Vulnerability Summary for the Week of March 18, 2024

Posted by:

|

On:

|

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
N/A — N/A
 
Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component. 2024-03-19 8.8 CVE-2024-24042
cve@mitre.org
cve@mitre.org
N/A — N/A
 
danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. 2024-03-18 7.4 CVE-2024-29154
cve@mitre.org
aam — advanced_access_manager
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. 2024-03-19 7.1 CVE-2024-29127
audit@patchstack.com
abast — scan_visio_edocument_suite_web_viewer
 
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via “user” parameter. 2024-03-21 9.8 CVE-2024-29732
cve-coordination@incibe.es
acryldata — datahub-helm
 
datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of time, personal access tokens were possibly created with a default secret key. Since the secret key is a static, publicly available value, someone could inspect the algorithm used to generate personal access tokens and generate their own for an instance. Deploying with Metadata Service Authentication enabled would have been difficult during window of releases. If someone circumvented the helm settings and manually set Metadata Service Authentication to be enabled using environment variables directly, this would skip over the autogeneration logic for the Kubernetes Secrets and DataHub GMS would default to the signing key specified statically in the application.yml. Most deployments probably did not attempt to circumvent the helm settings to enable Metadata Service Authentication during this time, so impact is most likely limited. Any deployments with Metadata Service Authentication enabled should ensure that their secret values are properly randomized. Version 0.2.182 contains a patch for this issue. As a workaround, one may reset the token signing key to be a random value, which will invalidate active personal access tokens. 2024-03-20 9.1 CVE-2024-29037
security-advisories@github.com
security-advisories@github.com
adobe — animate
 
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20761
psirt@adobe.com
adobe — bridge
 
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20752
psirt@adobe.com
adobe — bridge
 
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20755
psirt@adobe.com
adobe — bridge
 
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20756
psirt@adobe.com
adobe — coldfusion
 
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction. 2024-03-18 8.2 CVE-2024-20767
psirt@adobe.com
adobe — lightroom_desktop
 
Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.5 CVE-2024-20754
psirt@adobe.com
adobe — premiere_pro
 
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20745
psirt@adobe.com
adobe — premiere_pro
 
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20746
psirt@adobe.com
amssplus — amss++

 

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the ‘sd_index’ parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2584
cve-coordination@incibe.es
amssplus — amss++
 
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. 2024-03-18 9.9 CVE-2024-2599
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the ‘sd_index’ parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2585
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the ‘username’ parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2586
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2587
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the ‘id’ parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2588
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2589
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the ‘sd_index’ parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2590
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2591
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the ‘person_id’ parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2592
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_group.php, in the ‘b_id’ parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2593
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2594
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the ‘b_id’ parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2595
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2596
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the ‘b_id’ parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2597
cve-coordination@incibe.es
amssplus — amss++
 
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2598
cve-coordination@incibe.es
apollographql — router
 
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. Router version 1.40.2 has a fix for the vulnerability. Those who are unable to upgrade may be able to implement mitigations at proxies or load balancers positioned in front of their Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size. 2024-03-21 7.5 CVE-2024-28101
security-advisories@github.com
security-advisories@github.com
argoproj — argo_cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application’s brute force login protection. This is a critical security vulnerability that allows attackers to bypass the brute force login protection mechanism. Not only can they crash the service affecting all users, but they can also make unlimited login attempts, increasing the risk of account compromise. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue. 2024-03-18 9.8 CVE-2024-21652
security-advisories@github.com
argoproj — argo_cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. The vulnerability is rooted in the application’s code, where an array is being modified while it is being iterated over. This is a classic programming error but becomes critically unsafe when executed in a multi-threaded environment. When two threads interact with the same array simultaneously, the application crashes. This is a Denial of Service (DoS) vulnerability. Any attacker can crash the application continuously, making it impossible for legitimate users to access the service. The issue is exacerbated because it does not require authentication, widening the pool of potential attackers. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue. 2024-03-18 7.5 CVE-2024-21661
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
argoproj — argo_cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application’s weak cache-based mechanism. This loophole in security can be combined with other vulnerabilities to attack the default admin account. This flaw undermines a patch for CVE-2020-8827 intended to protect against brute-force attacks. The application’s brute force protection relies on a cache mechanism that tracks login attempts for each user. This cache is limited to a `defaultMaxCacheSize` of 1000 entries. An attacker can overflow this cache by bombarding it with login attempts for different users, thereby pushing out the admin account’s failed attempts and effectively resetting the rate limit for that account. This is a severe vulnerability that enables attackers to perform brute force attacks at an accelerated rate, especially targeting the default admin account. Users should upgrade to version 2.8.13, 2.9.9, or 2.10.4 to receive a patch. 2024-03-18 7.5 CVE-2024-21662
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
astropy — astropy
 
Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue. 2024-03-18 8.4 CVE-2023-41334
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
cegid — meta4_hr
 
An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via ‘/config/espanol/update_password.jsp’ file. Modifying the ‘M4_NEW_PASSWORD’ parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application. 2024-03-19 9 CVE-2024-2636
cve-coordination@incibe.es
cegid — meta4_hr
 
A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP GET ‘/sitetest/english/dumpenv.jsp’. 2024-03-19 7.5 CVE-2024-2632
cve-coordination@incibe.es
cegid — meta4_hr
 
The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they do not offer product functionality 2024-03-19 7.3 CVE-2024-2635
cve-coordination@incibe.es
checkmk_gmbh — checkmk
 
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. 2024-03-22 8.2 CVE-2024-0638
security@checkmk.com
checkmk_gmbh — checkmk
 
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. 2024-03-22 8.8 CVE-2024-28824
security@checkmk.com
chirp_systems — chirp_access
 
Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access. 2024-03-20 9.1 CVE-2024-2197
ics-cert@hq.dhs.gov
ciges — cigesv2
 
SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the ‘id’ parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. 2024-03-22 9.8 CVE-2024-2722
cve-coordination@incibe.es
ciges — cigesv2
 
SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the ‘idServicio’ parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. 2024-03-22 9.8 CVE-2024-2723
cve-coordination@incibe.es
ciges — cigesv2
 
SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the ‘idServicio’ parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. 2024-03-22 9.8 CVE-2024-2724
cve-coordination@incibe.es
ciges — cigesv2
 
Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application. 2024-03-22 7.5 CVE-2024-2725
cve-coordination@incibe.es
cilium — cilium
 
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium’s HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue. 2024-03-18 7.2 CVE-2024-28248
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
cimatti_consulting — contact_forms_by_cimatti
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0. 2024-03-19 7.1 CVE-2024-29117
audit@patchstack.com
codekraft — antispam_for_contact_form_7
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Codekraft AntiSpam for Contact Form 7 allows Reflected XSS.This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.0. 2024-03-17 7.1 CVE-2024-27961
audit@patchstack.com
coder — coder
 
Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder’s OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user’s email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider. Coder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting. 2024-03-21 8.2 CVE-2024-27918
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
dassault_syst-mes — solidworks_desktop
 
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. 2024-03-22 7.8 CVE-2024-1848
3DS.Information-Security@3ds.com
dell — poweredge_platform
 
Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory. 2024-03-19 7.2 CVE-2024-22453
security_alert@emc.com
delta_electronics — diaenergie

 

SQL injection vulnerability exists in GetDIAE_unListParameters. 2024-03-21 8.8 CVE-2024-23494
ics-cert@hq.dhs.gov
delta_electronics — diaenergie
 
SQL injection vulnerability exists in GetDIAE_slogListParameters. 2024-03-21 8.8 CVE-2024-23975
ics-cert@hq.dhs.gov
delta_electronics — diaenergie
 
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten. 2024-03-21 8.1 CVE-2024-25567
ics-cert@hq.dhs.gov
delta_electronics — diaenergie
 
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx. 2024-03-21 8.8 CVE-2024-25937
ics-cert@hq.dhs.gov
delta_electronics — diaenergie
 
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. 2024-03-21 8.8 CVE-2024-28029
ics-cert@hq.dhs.gov
delta_electronics — diaenergie
 
SQL injection vulnerability exists in GetDIAE_astListParameters. 2024-03-21 8.8 CVE-2024-28040
ics-cert@hq.dhs.gov
delta_electronics — diaenergie
 
It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. 2024-03-21 8.1 CVE-2024-28171
ics-cert@hq.dhs.gov
delta_electronics — diaenergie
 
SQL injection vulnerability exists in the script Handler_CFG.ashx. 2024-03-21 8.8 CVE-2024-28891
ics-cert@hq.dhs.gov
denoland — deno
 
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node child_process IPC relies on the JS side to pass the raw IPC file descriptor to `op_node_ipc_pipe()`, which returns a `IpcJsonStreamResource` ID associated with the file descriptor. On closing the resource, the raw file descriptor is closed together. Use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors. This allow standard input (fd 0) to be closed and re-opened for a different resource, which allows a silent permission prompt bypass. This is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable. There is a working exploit that achieves arbitrary code execution by bypassing prompts from zero permissions, additionally abusing the fact that Cache API lacks filesystem permission checks. The attack can be conducted silently as stderr can also be closed, suppressing all prompt outputs. Version 1.39.1 fixes the bug. 2024-03-21 8.2 CVE-2024-27933
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
denoland — deno
 
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable for both `*const c_void` and `ExternalPointer` implementations. Version 1.40.3 fixes this issue. 2024-03-21 8.4 CVE-2024-27934
security-advisories@github.com
denoland — deno
 
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41 of the deno_runtime library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to the program are based on the contents that contain the ANSI escape sequences. Any Deno program can spoof the content of the interactive permission prompt by inserting a broken ANSI code, which allows a malicious Deno program to display the wrong file path or program name to the user. Version 1.41 of the deno_runtime library contains a patch for the issue. 2024-03-21 8.8 CVE-2024-27936
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
denoland — deno
 
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno’s Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance optimization to limit allocations during these asynchronous read operations. This can lead to data intended for one session being received by another session, potentially resulting in data corruption and unexpected behavior. This affects all users of Deno that use the node.js compatibility layer for network communication or other streams, including packages that may require node.js libraries indirectly. Version 1.36.3 contains a patch for this issue. 2024-03-21 7.2 CVE-2024-27935
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
dev_institute — restrict_user_access_-_membership_plugin_with_force
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DEV Institute Restrict User Access – Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through 2.5. 2024-03-19 7.1 CVE-2024-29138
audit@patchstack.com
django-wiki — django-wiki
 
django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users. 2024-03-18 7.5 CVE-2024-28865
security-advisories@github.com
security-advisories@github.com
dnesscarkey — wp_armour_-_honeypot_anti_spam
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dnesscarkey WP Armour – Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour – Honeypot Anti Spam: from n/a through 2.1.13. 2024-03-19 7.1 CVE-2024-29091
audit@patchstack.com
elliot_sowersby,_relywp — coupon_affiliates
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates allows Reflected XSS.This issue affects Coupon Affiliates: from n/a through 5.12.7. 2024-03-19 7.1 CVE-2024-29125
audit@patchstack.com
eprosima — fast_dds
 
