Spoofing Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43481 | secure@microsoft.com |
| Microsoft–Power BI Report Server – May 2024 |
Power BI Report Server Spoofing Vulnerability | 2024-10-08 | 6.9 | CVE-2024-43612 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
BitLocker Security Feature Bypass Vulnerability | 2024-10-08 | 6.4 | CVE-2024-43513 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 2024-10-08 | 6.8 | CVE-2024-43523 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 2024-10-08 | 6.8 | CVE-2024-43524 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 2024-10-08 | 6.8 | CVE-2024-43525 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 2024-10-08 | 6.8 | CVE-2024-43526 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Graphics Component Information Disclosure Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43534 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 2024-10-08 | 6.8 | CVE-2024-43536 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43537 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43538 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43540 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43542 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 2024-10-08 | 6.8 | CVE-2024-43543 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kerberos Information Disclosure Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43547 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43555 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43557 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43558 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43559 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Mobile Broadband Driver Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43561 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel Denial of Service Vulnerability | 2024-10-08 | 5 | CVE-2024-43520 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Windows Kernel-Mode Driver Information Disclosure Vulnerability | 2024-10-08 | 5.5 | CVE-2024-43554 | secure@microsoft.com |
| Microsoft–Windows 10 Version 1809 |
Code Integrity Guard Security Feature Bypass Vulnerability | 2024-10-08 | 5.5 | CVE-2024-43585 | secure@microsoft.com |
| Microsoft–Windows 11 version 22H2 |
Windows Resilient File System (ReFS) Information Disclosure Vulnerability | 2024-10-08 | 5.5 | CVE-2024-43500 | secure@microsoft.com |
| Microsoft–Windows 11 version 22H2 |
Windows Graphics Component Information Disclosure Vulnerability | 2024-10-08 | 5.5 | CVE-2024-43508 | secure@microsoft.com |
| Microsoft–Windows 11 Version 24H2 |
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 2024-10-08 | 6.7 | CVE-2024-37976 | secure@microsoft.com |
| Microsoft–Windows 11 Version 24H2 |
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 2024-10-08 | 6.7 | CVE-2024-37982 | secure@microsoft.com |
| Microsoft–Windows 11 Version 24H2 |
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | 2024-10-08 | 6.7 | CVE-2024-37983 | secure@microsoft.com |
| Microsoft–Windows 11 Version 24H2 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 6.4 | CVE-2024-43570 | secure@microsoft.com |
| Microsoft–Windows 11 Version 24H2 |
Sudo for Windows Spoofing Vulnerability | 2024-10-08 | 5.6 | CVE-2024-43571 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-10-08 | 6.7 | CVE-2024-37979 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Standards-Based Storage Management Service Denial of Service Vulnerability | 2024-10-08 | 6.5 | CVE-2024-43512 | secure@microsoft.com |
| Microsoft–Windows Server 2019 |
Windows Remote Desktop Services Tampering Vulnerability | 2024-10-08 | 4.8 | CVE-2024-43456 | secure@microsoft.com |
| Microsoft–Windows Server 2022 |
Windows Cryptographic Information Disclosure Vulnerability | 2024-10-08 | 5.6 | CVE-2024-43546 | secure@microsoft.com |
| Milestone Systems–XProtect VMS |
A possible buffer overflow in selected cameras’ drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions. | 2024-10-08 | 6.7 | CVE-2024-3506 | cf45122d-9d50-442a-9b23-e05cde9943d8 |
| miraheze–ImportDump |
ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether. | 2024-10-09 | 6 | CVE-2024-47812 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| miraheze–ImportDump |
ImportDump is a mediawiki extension designed to automate user import requests. A user’s local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they’re the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it’s marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that. | 2024-10-09 | 6.4 | CVE-2024-47816 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| miraheze–IncidentReporting |
IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page. | 2024-10-09 | 6 | CVE-2024-47815 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| n/a–07FLYCMS |
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. | 2024-10-11 | 4.7 | CVE-2024-9855 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a–07FLYCMS |
A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. | 2024-10-12 | 4.7 | CVE-2024-9903 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a–07FLYCMS |
A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. | 2024-10-13 | 4.7 | CVE-2024-9904 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a–ggit |
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (–) to communicate the end of options. | 2024-10-08 | 6.5 | CVE-2024-21533 | report@snyk.io report@snyk.io |
| n/a–LyLme_spage |
A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-10 | 4.7 | CVE-2024-9788 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a–LyLme_spage |
A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-10 | 4.7 | CVE-2024-9789 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a–LyLme_spage |
A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-10 | 4.7 | CVE-2024-9790 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a–n/a |
An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup. | 2024-10-09 | 6.5 | CVE-2023-45359 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages. | 2024-10-09 | 6.1 | CVE-2023-45361 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
3DSecure 2.0 allows form action hijacking via threeDsMethod.jsp?threeDSMethodData= or the threeDSMethodNotificationURL parameter. The destination web site for a form submission can be modified. | 2024-10-09 | 6.1 | CVE-2024-25285 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A reflected cross-site scripting (XSS) vulnerability in Elaine’s Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php. | 2024-10-07 | 6.1 | CVE-2024-42831 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests. | 2024-10-07 | 6.5 | CVE-2024-45919 | cve@mitre.org |
| n/a–n/a |
OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. | 2024-10-07 | 6.6 | CVE-2024-45933 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. | 2024-10-09 | 6.1 | CVE-2024-48933 | cve@mitre.org |
| n/a–n/a |
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product’s repository, that have default APP_KEY values. | 2024-10-11 | 6.6 | CVE-2024-48987 | cve@mitre.org |
| n/a–n/a |
3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. | 2024-10-09 | 5.4 | CVE-2024-25282 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. | 2024-10-09 | 5.4 | CVE-2024-25283 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via the threeDsMethod.jsp threeDSMethodData parameter. | 2024-10-09 | 5.4 | CVE-2024-25284 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src. | 2024-10-07 | 5.7 | CVE-2024-44674 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. | 2024-10-07 | 5.5 | CVE-2024-46325 | cve@mitre.org |
| n/a–n/a |
An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory. | 2024-10-08 | 4.9 | CVE-2024-36814 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature | 2024-10-08 | 4.8 | CVE-2024-46410 | cve@mitre.org cve@mitre.org |
| n/a–VMware NSX, VMware Cloud Foundation |
VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. | 2024-10-09 | 6.7 | CVE-2024-38817 | security@vmware.com |
| n/a–VMware NSX, VMware Cloud Foundation |
VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. | 2024-10-09 | 6.7 | CVE-2024-38818 | security@vmware.com |
| n/a–VMware NSX, VMware Cloud Foundation |
VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. | 2024-10-09 | 4.3 | CVE-2024-38815 | security@vmware.com |
| namogo–Elementor Inline SVG |
The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-10 | 6.4 | CVE-2024-9064 | security@wordfence.com security@wordfence.com |
| omardabbas–Products, Order & Customers Export for WooCommerce |
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-10 | 6.1 | CVE-2024-9377 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| Open Mainframe Project–Zowe |
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running. | 2024-10-10 | 5.3 | CVE-2024-9802 | zowe-security@lists.openmainframeproject.org |