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue. 2024-03-20 9.6 CVE-2024-28231
security-advisories@github.com
security-advisories@github.com
evergreen_content_poster — evergreen_content_poster
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Evergreen Content Poster allows Reflected XSS.This issue affects Evergreen Content Poster: from n/a through 1.4.1. 2024-03-19 7.1 CVE-2024-29099
audit@patchstack.com
firassaidi — woocommerce_license_manager
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Firassaidi WooCommerce License Manager allows Reflected XSS.This issue affects WooCommerce License Manager: from n/a through 5.3.1. 2024-03-19 7.1 CVE-2024-29121
audit@patchstack.com
firebirdsql — firebird
 
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available. 2024-03-20 7.5 CVE-2023-41038
security-advisories@github.com
security-advisories@github.com
florian_’fkrauthan’_krauthan — wp_mpdf
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Florian ‘fkrauthan’ Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1. 2024-03-21 7.1 CVE-2024-27962
audit@patchstack.com
franklin_fueling_system — evo_550
 
Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system. 2024-03-19 7.5 CVE-2024-2442
ics-cert@hq.dhs.gov
frappe — frappe
 
Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available. 2024-03-21 8.1 CVE-2024-27105
security-advisories@github.com
frappe — frappe
 
Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn’t have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available. 2024-03-21 7.5 CVE-2024-24813
security-advisories@github.com
freescout-helpdesk — freescout
 
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the `App_Key` of the application. This limitation makes the Attack Complexity to be High. If an attacker gets hold of the `App_Key`, the attacker can compromise the Complete server on which the application is deployed. Version 1.8.128 contains a patch for this issue. 2024-03-22 9 CVE-2024-29185
security-advisories@github.com
freescout-helpdesk — freescout
 
FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious scripts that will be executed when other users access the affected page. In this case, the Support Agent User can inject malicious scripts into their signature, which will then be executed when viewed by the Administrator. The application protects users against XSS attacks by enforcing a CSP policy, the CSP Policy is: `script-src ‘self’ ‘nonce-abcd’ `. The CSP policy only allows the inclusion of JS files that are present on the application server and doesn’t allow any inline script or script other than nonce-abcd. The CSP policy was bypassed by uploading a JS file to the server by a POST request to /conversation/upload endpoint. After this, a working XSS payload was crafted by including the uploaded JS file link as the src of the script. This bypassed the CSP policy and XSS attacks became possible. The impact of this vulnerability is severe as it allows an attacker to compromise the FreeScout Application. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. Alternatively, the attacker can elevate the privileges of a low-privileged user to Administrator, further compromising the security of the application. Attackers can steal sensitive information such as login credentials, session tokens, personal identifiable information (PII), and financial data. The vulnerability can also lead to defacement of the Application. Version 1.8.128 contains a patch for this issue. 2024-03-22 8 CVE-2024-29184
security-advisories@github.com
friendsofsymfony1 — symfony1
 
Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue. 2024-03-22 9.8 CVE-2024-28861
security-advisories@github.com
security-advisories@github.com
fujian_kelixin_communication — command_and_dispatch_platform
 
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/get_extension_yl.php. The manipulation of the argument imei leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257065 was assigned to this vulnerability. 2024-03-17 7.3 CVE-2024-2566
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters. 2024-03-20 7.2 CVE-2023-41877
security-advisories@github.com
security-advisories@github.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue. 2024-03-20 7.2 CVE-2023-51444
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
gesundheit_bewegt_gmbh — zippy
 
Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9. 2024-03-21 8.8 CVE-2024-27964
audit@patchstack.com
getgrav — grav
 
Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue. 2024-03-21 8.8 CVE-2024-27921
security-advisories@github.com
security-advisories@github.com
getgrav — grav
 
Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue. 2024-03-21 8.8 CVE-2024-27923
security-advisories@github.com
security-advisories@github.com
getgrav — grav
 
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue. 2024-03-21 8.8 CVE-2024-28116
security-advisories@github.com
security-advisories@github.com
getgrav — grav
 
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Upgrading to patched version 1.7.45 can mitigate this issue. 2024-03-21 8.8 CVE-2024-28117
security-advisories@github.com
security-advisories@github.com
getgrav — grav
 
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue. 2024-03-21 8.8 CVE-2024-28118
security-advisories@github.com
security-advisories@github.com
getgrav — grav
 
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue. 2024-03-21 8.8 CVE-2024-28119
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
github — enterprise_server
 
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. 2024-03-20 8 CVE-2024-2469
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github — github_enterprise_server
 
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. 2024-03-20 9.1 CVE-2024-2443
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
glpi-project — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13. 2024-03-18 7.7 CVE-2024-27096
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
hasthemes — extensions_for_cf7
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6. 2024-03-19 7.1 CVE-2024-29102
audit@patchstack.com
hasthemes — ht_easy_ga4_(_google_analytics_4_)
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7. 2024-03-19 7.1 CVE-2024-29094
audit@patchstack.com
i_thirteen_web_solution — email_subscription_popup
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20. 2024-03-17 7.1 CVE-2024-27960
audit@patchstack.com
ibm — cloud_pak_for_automation
 
IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354. 2024-03-21 7 CVE-2023-35899
psirt@us.ibm.com
psirt@us.ibm.com
iconicwp — woothumbs_for_woocommerce_by_iconic
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs for WooCommerce by Iconic: from n/a through 5.5.3. 2024-03-19 7.1 CVE-2024-29116
audit@patchstack.com
israelb1 — management_app_for_woocommerce_-_order_notifications,_order_management,_lead_management,_uptime_monitoring
 
The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvello_upload_csv_file function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-03-20 8.8 CVE-2024-1205
security@wordfence.com
security@wordfence.com
security@wordfence.com
jens-maus — raspberrymatic
 
RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch. 2024-03-18 10 CVE-2024-24578
security-advisories@github.com
jhpyle — docassemble
 
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch. 2024-03-21 7.5 CVE-2024-27292
security-advisories@github.com
security-advisories@github.com
jose_mortellaro — specific_content_for_mobile_-_customize_the_mobile_version_without_redirections
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jose Mortellaro Specific Content For Mobile – Customize the mobile version without redirections allows Reflected XSS.This issue affects Specific Content For Mobile – Customize the mobile version without redirections: from n/a through 0.1.9.5. 2024-03-19 7.1 CVE-2024-29126
audit@patchstack.com
jupyterhub — jupyter-server-proxy
 
Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to the Jupyter server endpoint. This vulnerability can allow unauthenticated remote access to any websocket endpoint set up to be accessible via Jupyter Server Proxy. In many cases, this leads to remote unauthenticated arbitrary code execution, due to how affected instances use websockets. The websocket endpoints exposed by `jupyter_server` itself is not affected. Projects that do not rely on websockets are also not affected. Versions 3.2.3 and 4.1.1 contain a fix for this issue. 2024-03-20 9 CVE-2024-28179
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
jupyterhub — oauthenticator
 
OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one’s own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a JupyterHub. The restriction is intented to be to Google accounts part of one or more Google organization verified to control specified domain(s). Prior to version 16.3.0, the actual restriction has been to Google accounts with emails ending with the domain. Such accounts could have been created by anyone which at one time was able to read an email associated with the domain. This was described by Dylan Ayrey (@dxa4481) in this [blog post] from 15th December 2023). OAuthenticator 16.3.0 contains a patch for this issue. As a workaround, restrict who can login another way, such as `allowed_users` or `allowed_google_groups`. 2024-03-20 7.5 CVE-2024-29033
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
kiloview — ndi
 
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . 2024-03-21 9.8 CVE-2024-2161
vulnerability@ncsc.ch
vulnerability@ncsc.ch
vulnerability@ncsc.ch
vulnerability@ncsc.ch
vulnerability@ncsc.ch
vulnerability@ncsc.ch
kiloview — ndi
 
An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . 2024-03-21 8.8 CVE-2024-2162
vulnerability@ncsc.ch
vulnerability@ncsc.ch
vulnerability@ncsc.ch
vulnerability@ncsc.ch
vulnerability@ncsc.ch
vulnerability@ncsc.ch
ldapaccountmanager — lam
 
LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM’s log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM’s master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users. 2024-03-18 7.9 CVE-2024-23333
security-advisories@github.com
security-advisories@github.com
maciej_bis — permalink_manager_lite
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3. 2024-03-19 7.1 CVE-2024-29092
audit@patchstack.com
mark_tilly — mycurator_content_curation
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mark Tilly MyCurator Content Curation allows Reflected XSS.This issue affects MyCurator Content Curation: from n/a through 3.76. 2024-03-19 7.1 CVE-2024-29139
audit@patchstack.com
mediavine — create_by_mediavine
 
The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-03-20 9.8 CVE-2024-1711
security@wordfence.com
security@wordfence.com
meshery — meshery
 
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue. 2024-03-21 7.5 CVE-2024-29031
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
metagauss — eventprime
 
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. 2024-03-23 8.2 CVE-2024-24832
audit@patchstack.com
metagauss — registrationmagic
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9. 2024-03-19 7.1 CVE-2024-29113
audit@patchstack.com
microsoft — microsoft_.net_framework_4.8
 
.NET Framework Information Disclosure Vulnerability 2024-03-23 7.5 CVE-2024-29059
secure@microsoft.com
microsoft — xbox_gaming_services
 
Xbox Gaming Services Elevation of Privilege Vulnerability 2024-03-21 8.8 CVE-2024-28916
secure@microsoft.com
mndpsingh287 — file_manager
 
The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the ‘lang’ parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5. 2024-03-21 8.8 CVE-2024-1538
security@wordfence.com
security@wordfence.com
mobsf — mobile-security-framework-mobsf
 
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue. 2024-03-22 7.5 CVE-2024-29190
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
n/a — golang-fips/openssl
 
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the “return nil, nil, fail(…)” pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them. 2024-03-21 7.5 CVE-2024-1394
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n/a — libdwarf
 
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results. 2024-03-18 7.5 CVE-2024-2002
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n/a — podman
 
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. 2024-03-18 8.6 CVE-2024-1753
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n/a — spring_security
 
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. 2024-03-18 8.2 CVE-2024-22257
security@vmware.com
n/a — tourfic
 
Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15. 2024-03-19 9.9 CVE-2024-29135
audit@patchstack.com
n/a — unixodbc
 
An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. 2024-03-18 7.1 CVE-2024-1013
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n/a — xnio
 
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). 2024-03-22 7.5 CVE-2023-5685
secalert@redhat.com
secalert@redhat.com
netentsec — ns-asg_application_security_gateway
 
A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /admin/singlelogin.php. The manipulation of the argument loginId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257285 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 7.3 CVE-2024-2647
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ninjateam — database_for_contact_form_7
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NinjaTeam Database for Contact Form 7 allows Stored XSS.This issue affects Database for Contact Form 7: from n/a through 3.0.6. 2024-03-19 7.1 CVE-2024-29103
audit@patchstack.com
olive_themes — olive_one_click_demo_import
 
Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. 2024-03-20 8.2 CVE-2024-2702
audit@patchstack.com
openeuler — aops_ceres
 
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through 1.4.1. 2024-03-23 7.3 CVE-2021-33633
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
opentext — arcsight_platform
 