| OpenHarmony–OpenHarmony |
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 2024-10-08 | 5.5 | CVE-2024-39806 | scy@openharmony.io |
| OpenHarmony–OpenHarmony |
in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. | 2024-10-08 | 4.4 | CVE-2024-39831 | scy@openharmony.io |
| PAX–POS terminals |
PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226. | 2024-10-11 | 6.7 | CVE-2023-42133 | cvd@cert.pl cvd@cert.pl cvd@cert.pl cvd@cert.pl |
| PHPOffice–PhpSpreadsheet |
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It’s possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file’s type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability. | 2024-10-07 | 6.3 | CVE-2024-45291 | security-advisories@github.com |
| PHPOffice–PhpSpreadsheet |
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `PhpOfficePhpSpreadsheetWriterHtml` does not sanitize “javascript:” URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 5.4 | CVE-2024-45292 | security-advisories@github.com |
| pixelgrade–Category Icon |
The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-12 | 6.4 | CVE-2024-8915 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| posimyththemes–The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce |
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | 2024-10-11 | 4.3 | CVE-2024-8913 | security@wordfence.com security@wordfence.com |
| QODE–Bridge Core |
The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘formforall’ shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-08 | 6.4 | CVE-2024-9292 | security@wordfence.com security@wordfence.com |
| QODE–Bridge Core |
The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the ‘import_action’ and ‘install_plugin_per_demo’ functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change plugin settings, import demo data, and install limited plugins. | 2024-10-12 | 6.5 | CVE-2024-9860 | security@wordfence.com security@wordfence.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. | 2024-10-07 | 6.7 | CVE-2024-23370 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. | 2024-10-07 | 6.7 | CVE-2024-23374 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption during the network scan request. | 2024-10-07 | 6.7 | CVE-2024-23375 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. | 2024-10-07 | 6.7 | CVE-2024-23376 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. | 2024-10-07 | 6.7 | CVE-2024-23378 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. | 2024-10-07 | 6.7 | CVE-2024-23379 | product-security@qualcomm.com |
| Qualcomm, Inc.–Snapdragon |
Information disclosure while sending implicit broadcast containing APP launch information. | 2024-10-07 | 6.1 | CVE-2024-38425 | product-security@qualcomm.com |
| quarka — qa_analytics |
The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin’s settings. | 2024-10-10 | 5.3 | CVE-2024-8513 | security@wordfence.com security@wordfence.com |
| QuomodoSoft–ElementsReady Addons for Elementor |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. | 2024-10-11 | 4.7 | CVE-2024-47353 | audit@patchstack.com |
| rafasashi–Language Switcher |
The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-11 | 6.1 | CVE-2024-9610 | security@wordfence.com security@wordfence.com security@wordfence.com |
| rainafarai–Notification for Telegram |
The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the ‘nftb_test_action’ function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings. | 2024-10-10 | 4.3 | CVE-2024-9685 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Red Hat–OpenShift Developer Tools and Services |
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. | 2024-10-09 | 4.4 | CVE-2024-9675 | secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat 3scale API Management Platform 2 |
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed. | 2024-10-09 | 5.3 | CVE-2024-9671 | secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat Ansible Automation Platform 2 |
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases. | 2024-10-08 | 5.3 | CVE-2024-9620 | secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat build of Apache Camel for Quarkus |
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log. | 2024-10-08 | 5.3 | CVE-2024-9621 | secalert@redhat.com secalert@redhat.com |
| Red Hat–Red Hat JBoss Data Grid 7 |
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk. | 2024-10-08 | 5.3 | CVE-2024-9622 | secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| redis–redis |
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 5.5 | CVE-2024-31228 | security-advisories@github.com security-advisories@github.com |
| redis–redis |
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 4.4 | CVE-2024-31227 | security-advisories@github.com security-advisories@github.com |
| rescuethemes–Rescue Shortcodes |
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rescue_tab’ shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-12 | 6.4 | CVE-2024-9696 | security@wordfence.com security@wordfence.com |
| robosoft–Photo Gallery, Images, Slider in Rbs Image Gallery |
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles. | 2024-10-08 | 4.3 | CVE-2024-8431 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Rocket.Chat–Mobile |
The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. | 2024-10-07 | 6.7 | CVE-2024-42027 | support@hackerone.com |
| saltcorn–saltcorn |
Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`. This issue has been addressed in release version 1.0.0-beta16 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 6.5 | CVE-2024-47818 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Samsung Mobile–Samsung Mobile Devices |
Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors. | 2024-10-08 | 6.2 | CVE-2024-34662 | mobile.security@samsung.com |
| Samsung Mobile–Samsung Mobile Devices |
Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. | 2024-10-08 | 5.3 | CVE-2024-34663 | mobile.security@samsung.com |
| Samsung Mobile–Samsung Mobile Devices |
Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment. | 2024-10-08 | 4.1 | CVE-2024-34664 | mobile.security@samsung.com |
| Samsung Mobile–SamsungVideoPlayer |
Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users. | 2024-10-08 | 5.5 | CVE-2024-34672 | mobile.security@samsung.com |
| Samsung Mobile–Sound Assistant |
Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information. | 2024-10-08 | 4 | CVE-2024-34670 | mobile.security@samsung.com |
| SAP_SE–SAP Commerce Backoffice |
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. | 2024-10-08 | 5.4 | CVE-2024-45278 | cna@sap.com cna@sap.com |
| SAP_SE–SAP HANA Client |
The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity. | 2024-10-08 | 4.3 | CVE-2024-45277 | cna@sap.com cna@sap.com cna@sap.com |
| SAP_SE–SAP NetWeaver Enterprise Portal (KMC) |
SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised. | 2024-10-08 | 5.4 | CVE-2024-47594 | cna@sap.com cna@sap.com |
| SAP_SE–SAP S/4 HANA (Manage Bank Statements) |
Fields which are in ‘read only’ state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted. | 2024-10-08 | 4.3 | CVE-2024-45282 | cna@sap.com cna@sap.com |
| Schneider Electric–Data Center Expert |
CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. | 2024-10-11 | 5.9 | CVE-2024-8530 | cybersecurity@se.com |
| scottpaterson–Easy PayPal Gift Certificate |
The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the ‘wpppgc_plugin_options’ function. This makes it possible for unauthenticated attackers to update the plugin’s settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-10-12 | 6.1 | CVE-2024-9592 | security@wordfence.com security@wordfence.com |
| siemens — sinec_security_monitor |
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories. | 2024-10-08 | 5.3 | CVE-2024-47563 | productcert@siemens.com |
| siemens — sinec_security_monitor |
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote attacker to compromise the integrity of the configuration of the affected application. | 2024-10-08 | 4.3 | CVE-2024-47565 | productcert@siemens.com |
| Siemens–ModelSim |
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. | 2024-10-08 | 6.7 | CVE-2024-47194 | productcert@siemens.com |
| Siemens–ModelSim |
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. | 2024-10-08 | 6.7 | CVE-2024-47195 | productcert@siemens.com |
| Siemens–ModelSim |
A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. | 2024-10-08 | 6.7 | CVE-2024-47196 | productcert@siemens.com |
| Siemens–SIMATIC Drive Controller CPU 1504D TF |
The web server of affected devices do not properly authenticate user request to the ‘/ClientArea/RuntimeInfoData.mwsl’ endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load. | 2024-10-08 | 5.3 | CVE-2024-46887 | productcert@siemens.com |