A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited. 2024-03-20 9.8 CVE-2024-1811
security@opentext.com
opentext — pvcs_version_manager
 
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. 2024-03-21 9.8 CVE-2024-1147
security@opentext.com
opentext — pvcs_version_manager
 
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. 2024-03-21 9.8 CVE-2024-1148
security@opentext.com
optimole — super_page_cache_for_cloudflare
 
Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5. 2024-03-21 7.1 CVE-2024-27968
audit@patchstack.com
owncast — owncast
 
Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue. 2024-03-20 8.2 CVE-2024-29026
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
panabit — panalog
 
A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-21 7.3 CVE-2024-2014
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pandora_fms — pandora_fms
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through <776. 2024-03-19 7.5 CVE-2023-44091
security@pandorafms.com
pandora_fms — pandora_fms
 
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through <776. 2024-03-19 7.6 CVE-2023-44092
security@pandorafms.com
parse-community — parse_server
 
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server. 2024-03-19 9 CVE-2024-29027
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
pauple — table_&_contact_form_7_database_-_tablesome
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pauple Table & Contact Form 7 Database – Tablesome allows Reflected XSS.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.27. 2024-03-19 7.1 CVE-2024-29110
audit@patchstack.com
pie_register — pie_register
 
Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. 2024-03-17 10 CVE-2024-27957
audit@patchstack.com
post_smtp — post_smtp
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6. 2024-03-19 7.1 CVE-2024-29128
audit@patchstack.com
progress_software — loadmaster
 
An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. 2024-03-22 8.4 CVE-2024-2448
security@progress.com
security@progress.com
progress_software — loadmaster
 
A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. 2024-03-22 7.5 CVE-2024-2449
security@progress.com
security@progress.com
progress_software_corporation — telerik_report_server
 
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. 2024-03-20 9.9 CVE-2024-1800
security@progress.com
security@progress.com
progress_software_corporation — telerik_reporting
 
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. 2024-03-20 8.5 CVE-2024-1856
security@progress.com
security@progress.com
progress_software_corporation — telerik_reporting
 
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. 2024-03-20 7.7 CVE-2024-1801
security@progress.com
security@progress.com
python_software_foundation — cpython
 
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. 2024-03-19 7.8 CVE-2023-6597
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
rubengc — gamipress_-_the_#1_gamification_plugin_to_reward_points_achievements_badges_&_ranks_in_wordpress
 
The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘achievement_types’ attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-03-20 8.8 CVE-2024-1799
security@wordfence.com
security@wordfence.com
ruijie — rg-nbs2009g-p
 
A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 7.3 CVE-2024-2642
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sailpoint — identityiq
 
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227. 2024-03-22 10 CVE-2024-2227
psirt@sailpoint.com
sailpoint — identityiq
 
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. 2024-03-22 7.1 CVE-2024-2228
psirt@sailpoint.com
schneider_electric — easergy_t200_(modbus)_models:_t200i_t200e_t200p_t200s_t200h
 
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. 2024-03-18 9.8 CVE-2024-2051
cybersecurity@se.com
schneider_electric — easergy_t200_(modbus)_models:_t200i_t200e_t200p_t200s_t200h
 
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product. 2024-03-18 8.2 CVE-2024-2050
cybersecurity@se.com
schneider_electric — easergy_t200_(modbus)_models:_t200i_t200e_t200p_t200s_t200h
 
CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location. 2024-03-18 7.5 CVE-2024-2052
cybersecurity@se.com
schneider_electric — ecostruxure_power_design_-_ecodial
 
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. 2024-03-18 7.8 CVE-2024-2229
cybersecurity@se.com
scott_paterson — contact_form_7_-_paypal_&_stripe_add-on
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0. 2024-03-19 7.1 CVE-2024-29130
audit@patchstack.com
sentrifugo — sentrifugo
 
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, ‘business_id’ parameter./sentrifugo/index.php/index/getdepartments/format/html, ‘business_id’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29870
cve-coordination@incibe.es
sentrifugo — sentrifugo
 
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, ‘id’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29871
cve-coordination@incibe.es
sentrifugo — sentrifugo
 
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, ‘agencyids’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29872
cve-coordination@incibe.es
sentrifugo — sentrifugo
 
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, ‘bunitname’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29873
cve-coordination@incibe.es
sentrifugo — sentrifugo
 
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, ‘sort_name’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29874
cve-coordination@incibe.es
sentrifugo — sentrifugo
 
SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/default/reports/exportactiveuserrpt, ‘sort_name’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29875
cve-coordination@incibe.es
sentrifugo — sentrifugo
 
SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/reports/activitylogreport, ‘sortby’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29876
cve-coordination@incibe.es
sentrifugo — sentrifugo
 
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/expenses/expensecategories/edit, ‘expense_category_name’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-03-21 7.1 CVE-2024-29877
cve-coordination@incibe.es
sentrifugo — sentrifugo
 
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/sitepreference/add, ‘description’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-03-21 7.1 CVE-2024-29878
cve-coordination@incibe.es
sentrifugo — sentrifugo
 
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/index/getdepartments/format/html, ‘business_id’ parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-03-21 7.1 CVE-2024-29879
cve-coordination@incibe.es
social_media_share_buttons_by_sygnoos — social_media_share_buttons
 
Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. 2024-03-20 8.2 CVE-2024-2721
audit@patchstack.com
sourcecodester — employee_task_management_system
 