| Siemens–SIMATIC Drive Controller CPU 1504D TF |
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. | 2024-10-08 | 4.7 | CVE-2024-46886 | productcert@siemens.com |
| silabs.com–EFR32 BLE SDK |
A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device. | 2024-10-11 | 6.5 | CVE-2024-6657 | product-security@silabs.com |
| sirv–Image Optimizer, Resizer and CDN Sirv |
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-10-08 | 6.4 | CVE-2024-8964 | security@wordfence.com security@wordfence.com security@wordfence.com |
| sldesignpl–Order Attachments for WooCommerce |
The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types. | 2024-10-12 | 4.3 | CVE-2024-9756 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| smp7, wp.insider–Simple Membership After Login Redirection |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6. | 2024-10-10 | 4.7 | CVE-2024-47354 | audit@patchstack.com |
| Solidigm–D5-P5316 |
Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service. | 2024-10-07 | 6.5 | CVE-2024-47971 | f946a70c-00eb-42ce-8e9b-634d1f7b5a6f |
| Solidigm–D7-P5510 |
Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. | 2024-10-07 | 4.4 | CVE-2024-47967 | f946a70c-00eb-42ce-8e9b-634d1f7b5a6f |
| Solidigm–D7-P5510 |
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource. | 2024-10-07 | 4 | CVE-2024-47972 | f946a70c-00eb-42ce-8e9b-634d1f7b5a6f |
| Solidigm–D7-P5510 |
Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. | 2024-10-07 | 4.4 | CVE-2024-47974 | f946a70c-00eb-42ce-8e9b-634d1f7b5a6f |
| Solidigm–D7-P5520 |
In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker. | 2024-10-07 | 5.1 | CVE-2024-47973 | f946a70c-00eb-42ce-8e9b-634d1f7b5a6f |
| Solidigm–DC P4510 |
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. | 2024-10-07 | 6.2 | CVE-2024-47969 | f946a70c-00eb-42ce-8e9b-634d1f7b5a6f |
| Solidigm–DC P4510 |
Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. | 2024-10-07 | 6.7 | CVE-2024-47976 | f946a70c-00eb-42ce-8e9b-634d1f7b5a6f |
| Solidigm–DC P4510 |
Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. | 2024-10-07 | 4.4 | CVE-2024-47968 | f946a70c-00eb-42ce-8e9b-634d1f7b5a6f |
| soplanning — soplanning |
SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. | 2024-10-07 | 6.5 | CVE-2024-9573 | cve-coordination@incibe.es |
| soplanning — soplanning |
SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | 2024-10-07 | 6.5 | CVE-2024-9574 | cve-coordination@incibe.es |
| soplanning — soplanning |
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session. | 2024-10-07 | 5.4 | CVE-2024-9571 | cve-coordination@incibe.es |
| soplanning — soplanning |
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details. | 2024-10-07 | 5.4 | CVE-2024-9572 | cve-coordination@incibe.es |
| SourceCodester–Online Eyewear Shop |
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=products/view_product. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 6.3 | CVE-2024-9808 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| SourceCodester–Online Eyewear Shop |
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=delete_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 6.3 | CVE-2024-9809 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| SourceCodester–Online Eyewear Shop |
A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 6.3 | CVE-2024-9905 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| StylemixThemes–uListing |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. | 2024-10-07 | 5.3 | CVE-2024-47344 | audit@patchstack.com |
| sujin2f–2D Tag Cloud |
The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-12 | 6.1 | CVE-2024-9670 | security@wordfence.com security@wordfence.com security@wordfence.com |
| syracom — secure_login |
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted. | 2024-10-10 | 5.4 | CVE-2024-48941 | cve@mitre.org |
| syracom — secure_login |
The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid. | 2024-10-10 | 5.9 | CVE-2024-48942 | cve@mitre.org |
| Tenda–AC1206 |
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-10 | 6.3 | CVE-2024-9793 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| themehunk–Easy Mega Menu Plugin for WordPress ThemeHunk |
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added. | 2024-10-08 | 6.4 | CVE-2024-8433 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| tobiasbg–TablePress Tables in WordPress made easy |
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-12 | 6.4 | CVE-2024-9595 | security@wordfence.com security@wordfence.com |
| ttodua–Increase upload file size & Maximum Execution Time limit |
The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-10-11 | 6.1 | CVE-2024-9611 | security@wordfence.com security@wordfence.com security@wordfence.com |
| Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 |
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. | 2024-10-09 | 6.5 | CVE-2024-39436 | security@unisoc.com |
| Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 |
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. | 2024-10-09 | 6.5 | CVE-2024-39437 | security@unisoc.com |
| Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 |
In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. | 2024-10-09 | 6.5 | CVE-2024-39438 | security@unisoc.com |
| Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000 |
In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | 2024-10-09 | 6.2 | CVE-2024-39439 | security@unisoc.com |
| Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000 |
In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed. | 2024-10-09 | 6.2 | CVE-2024-39440 | security@unisoc.com |
| Unknown–Custom Twitter Feeds |
Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts. | 2024-10-08 | 4.8 | CVE-2024-8983 | contact@wpscan.com |
| Unknown–Relevanssi |
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor | 2024-10-08 | 5.4 | CVE-2024-9021 | contact@wpscan.com |
| Unknown–TI WooCommerce Wishlist |
The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-10-10 | 5.9 | CVE-2024-9156 | contact@wpscan.com |
| Unknown–WP-Advanced-Search |
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | 2024-10-10 | 5.9 | CVE-2024-9796 | contact@wpscan.com |
| userplus–User registration & user profile UserPlus |
The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options. | 2024-10-10 | 6.3 | CVE-2024-9520 | security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| vittor1o–Linkz.ai Automatic link previews on hover |
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘check_auth’ and ‘check_logout’ functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings. | 2024-10-11 | 6.5 | CVE-2024-9586 | security@wordfence.com security@wordfence.com security@wordfence.com |
| vittor1o–Linkz.ai Automatic link previews on hover |
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ajax_linkz’ function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings. | 2024-10-11 | 5.4 | CVE-2024-9587 | security@wordfence.com security@wordfence.com |
| webkul — krayin_crm |
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. | 2024-10-07 | 4.8 | CVE-2024-45932 | cve@mitre.org cve@mitre.org |
| webtechstreet–Elementor Addon Elements |
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | 2024-10-12 | 4.3 | CVE-2024-8902 | security@wordfence.com security@wordfence.com |
| webtoffee–WordPress Comments Import & Export |
The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9 | 2024-10-11 | 6.5 | CVE-2024-7514 | security@wordfence.com security@wordfence.com |
| wp-buy–Limit Login Attempts (Spam Protection) |
The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. | 2024-10-08 | 5.3 | CVE-2022-4534 | security@wordfence.com security@wordfence.com security@wordfence.com |
| wproyal–Royal Elementor Addons and Templates |
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-08 | 6.4 | CVE-2024-8482 | security@wordfence.com security@wordfence.com security@wordfence.com |
| youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress |
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-10 | 6.4 | CVE-2024-8987 | security@wordfence.com security@wordfence.com security@wordfence.com |
| youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress |
The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘delete_attachment’ function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. | 2024-10-10 | 4.3 | CVE-2024-9067 | security@wordfence.com security@wordfence.com |
| ZTE–ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series |
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. | 2024-10-10 | 6 | CVE-2024-22068 | psirt@zte.com.cn |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction. | 2024-10-10 | 3.1 | CVE-2024-45120 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. | 2024-10-10 | 2.7 | CVE-2024-45133 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. | 2024-10-10 | 2.7 | CVE-2024-45134 | psirt@adobe.com |