A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin-manage-user.php. The manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257072. 2024-03-18 7.3 CVE-2024-2569
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit-task.php. The manipulation leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257073 was assigned to this vulnerability. 2024-03-18 7.3 CVE-2024-2570
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage-admin.php. The manipulation leads to execution after redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257074 is the identifier assigned to this vulnerability. 2024-03-18 7.3 CVE-2024-2571
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257075. 2024-03-18 7.3 CVE-2024-2572
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file /task-info.php. The manipulation leads to execution after redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257076. 2024-03-18 7.3 CVE-2024-2573
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The manipulation of the argument task_id leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257077 was assigned to this vulnerability. 2024-03-18 7.3 CVE-2024-2574
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257078 is the identifier assigned to this vulnerability. 2024-03-18 7.3 CVE-2024-2575
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument admin_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257079. 2024-03-18 7.3 CVE-2024-2576
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080. 2024-03-18 7.3 CVE-2024-2577
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
stacklok — minder
 
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user – as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue. 2024-03-21 7.1 CVE-2024-27916
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
svenl77 — buddypress_woocommerce_my_account_integration_create_woocommerce_member_pages
 
The “BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages” plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-03-23 8.8 CVE-2024-2025
security@wordfence.com
security@wordfence.com
tenable — nessus_agent
 
As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. 2024-03-18 7.8 CVE-2024-2390
vulnreport@tenable.com
tenda — ac10
 
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability. 2024-03-18 8.8 CVE-2024-2581
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as critical. Affected by this issue is the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceMac leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257462 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2711
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49. Affected is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2703
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49. Affected by this vulnerability is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2704
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability, which was classified as critical, has been found in Tenda AC10U 1.0/15.03.06.49. Affected by this issue is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2705
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49. This affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257457 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2706
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257459. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2708
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability was found in Tenda AC10U 15.03.06.49. It has been classified as critical. Affected is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257460. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2709
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257461 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2710
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Affected by this issue is the function formSetCfm of the file goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-21 8.8 CVE-2024-2763
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac10u
 
A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-21 8.8 CVE-2024-2764
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15 A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2813
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15 A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2814
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15 A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2815
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2805
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2806
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2807
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2808
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2809
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2810
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2811
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac18
 
A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 8.8 CVE-2024-2546
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac18
 
A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 8.8 CVE-2024-2547
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac18
 
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 8.8 CVE-2024-2558
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
themefic — tourfic
 
Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic: from n/a through 2.11.17. 2024-03-19 8.5 CVE-2024-29136
audit@patchstack.com
themefic — tourfic
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7. 2024-03-19 7.1 CVE-2024-29137
audit@patchstack.com
themeisle — visualizer
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5. 2024-03-17 7.1 CVE-2024-27958
audit@patchstack.com
tomphttp — bare-server-node
 
TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may vary depending on the specific usage of the package but it can potentially affect any system where this package is in use. The problem has been patched in version 2.0.2. As of time of publication, no specific workaround strategies have been disclosed. 2024-03-21 9.8 CVE-2024-27922
security-advisories@github.com
typps — calendarista_basic_edition
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2. 2024-03-21 7.1 CVE-2024-27993
audit@patchstack.com
ukrsolution — barcode_scanner_with_inventory_&_order_manager
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. 2024-03-19 7.1 CVE-2024-27998
audit@patchstack.com
unitronics_ — unistream_unilogic
 
CWE-287: Improper Authentication may allow Authentication Bypass 2024-03-18 10 CVE-2024-27767
cna@cyber.gov.il
unitronics_ — unistream_unilogic
 
Unitronics Unistream Unilogic – Versions prior to 1.35.227 – CWE-22: ‘Path Traversal’ may allow RCE 2024-03-18 9.8 CVE-2024-27768
cna@cyber.gov.il
cna@cyber.gov.il
unitronics_ — unistream_unilogic
 
Unitronics Unistream Unilogic – Versions prior to 1.35.227 – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices 2024-03-18 8.8 CVE-2024-27769
cna@cyber.gov.il
cna@cyber.gov.il
unitronics_ — unistream_unilogic
 
Unitronics Unistream Unilogic – Versions prior to 1.35.227 – CWE-23: Relative Path Traversal 2024-03-18 8.8 CVE-2024-27770
cna@cyber.gov.il
cna@cyber.gov.il
unitronics_ — unistream_unilogic
 
Unitronics Unistream Unilogic – Versions prior to 1.35.227 – CWE-22: ‘Path Traversal’ may allow RCE 2024-03-18 8.8 CVE-2024-27771
cna@cyber.gov.il
cna@cyber.gov.il
unitronics_ — unistream_unilogic
 
Unitronics Unistream Unilogic – Versions prior to 1.35.227 – CWE-78: ‘OS Command Injection’ may allow RCE 2024-03-18 8.8 CVE-2024-27772
cna@cyber.gov.il
cna@cyber.gov.il
unitronics_ — unistream_unilogic
 
Unitronics Unistream Unilogic – Versions prior to 1.35.227 – CWE-348: Use of Less Trusted Source may allow RCE 2024-03-18 8.8 CVE-2024-27773
cna@cyber.gov.il
cna@cyber.gov.il
unitronics_ — unistream_unilogic
 
Unitronics Unistream Unilogic – Versions prior to 1.35.227 – CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device’s Firmware 2024-03-18 7.5 CVE-2024-27774
cna@cyber.gov.il
cna@cyber.gov.il
valvepress — automatic
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. 2024-03-21 9.9 CVE-2024-27956
audit@patchstack.com
wasmi-labs — wasmi
 
Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1. 2024-03-21 7.3 CVE-2024-28123
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
webberzone — better_search_-_relevant_search_results_for_wordpress
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue affects Better Search – Relevant search results for WordPress: from n/a through 3.3.0. 2024-03-19 7.1 CVE-2024-29142
audit@patchstack.com
webpack — webpack-dev-middleware
 
Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer’s machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack. Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer’s machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing. 2024-03-21 7.4 CVE-2024-29180
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
wpexpertsio — wc_shop_sync_-_integrate_square_and_woocommerce_for_seamless_shop_management
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9. 2024-03-17 7.1 CVE-2024-27959
audit@patchstack.com
wplit_pty_ltd — oxyextras
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4. 2024-03-19 7.1 CVE-2024-29129
audit@patchstack.com
wpvncom — ux_flat
 
The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘button’ shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 7.4 CVE-2024-2459
security@wordfence.com
security@wordfence.com
xpodas — octopod
 
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1.  NOTE: The vendor was contacted and it was learned that the product is not supported. 2024-03-21 9.8 CVE-2024-1202
iletisim@usom.gov.tr
yannick_lefebvre — link_library
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6. 2024-03-19 7.1 CVE-2024-29123
audit@patchstack.com
yith — yith_woocommerce_product_add-ons
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0. 2024-03-21 7.1 CVE-2024-27994
audit@patchstack.com
zitadel — zitadel
 
ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15. An attacker could create a malicious link, where he injected code which would be rendered as part of the login screen. While it was possible to inject HTML including JavaScript, the execution of such scripts would be prevented by the Content Security Policy. Versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15 contain a patch for this issue. No known workarounds are available. 2024-03-18 8.1 CVE-2024-28855
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3uu — shariff_wrapper
 
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shariff’ shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘secondarycolor’ and ‘maincolor’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2023-6500
security@wordfence.com
security@wordfence.com
3uu — shariff_wrapper
 
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shariff’ shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like ‘info_text’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks the information icon. 2024-03-21 6.4 CVE-2024-0966
security@wordfence.com
security@wordfence.com
security@wordfence.com
3uu — shariff_wrapper
 
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shariff’ shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘align’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2024-1450
security@wordfence.com
security@wordfence.com
security@wordfence.com
N/A — N/A
 
Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file. 2024-03-19 5.5 CVE-2024-24043
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server. 2024-03-21 5.9 CVE-2024-28756
cve@mitre.org
cve@mitre.org
aam — advanced_access_manager
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. 2024-03-19 5.9 CVE-2024-29124
audit@patchstack.com
aankit — easy_maintenance_mode
 
The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by the plugin. 2024-03-20 5.3 CVE-2024-1477
security@wordfence.com
security@wordfence.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-20760
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-20768
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26028
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26030
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26031
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim’s browser. Exploitation of this issue requires user interaction. 2024-03-18 5.4 CVE-2024-26032
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26033
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26034
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26035
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26038
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26040
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26041
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26042
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26043
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26044
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26045
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26052
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26056
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26059
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26061
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26062
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information, potentially bypassing security measures. Exploitation of this issue does not require user interaction. 2024-03-18 5.3 CVE-2024-26063
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim’s browser. Exploitation of this issue requires user interaction. 2024-03-18 5.4 CVE-2024-26064
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26065
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26067
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26069
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26073
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. 2024-03-18 5.4 CVE-2024-26080
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26094
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26096
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26101
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26102
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26103
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26104
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26105
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26106
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26107
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-03-18 5.4 CVE-2024-26118
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. 2024-03-18 5.3 CVE-2024-26119
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26120
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26124
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26125
psirt@adobe.com
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 4.8 CVE-2024-26050
psirt@adobe.com
adobe — animate
 
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20762
psirt@adobe.com
adobe — animate
 
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20763
psirt@adobe.com
adobe — animate
 
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20764
psirt@adobe.com
adobe — bridge
 
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20757
psirt@adobe.com
advantech — webaccess/scada
 
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. 2024-03-21 6.4 CVE-2024-2453
ics-cert@hq.dhs.gov
anshuln90 — animated_headline
 
The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘animated-headline’ shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2304
security@wordfence.com
security@wordfence.com
axis_communications_ab — axis_os
 
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 2024-03-19 6.5 CVE-2024-0054
product-security@axis.com
axis_communications_ab — axis_os
 
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 2024-03-19 6.5 CVE-2024-0055
product-security@axis.com
bdtask — wholesale_inventory_management_system
 
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 4.3 CVE-2024-2639
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
bdthemes — element_pack_elementor_addons
 
Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. 2024-03-23 4.3 CVE-2024-24840
audit@patchstack.com
benjamin_rojas — wp_editor
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7. 2024-03-17 5.3 CVE-2024-25591
audit@patchstack.com
bmc — control-m
 
Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. 2024-03-18 6.4 CVE-2024-1604
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
bmc — control-m
 
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application’s privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. 2024-03-18 6.6 CVE-2024-1605
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
bmc — control-m
 
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200. 2024-03-18 4.6 CVE-2024-1606
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
brefphp — bref
 
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the `Riverline/multipart-parser` library. The library, in the `StreamedPart::parseHeaderContent` function, performs slow multi-byte string operations on the header value. Precisely, the `mb_convert_encoding` function is used with the first (`$string`) and third (`$from_encoding`) parameters read from the header value. An attacker could send specifically crafted requests which would force the server into performing long operations with a consequent long billed duration. The attack has the following requirements and limitations: The Lambda should use the Event-Driven Function runtime and the `RequestHandlerInterface` handler and should implement at least an endpoint accepting POST requests; the attacker can send requests up to 6MB long (this is enough to cause a billed duration between 400ms and 500ms with the default 1024MB RAM Lambda image of Bref); and if the Lambda uses a PHP runtime <= php-82, the impact is higher as the billed duration in the default 1024MB RAM Lambda image of Bref could be brought to more than 900ms for each request. Notice that the vulnerability applies only to headers read from the request body as the request header has a limitation which allows a total maximum size of ~10KB. Version 2.1.17 contains a fix for this issue. 2024-03-22 5.3 CVE-2024-29186
security-advisories@github.com
security-advisories@github.com
calameo — wp_calameo
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Calameo WP Calameo allows Stored XSS.This issue affects WP Calameo: from n/a through 2.1.7. 2024-03-19 6.5 CVE-2024-29098
audit@patchstack.com
campcodes — complete_online_beauty_parlor_management_system
 