| adobe — commerce |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | 2024-10-10 | 2.7 | CVE-2024-45135 | psirt@adobe.com |
| bytecodealliance–wasmtime |
Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`’s internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption could, following an additional and particular sequence of concurrent events, lead to violations of WebAssembly’s control-flow integrity (CFI) and type safety. Users that do not use `wasmtime::Engine` across multiple threads are not affected. Users that only create new modules across threads over time are additionally not affected. Reproducing this bug requires creating and dropping multiple type instances (such as `wasmtime::FuncType` or `wasmtime::ArrayType`) concurrently on multiple threads, where all types are associated with the same `wasmtime::Engine`. **Wasm guests cannot trigger this bug.** See the “References” section below for a list of Wasmtime types-related APIs that are affected. Wasmtime maintains an internal registry of types within a `wasmtime::Engine` and an engine is shareable across threads. Types can be created and referenced through creation of a `wasmtime::Module`, creation of `wasmtime::FuncType`, or a number of other APIs where the host creates a function (see “References” below). Each of these cases interacts with an engine to deduplicate type information and manage type indices that are used to implement type checks in WebAssembly’s `call_indirect` function, for example. This bug is a race condition in this management where the internal type registry could be corrupted to trigger an assert or contain invalid state. Wasmtime’s internal representation of a type has individual types (e.g. one-per-host-function) maintain a registration count of how many time it’s been used. Types additionally have state within an engine behind a read-write lock such as lookup/deduplication information. The race here is a time-of-check versus time-of-use (TOCTOU) bug where one thread atomically decrements a type entry’s registration count, observes zero registrations, and then acquires a lock in order to unregister that entry. However, between when this first thread observed the zero-registration count and when it acquires that lock, another thread could perform the following sequence of events: re-register another copy of the type, which deduplicates to that same entry, resurrecting it and incrementing its registration count; then drop the type and decrement its registration count; observe that the registration count is now zero; acquire the type registry lock; and finally unregister the type. Now, when the original thread finally acquires the lock and unregisters the entry, it is the second time this entry has been unregistered. This bug was originally introduced in Wasmtime 19’s development of the WebAssembly GC proposal. This bug affects users who are not using the GC proposal, however, and affects Wasmtime in its default configuration even when the GC proposal is disabled. Wasmtime users using 19.0.0 and after are all affected by this issue. We have released the following Wasmtime versions, all of which have a fix for this bug: * 21.0.2 * 22.0.1 * 23.0.3 * 24.0.1 * 25.0.2. If your application creates and drops Wasmtime types on multiple threads concurrently, there are no known workarounds. Users are encouraged to upgrade to a patched release. | 2024-10-09 | 2.9 | CVE-2024-47813 | security-advisories@github.com security-advisories@github.com |
| code-projects–Blood Bank Management System |
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file blooddetails.php. The manipulation of the argument Availibility leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-10-10 | 3.5 | CVE-2024-9803 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| code-projects–Blood Bank System |
A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “hospital”. | 2024-10-10 | 3.5 | CVE-2024-9805 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Craig Rodway–Classroombookings |
A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields of the component Room Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.7 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional. | 2024-10-10 | 3.5 | CVE-2024-9806 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Craig Rodway–Classroombookings |
A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.8.8 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional. | 2024-10-10 | 2.4 | CVE-2024-9807 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| D-Link–DSL-2750U |
A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely. | 2024-10-10 | 2.4 | CVE-2024-9792 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| Dell–AppSync |
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. | 2024-10-09 | 2.9 | CVE-2024-39586 | security_alert@emc.com |
| Fortinet–FortiManager |
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests. | 2024-10-08 | 3.3 | CVE-2024-33506 | psirt@fortinet.com |
| GitLab–GitLab |
An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance. | 2024-10-10 | 3.7 | CVE-2024-9596 | cve@gitlab.com |
| h2o–h2o |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes (e.g., path level) are expected to inherit the configuration defined in outer scopes (e.g., global level). However, if a header directive is used in the inner scope, all the definition in outer scopes are ignored. This can lead to headers not being modified as expected. Depending on the headers being added or removed unexpectedly, this behavior could lead to unexpected client behavior. This vulnerability is fixed in commit 123f5e2b65dcdba8f7ef659a00d24bd1249141be. | 2024-10-11 | 3.1 | CVE-2024-25622 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| h2o–h2o |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, the h2o standalone server automatically restarts, minimizing the impact. However, HTTP requests that were served concurrently will still be disrupted. The vulnerability has been addressed in commit 1ed32b2. Users may disable the use of HTTP/3 to mitigate the issue. | 2024-10-11 | 3.7 | CVE-2024-45403 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| n/a–07FLYCMS |
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. | 2024-10-11 | 2.4 | CVE-2024-9856 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a–Intel(R) TDX Module firmware |
Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information disclosure via local access. | 2024-10-08 | 2.5 | CVE-2024-27457 | secure@intel.com |
| n/a–QileCMS |
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-13 | 3.7 | CVE-2024-9907 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| OpenHarmony–OpenHarmony |
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak. | 2024-10-08 | 3.3 | CVE-2024-43696 | scy@openharmony.io |
| OpenHarmony–OpenHarmony |
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input. | 2024-10-08 | 3.3 | CVE-2024-43697 | scy@openharmony.io |
| OpenHarmony–OpenHarmony |
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write. | 2024-10-08 | 3.3 | CVE-2024-45382 | scy@openharmony.io |
| PHP Group–PHP |
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. | 2024-10-08 | 3.1 | CVE-2024-8925 | security@php.net |
| PHP Group–PHP |
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. | 2024-10-08 | 3.3 | CVE-2024-9026 | security@php.net |
| Samsung Mobile–Samsung Internet |
Use of implicit intent for sensitive communication in translation?in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. | 2024-10-08 | 3.3 | CVE-2024-34671 | mobile.security@samsung.com |
| Schneider Electric–Zelio Soft 2 |
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user. | 2024-10-08 | 3.3 | CVE-2024-8518 | cybersecurity@se.com |
| Siemens–Tecnomatix Plant Simulation V2302 |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-10-08 | 3.3 | CVE-2024-45476 | productcert@siemens.com |
| SourceCodester–Online Eyewear Shop |
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-13 | 3.5 | CVE-2024-9906 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| SourceCodester–Profile Registration without Reload Refresh |
A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation of the argument email_address/address/company_name/job_title/jobDescriptionparameter leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 3.5 | CVE-2024-9799 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| SourceCodester–Record Management System |
A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file sort2_user.php. The manipulation of the argument qualification leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-10-10 | 3.5 | CVE-2024-9810 | cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| TYPO3–typo3 |
TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to “everybody.” However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability. | 2024-10-08 | 3.1 | CVE-2024-47780 | security-advisories@github.com security-advisories@github.com |
| vim–vim |
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-07 | 3.9 | CVE-2024-47814 | security-advisories@github.com security-advisories@github.com |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| Apple–Apple TV for Windows |
A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination. | 2024-10-11 | not yet calculated | CVE-2024-44157 | product-security@apple.com product-security@apple.com |
| Avaiga–taipy |
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-09 | not yet calculated | CVE-2024-47833 | security-advisories@github.com |
| codeclysm–extract |
Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This vulnerability is fixed in 4.0.0. If you’re using the Extractor.FS interface, then upgrading to /v4 will require to implement the new methods that have been added. | 2024-10-11 | not yet calculated | CVE-2024-47877 | security-advisories@github.com security-advisories@github.com |
| dataease–dataease |
DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, PgConfiguration class don’t filter any parameters, directly concat user input. So, if the attacker adds some parameters in JDBC url, and connect to evil PG server, the attacker can trigger the PG jdbc deserialization vulnerability, and eventually the attacker can execute through the deserialization vulnerability system commands and obtain server privileges. The vulnerability has been fixed in v1.18.25. | 2024-10-11 | not yet calculated | CVE-2024-47074 | security-advisories@github.com security-advisories@github.com |
| Delta Electronics–CNCSoft-G2 |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | 2024-10-10 | not yet calculated | CVE-2024-47962 | ics-cert@hq.dhs.gov |
| Delta Electronics–CNCSoft-G2 |
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | 2024-10-10 | not yet calculated | CVE-2024-47963 | ics-cert@hq.dhs.gov |
| Delta Electronics–CNCSoft-G2 |
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | 2024-10-10 | not yet calculated | CVE-2024-47964 | ics-cert@hq.dhs.gov |
| Delta Electronics–CNCSoft-G2 |
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | 2024-10-10 | not yet calculated | CVE-2024-47965 | ics-cert@hq.dhs.gov |
| Delta Electronics–CNCSoft-G2 |
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | 2024-10-10 | not yet calculated | CVE-2024-47966 | ics-cert@hq.dhs.gov |
| Eclipse Foundation–Mosquitto |
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of “CONNECT”, “DISCONNECT”, “SUBSCRIBE”, “UNSUBSCRIBE” and “PUBLISH” packets. | 2024-10-11 | not yet calculated | CVE-2024-8376 | emo@eclipse.org emo@eclipse.org emo@eclipse.org emo@eclipse.org emo@eclipse.org emo@eclipse.org emo@eclipse.org |
| eWeLink–Zigbee Bridge Pro |
SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware | 2024-10-08 | not yet calculated | CVE-2024-7206 | 68870bb1-d075-4169-957d-e580b18692b9 |
| Follet School Solutions–Destiny |
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of handleloginform.do. | 2024-10-08 | not yet calculated | CVE-2024-47095 | 33c584b5-0579-4c06-b2a0-8d8329fcab9c |
| GitHub–Enterprise Server |
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-10-10 | not yet calculated | CVE-2024-9487 | product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
| GitHub–GitHub Enterprise Server |
An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a convincing phishing page. This required the attacker to upload malicious SVG files and phish a victim user to click on that uploaded asset URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.14.2, 3.13.5, 3.12.10, 3.11.16. This vulnerability was reported via the GitHub Bug Bounty program. | 2024-10-11 | not yet calculated | CVE-2024-9539 | product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com |
| Google–Chrome |
Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 2024-10-11 | not yet calculated | CVE-2024-9859 | chrome-cve-admin@google.com |
| Google–Looker |
An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation. * Looker (original) was not vulnerable to this issue. Customer-hosted Looker instances were found to be vulnerable and must be upgraded. This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ . For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page: * 23.12 -> 23.12.123+ * 23.18 -> 23.18.117+ * 24.0 -> 24.0.92+ * 24.6 -> 24.6.77+ * 24.8 -> 24.8.66+ * 24.10 -> 24.10.78+ * 24.12 -> 24.12.56+ * 24.14 -> 24.14.37+ | 2024-10-11 | not yet calculated | CVE-2024-8912 | cve-coordination@google.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication. Users are advised to upgrade to `gradio>4.44` to address this issue. As a workaround, users can manually enforce stricter CORS origin validation by modifying the `CustomCORSMiddleware` class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation. | 2024-10-10 | not yet calculated | CVE-2024-47084 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that manipulate file paths using `..` (parent directory) sequences. Attackers could potentially access restricted files if they are able to exploit this flaw, although the difficulty is high. This primarily impacts users relying on Gradio’s blocklist or directory access validation, particularly when handling file uploads. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually sanitize and normalize file paths in their Gradio deployment before passing them to the `is_in_or_equal` function. Ensuring that all file paths are properly resolved and absolute can help mitigate the bypass vulnerabilities caused by the improper handling of `..` sequences or malformed paths. | 2024-10-10 | not yet calculated | CVE-2024-47164 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **CORS origin validation accepting a null origin**. When a Gradio server is deployed locally, the `localhost_aliases` variable includes “null” as a valid origin. This allows attackers to make unauthorized requests from sandboxed iframes or other sources with a null origin, potentially leading to data theft, such as user authentication tokens or uploaded files. This impacts users running Gradio locally, especially those using basic authentication. Users are advised to upgrade to `gradio>=5.0` to address this issue. As a workaround, users can manually modify the `localhost_aliases` list in their local Gradio deployment to exclude “null” as a valid origin. By removing this value, the Gradio server will no longer accept requests from sandboxed iframes or sources with a null origin, mitigating the potential for exploitation. | 2024-10-10 | not yet calculated | CVE-2024-47165 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the request. Although the traversal is limited to a single directory level, it could expose proprietary or sensitive code that developers intended to keep private. This impacts users who have developed custom Gradio components and are hosting them on publicly accessible servers. Users are advised to upgrade to `gradio>=4.44` to address this issue. As a workaround, developers can sanitize the file paths and ensure that components are not stored in publicly accessible directories. | 2024-10-10 | not yet calculated | CVE-2024-47166 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks. | 2024-10-10 | not yet calculated | CVE-2024-47167 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attacker or unauthorized user can still access the monitoring dashboard by directly requesting the /monitoring endpoint. This means that sensitive application analytics may still be exposed, particularly in environments where monitoring is expected to be disabled. Users who set enable_monitoring=False to prevent unauthorized access to monitoring data are impacted. Users are advised to upgrade to gradio>=4.44 to address this issue. There are no known workarounds for this vulnerability. | 2024-10-10 | not yet calculated | CVE-2024-47168 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a **lack of integrity check** on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is downloaded, they could modify the binary without detection, as the Gradio server does not verify the file’s checksum or signature. Any users utilizing the Gradio server’s sharing mechanism that downloads the FRP client could be affected by this vulnerability, especially those relying on the executable binary for secure data tunneling. There is no direct workaround for this issue without upgrading. However, users can manually validate the integrity of the downloaded FRP client by implementing checksum or signature verification in their own environment to ensure the binary hasn’t been tampered with. | 2024-10-10 | not yet calculated | CVE-2024-47867 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input constraints. This issue could lead to sensitive files being exposed to unauthorized users, especially when combined with other vulnerabilities, such as issue TOB-GRADIO-15. The components most at risk are those that return or handle file data. Vulnerable Components: 1. **String to FileData:** DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton. 2. **Complex data to FileData:** Chatbot, MultimodalTextbox. 3. **Direct file read in preprocess:** Code. 4. **Dictionary converted to FileData:** ParamViewer, Dataset. Exploit Scenarios: 1. A developer creates a Dropdown list that passes values to a DownloadButton. An attacker bypasses the allowed inputs, sends an arbitrary file path (like `/etc/passwd`), and downloads sensitive files. 2. An attacker crafts a malicious payload in a ParamViewer component, leaking sensitive files from a server through the arbitrary file leak. This issue has been resolved in `gradio>5.0`. Upgrading to the latest version will mitigate this vulnerability. There are no known workarounds for this vulnerability. | 2024-10-10 | not yet calculated | CVE-2024-47868 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of different requests to infer the correct hash byte-by-byte. This can lead to unauthorized access to the analytics dashboard, especially if the attacker can repeatedly query the system with different keys. Users are advised to upgrade to `gradio>4.44` to mitigate this issue. To mitigate the risk before applying the patch, developers can manually patch the `analytics_dashboard` dashboard to use a **constant-time comparison** function for comparing sensitive values, such as hashes. Alternatively, access to the analytics dashboard can be disabled. | 2024-10-10 | not yet calculated | CVE-2024-47869 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `root` URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker can redirect user traffic to a malicious server. This could lead to the interception of sensitive data such as authentication credentials or uploaded files. This impacts all users who connect to a Gradio server, especially those exposed to the internet, where malicious actors could exploit this race condition. Users are advised to upgrade to `gradio>=5` to address this issue. There are no known workarounds for this issue. | 2024-10-10 | not yet calculated | CVE-2024-47870 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio’s `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication. | 2024-10-10 | not yet calculated | CVE-2024-47871 | security-advisories@github.com |
| gradio-app–gradio |
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users download or view these files, the scripts will execute in their browser, allowing attackers to perform unauthorized actions or steal sensitive information from their sessions. This impacts any Gradio server that allows file uploads, particularly those using components that process or display user-uploaded files. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can restrict the types of files that can be uploaded to the Gradio server by limiting uploads to non-executable file types such as images or text. Additionally, developers can implement server-side validation to sanitize uploaded files, ensuring that HTML, JavaScript, and SVG files are properly handled or rejected before being stored or displayed to users. | 2024-10-10 | not yet calculated | CVE-2024-47872 | security-advisories@github.com |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why] DMCUB can intermittently take longer than expected to process commands. Old ASIC policy was to continue while logging a diagnostic error – which works fine for ASIC without IPS, but with IPS this could lead to a race condition where we attempt to access DCN state while it’s inaccessible, leading to a system hang when the NIU port is not disabled or register accesses that timeout and the display configuration in an undefined state. [How] We need to investigate why these accesses take longer than expected, but for now we should disable the timeout on DCN35 to avoid this race condition. Since the waits happen only at lower interrupt levels the risk of taking too long at higher IRQ and causing a system watchdog timeout are minimal. | 2024-10-09 | not yet calculated | CVE-2024-46870 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes ‘6’ types in enum dmub_notification_type. Not 5. Using smaller number to create array dmub_callback & dmub_thread_offload has potential to access item out of array bound. Fix it. | 2024-10-09 | not yet calculated | CVE-2024-46871 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp – call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process. | 2024-10-09 | not yet calculated | CVE-2024-47658 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label ‘foo’ connects to a label ‘bar’ with tcp/ipv4, ‘foo’ always gets ‘foo’ in returned ipv4 packets. So, 1) returned packets are incorrectly labeled (‘foo’ instead of ‘bar’) 2) ‘bar’ can write to ‘foo’ without being authorized to write. Here is a scenario how to see this: * Take two machines, let’s call them C and S, with active Smack in the default state (no settings, no rules, no labeled hosts, only builtin labels) * At S, add Smack rule ‘foo bar w’ (labels ‘foo’ and ‘bar’ are instantiated at S at this moment) * At S, at label ‘bar’, launch a program that listens for incoming tcp/ipv4 connections * From C, at label ‘foo’, connect to the listener at S. (label ‘foo’ is instantiated at C at this moment) Connection succeedes and works. * Send some data in both directions. * Collect network traffic of this connection. All packets in both directions are labeled with the CIPSO of the label ‘foo’. Hence, label ‘bar’ writes to ‘foo’ without being authorized, and even without ever being known at C. If anybody cares: exactly the same happens with DCCP. This behavior 1st manifested in release 2.6.29.4 (see Fixes below) and it looks unintentional. At least, no explanation was provided. I changed returned packes label into the ‘bar’, to bring it into line with the Smack documentation claims. | 2024-10-09 | not yet calculated | CVE-2024-47659 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode->i_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races with __fsnotify_update_child_dentry_flags() calls from __fsnotify_parent() happening on children. This can lead upto softlockup reports reported by users. Fix the problem by calling fsnotify_update_children_dentry_flags() to set PARENT_WATCHED flags only when parent starts watching children. When parent stops watching children, clear false positive PARENT_WATCHED flags lazily in __fsnotify_parent() for each accessed child. | 2024-10-09 | not yet calculated | CVE-2024-47660 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd’s ramping_boundary has size of uint8_t and it is assigned 0xFFFF. Fix it by changing it to uint8_t with value of 0xFF. This fixes 2 INTEGER_OVERFLOW issues reported by Coverity. | 2024-10-09 | not yet calculated | CVE-2024-47661 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection [Why] These registers should not be read from driver and triggering the security violation when DMCUB work times out and diagnostics are collected blocks Z8 entry. [How] Remove the register read from DCN35. | 2024-10-09 | not yet calculated | CVE-2024-47662 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking ‘if (fout > (clk_freq / 2))’ doesn’t protect in case of ‘fout’ is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value. Modify parameters checking. Found by Linux Verification Center (linuxtesting.org) with SVACE. | 2024-10-09 | not yet calculated | CVE-2024-47663 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware If the value of max_speed_hz is 0, it may cause a division by zero error in hisi_calc_effective_speed(). The value of max_speed_hz is provided by firmware. Firmware is generally considered as a trusted domain. However, as division by zero errors can cause system failure, for defense measure, the value of max_speed is validated here. So 0 is regarded as invalid and an error code is returned. | 2024-10-09 | not yet calculated | CVE-2024-47664 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Definitely condition dma_get_cache_alignment * defined value > 256 during driver initialization is not reason to BUG_ON(). Turn that to graceful error out with -EINVAL. | 2024-10-09 | not yet calculated | CVE-2024-47665 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash. | 2024-10-09 | not yet calculated | CVE-2024-47666 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 (SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an inbound PCIe TLP spans more than two internal AXI 128-byte bursts, the bus may corrupt the packet payload and the corrupt data may cause associated applications or the processor to hang. The workaround for Errata #i2037 is to limit the maximum read request size and maximum payload size to 128 bytes. Add workaround for Errata #i2037 here. The errata and workaround is applicable only to AM65x SR 1.0 and later versions of the silicon will have this fixed. [1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf | 2024-10-09 | not yet calculated | CVE-2024-47667 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we’ll still have a preallocated node that might be used later. If we then use that node for a new non-root node, it’ll still have a pointer to the old root instead of being zeroed – fix this by zeroing it in the cmpxchg failure path. | 2024-10-09 | not yet calculated | CVE-2024-47668 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 (“nilfs2: separate wait function from nilfs_segctor_write”) was applied, the log writing function nilfs_segctor_do_construct() was able to issue I/O requests continuously even if user data blocks were split into multiple logs across segments, but two potential flaws were introduced in its error handling. First, if nilfs_segctor_begin_construction() fails while creating the second or subsequent logs, the log writing function returns without calling nilfs_segctor_abort_construction(), so the writeback flag set on pages/folios will remain uncleared. This causes page cache operations to hang waiting for the writeback flag. For example, truncate_inode_pages_final(), which is called via nilfs_evict_inode() when an inode is evicted from memory, will hang. Second, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. As a result, if the next log write involves checkpoint creation, that’s fine, but if a partial log write is performed that does not, inodes with NILFS_I_COLLECTED set are erroneously removed from the “sc_dirty_files” list, and their data and b-tree blocks may not be written to the device, corrupting the block mapping. Fix these issues by uniformly calling nilfs_segctor_abort_construction() on failure of each step in the loop in nilfs_segctor_do_construct(), having it clean up logs and segment usages according to progress, and correcting the conditions for calling nilfs_redirty_inodes() to ensure that the NILFS_I_COLLECTED flag is cleared. | 2024-10-09 | not yet calculated | CVE-2024-47669 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn’t stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images. | 2024-10-09 | not yet calculated | CVE-2024-47670 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. | 2024-10-09 | not yet calculated | CVE-2024-47671 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don’t wait for tx queues if firmware is dead There is a WARNING in iwl_trans_wait_tx_queues_empty() (that was recently converted from just a message), that can be hit if we wait for TX queues to become empty after firmware died. Clearly, we can’t expect anything from the firmware after it’s declared dead. Don’t call iwl_trans_wait_tx_queues_empty() in this case. While it could be a good idea to stop the flow earlier, the flush functions do some maintenance work that is not related to the firmware, so keep that part of the code running even when the firmware is not running. [edit commit message] | 2024-10-09 | not yet calculated | CVE-2024-47672 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING. bad state = 0 WARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] RIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi] Call Trace: <TASK> iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm] iwl_mvm_config_scan+0x198/0x260 [iwlmvm] iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm] iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm] process_one_work+0x29e/0x640 worker_thread+0x2df/0x690 ? rescuer_thread+0x540/0x540 kthread+0x192/0x1e0 ? set_kthread_struct+0x90/0x90 ret_from_fork+0x22/0x30 | 2024-10-09 | not yet calculated | CVE-2024-47673 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| livewire–livewire |
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a “.php” file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file->getClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute “.php” files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-08 | not yet calculated | CVE-2024-47823 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| miraheze–CreateWiki |
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payload, their user session can be abused to retrieve deleted wiki requests, which typically contains private information. Likewise, this can also be abused on those with the ability to suppress requests to view sensitive information. This issue has been patched with commit `693a220` and all users are advised to apply the patch. Users unable to upgrade should disable Javascript and/or prevent access to the vulnerable page (Special:RequestWikiQueue). | 2024-10-07 | not yet calculated | CVE-2024-47781 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| n/a–n/a |
i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy (it may be dropped, or may result in a Wrong Destination response). An attack would take days to complete. | 2024-10-09 | not yet calculated | CVE-2023-36325 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service (application crash) if it is not actually an SVG document. | 2024-10-09 | not yet calculated | CVE-2023-45872 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 2024-10-09 | not yet calculated | CVE-2024-32608 | cve@mitre.org |
| n/a–n/a |
An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration. Because these parameters are needed for initialization, there is no available mechanism to ensure access control on the management node, and a mitigation measure is normally put in place to prevent access to unprivileged users. It was discovered that this mitigation measure does not survive a reboot of diskful nodes. (Diskless nodes are not at risk.) The mistake lies in the cloudinit configuration: the iptables configuration should have been in the bootcmd instead of the runcmd section. | 2024-10-11 | not yet calculated | CVE-2024-42018 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-10-11 | not yet calculated | CVE-2024-42640 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. | 2024-10-09 | not yet calculated | CVE-2024-42934 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 – v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+. | 2024-10-09 | not yet calculated | CVE-2024-42988 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. | 2024-10-11 | not yet calculated | CVE-2024-44413 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. | 2024-10-11 | not yet calculated | CVE-2024-44415 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. | 2024-10-11 | not yet calculated | CVE-2024-44729 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. | 2024-10-11 | not yet calculated | CVE-2024-44730 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections. | 2024-10-11 | not yet calculated | CVE-2024-44731 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. | 2024-10-11 | not yet calculated | CVE-2024-44734 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files. | 2024-10-11 | not yet calculated | CVE-2024-44807 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service. | 2024-10-11 | not yet calculated | CVE-2024-45184 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | 2024-10-08 | not yet calculated | CVE-2024-45230 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). | 2024-10-08 | not yet calculated | CVE-2024-45231 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection can occur in the listing of configured reporting jobs. Exploitation is only accessible to authenticated users with high-privileged access. | 2024-10-11 | not yet calculated | CVE-2024-45754 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. | 2024-10-07 | not yet calculated | CVE-2024-45894 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. | 2024-10-08 | not yet calculated | CVE-2024-45918 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode leads the attacker to replay the Wi-Fi packets and forcefully turn off the access point after the authentication token has expired. | 2024-10-07 | not yet calculated | CVE-2024-46040 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. | 2024-10-11 | not yet calculated | CVE-2024-46215 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. | 2024-10-09 | not yet calculated | CVE-2024-46237 | cve@mitre.org |
| n/a–n/a |
A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. | 2024-10-11 | not yet calculated | CVE-2024-46468 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. | 2024-10-11 | not yet calculated | CVE-2024-46532 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | 2024-10-11 | not yet calculated | CVE-2024-48768 | cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48769 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48770 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | 2024-10-11 | not yet calculated | CVE-2024-48771 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48772 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | 2024-10-11 | not yet calculated | CVE-2024-48773 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48774 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48775 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | 2024-10-11 | not yet calculated | CVE-2024-48776 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48777 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48778 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48784 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48786 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48787 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. | 2024-10-11 | not yet calculated | CVE-2024-48788 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed. | 2024-10-11 | not yet calculated | CVE-2024-48937 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process. | 2024-10-11 | not yet calculated | CVE-2024-48938 | cve@mitre.org cve@mitre.org cve@mitre.org |
| n/a–n/a |
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits “sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()” validation. | 2024-10-10 | not yet calculated | CVE-2024-48949 | cve@mitre.org cve@mitre.org |
| n/a–n/a |
Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization for ticket viewing, the mechanism for detecting spoofed e-mail messages is insufficient, and the support e-mail addresses associated with individual tickets are predictable. | 2024-10-12 | not yet calculated | CVE-2024-49193 | cve@mitre.org cve@mitre.org cve@mitre.org |
| netease-youdao–netease-youdao/qanything |
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2. | 2024-10-13 | not yet calculated | CVE-2024-7099 | security@huntr.dev security@huntr.dev |
| open-webui–open-webui/open-webui |
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution. | 2024-10-09 | not yet calculated | CVE-2024-7037 | security@huntr.dev |
| open-webui–open-webui/open-webui |
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existence and configuration of the file. This behavior allows an attacker to enumerate file names and traverse directories by observing the error messages, leading to potential exposure of sensitive information. | 2024-10-09 | not yet calculated | CVE-2024-7038 | security@huntr.dev |
| open-webui–open-webui/open-webui |
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`, where the decentralization design is flawed, allowing attackers to edit other users’ memories without proper authorization. | 2024-10-09 | not yet calculated | CVE-2024-7041 | security@huntr.dev |
| open-webui–open-webui/open-webui |
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models. | 2024-10-10 | not yet calculated | CVE-2024-7048 | security@huntr.dev |
| open-webui–open-webui/open-webui |
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process. | 2024-10-10 | not yet calculated | CVE-2024-7049 | security@huntr.dev |
| pac4j–pac4j |
pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-10-10 | not yet calculated | CVE-2023-25581 | security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| Palo Alto Networks–Cortex XDR Agent |
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | 2024-10-09 | not yet calculated | CVE-2024-9469 | psirt@paloaltonetworks.com |
| Palo Alto Networks–Cortex XSOAR |
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data. | 2024-10-09 | not yet calculated | CVE-2024-9470 | psirt@paloaltonetworks.com |
| Palo Alto Networks–Expedition |
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 2024-10-09 | not yet calculated | CVE-2024-9463 | psirt@paloaltonetworks.com |
| Palo Alto Networks–Expedition |
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | 2024-10-09 | not yet calculated | CVE-2024-9464 | psirt@paloaltonetworks.com |
| Palo Alto Networks–Expedition |
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. | 2024-10-09 | not yet calculated | CVE-2024-9465 | psirt@paloaltonetworks.com |
| Palo Alto Networks–Expedition |
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials. | 2024-10-09 | not yet calculated | CVE-2024-9466 | psirt@paloaltonetworks.com |
| Palo Alto Networks–Expedition |
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. | 2024-10-09 | not yet calculated | CVE-2024-9467 | psirt@paloaltonetworks.com |
| Palo Alto Networks–GlobalProtect App |
A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair functionality offered by the .msi file used to install GlobalProtect. | 2024-10-09 | not yet calculated | CVE-2024-9473 | psirt@paloaltonetworks.com |
| Palo Alto Networks–PAN-OS |
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. | 2024-10-09 | not yet calculated | CVE-2024-9468 | psirt@paloaltonetworks.com |
| Palo Alto Networks–PAN-OS |
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with “Virtual system administrator (read-only)” access could use an XML API key of a “Virtual system administrator” to perform write operations on the virtual system configuration even though they should be limited to read-only operations. | 2024-10-09 | not yet calculated | CVE-2024-9471 | psirt@paloaltonetworks.com |
| parisneo–parisneo/lollms |
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim’s computer, potentially installing multiple packages and causing a crash. | 2024-10-11 | not yet calculated | CVE-2024-6971 | security@huntr.dev |
| parisneo–parisneo/lollms |
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim’s computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files. | 2024-10-11 | not yet calculated | CVE-2024-6985 | security@huntr.dev security@huntr.dev |
| parisneo–parisneo/lollms-webui |
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime. | 2024-10-13 | not yet calculated | CVE-2024-6959 | security@huntr.dev |
| Payara Platform–Payara Server |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. | 2024-10-08 | not yet calculated | CVE-2024-8215 | 769c9ae7-73c3-4e47-ae19-903170fc3eb8 769c9ae7-73c3-4e47-ae19-903170fc3eb8 769c9ae7-73c3-4e47-ae19-903170fc3eb8 |
| Rockwell Automation–CompactLogix 5380 controllers |
Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain web pages of the product causing the affected products to become fully unavailable and require a power cycle to recover. | 2024-10-08 | not yet calculated | CVE-2024-8626 | PSIRT@rockwellautomation.com |
| Rockwell Automation–Drives – PowerFlex 6000T |
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T. If the device is overloaded with requests, it will become unavailable. The device may require a power cycle to recover it if it does not re-establish a connection after it stops receiving requests. | 2024-10-08 | not yet calculated | CVE-2024-9124 | PSIRT@rockwellautomation.com |
| Rockwell Automation–Verve Asset Manager |
An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could occur in the case of unexpected or accidental removal by the administrator. If exploited, an unauthorized user could access data they previously but should no longer have access to. | 2024-10-08 | not yet calculated | CVE-2024-9412 | PSIRT@rockwellautomation.com |
| SonicWall–Connect Tunnel |
The Improper link resolution before file access (‘Link Following’) vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack. | 2024-10-11 | not yet calculated | CVE-2024-45315 | PSIRT@sonicwall.com |
| SonicWall–SMA1000 |
A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address. | 2024-10-11 | not yet calculated | CVE-2024-45317 | PSIRT@sonicwall.com |
| ssoready–ssoready |
ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-… to sha-7f92a06. There are no known workarounds for this vulnerability. | 2024-10-09 | not yet calculated | CVE-2024-47832 | security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| TE Informatics–Nova CMS |
SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0. | 2024-10-10 | not yet calculated | CVE-2024-4658 | iletisim@usom.gov.tr |
| TRtek Software–Distant Education Platform |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), Improper Input Validation vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.This issue affects Distant Education Platform: before 3.2024.11. | 2024-10-09 | not yet calculated | CVE-2024-9286 | iletisim@usom.gov.tr |
| Unknown–Photo Gallery by 10Web |
The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-10-09 | not yet calculated | CVE-2024-5968 | contact@wpscan.com |
| zefr0x–foxmarks |
foxmarks is a CLI read-only interface for Firefox’s bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox’s database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0. | 2024-10-11 | not yet calculated | CVE-2024-47884 | security-advisories@github.com security-advisories@github.com |