A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257602 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2766
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_beauty_parlor_management_system
 
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257603. 2024-03-21 6.3 CVE-2024-2767
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_beauty_parlor_management_system
 
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257604. 2024-03-21 6.3 CVE-2024-2768
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_beauty_parlor_management_system
 
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257605 was assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2769
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_beauty_parlor_management_system
 
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-us.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257606 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2770
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_beauty_parlor_management_system
 
A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257608. 2024-03-21 6.3 CVE-2024-2774
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_beauty_parlor_management_system
 
A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257610 is the identifier assigned to this vulnerability. 2024-03-22 6.3 CVE-2024-2776
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_beauty_parlor_management_system
 
A vulnerability has been found in Campcodes Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257611. 2024-03-22 6.3 CVE-2024-2777
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_dj_booking_system
 
A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2712
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_dj_booking_system
 
A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257466 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2713
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_dj_booking_system
 
A vulnerability has been found in Campcodes Complete Online DJ Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257467. 2024-03-20 6.3 CVE-2024-2714
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/vacancy/controller.php. The manipulation of the argument id/CATEGORY leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257368. 2024-03-20 6.3 CVE-2024-2668
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/employee/controller.php of the component GET Parameter Handler. The manipulation of the argument EMPLOYEEID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257369 was assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2669
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/vacancy/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257370 is the identifier assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2670
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user/index.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257371. 2024-03-20 6.3 CVE-2024-2671
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257372. 2024-03-20 6.3 CVE-2024-2672
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability classified as critical has been found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257373 was assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2673
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability classified as critical was found in Campcodes Online Job Finder System 1.0. This vulnerability affects unknown code of the file /admin/employee/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257374 is the identifier assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2674
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /admin/company/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257375. 2024-03-20 6.3 CVE-2024-2675
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257376. 2024-03-20 6.3 CVE-2024-2676
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/controller.php. The manipulation of the argument CATEGORYID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257377 was assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2677
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257378 is the identifier assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2678
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387. 2024-03-20 6.3 CVE-2024-2687
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cegid — meta4_hr
 
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint ‘/sitetest/english/dumpenv.jsp’ is vulnerable to XSS attack by ‘lang’ query, i.e. ‘/sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert(1)%3E&params’. 2024-03-19 6.1 CVE-2024-2633
cve-coordination@incibe.es
cegid — meta4_hr
 
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint ‘/sse_generico/generico_login.jsp’ is vulnerable to XSS attack via ‘lang’ query, i.e. ‘/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f&params=’. 2024-03-19 6.1 CVE-2024-2634
cve-coordination@incibe.es
ciges — cigesv2
 
Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration. 2024-03-22 6.1 CVE-2024-2726
cve-coordination@incibe.es
ciges — cigesv2
 
HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. 2024-03-22 6.1 CVE-2024-2727
cve-coordination@incibe.es
ciges — cigesv2
 
Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. 2024-03-22 4.1 CVE-2024-2728
cve-coordination@incibe.es
cilium — cilium
 
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node’s Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node’s DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue. 2024-03-18 6.1 CVE-2024-28249
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
cilium — cilium
 
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node’s Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node’s DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.14.8 and 1.15.2 in in native routing mode (`routingMode=native`) and in Cilium 1.14.4 in tunneling mode (`routingMode=tunnel`). Not that in tunneling mode, `encryption.wireguard.encapsulate` must be set to `true`. There is no known workaround for this issue. 2024-03-18 6.1 CVE-2024-28250
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
colorlibplugins — coming_soon_&_maintenance_mode_by_colorlib
 
The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin. 2024-03-20 5.3 CVE-2024-1473
security@wordfence.com
security@wordfence.com
cozmoslabs,_sareiodata — passwordless_login
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2. 2024-03-19 6.5 CVE-2024-29143
audit@patchstack.com
creativethemeshq — blocksy_companion
 
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-22 6.5 CVE-2024-2392
security@wordfence.com
security@wordfence.com
crisp — crisp
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44. 2024-03-21 6.5 CVE-2024-27963
audit@patchstack.com
data443 — tracking_code_manager
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16. 2024-03-21 5.9 CVE-2024-2579
audit@patchstack.com
dazzlersoft — coming_soon_under_construction_&_maintenance_mode_by_dazzler
 
The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode. 2024-03-20 5.3 CVE-2024-1181
security@wordfence.com
security@wordfence.com
delabon — live_sales_notification_for_woocommerce_-_woomotiv
 
The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the ‘ajax_cancel_review’ function. This makes it possible for unauthenticated attackers to reset the site’s review count via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-20 4.3 CVE-2024-1325
security@wordfence.com
security@wordfence.com
security@wordfence.com
dell — poweredge_platform
 
Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. 2024-03-19 4.4 CVE-2024-25942
security_alert@emc.com
delta_electronics — diaenergie
 
Improper neutralization of input within the affected product could lead to cross-site scripting. 2024-03-21 4.6 CVE-2024-28045
ics-cert@hq.dhs.gov
denoland — deno
 
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier’s hostname is equal to or a child of a token’s hostname, which can cause tokens to be sent to servers they shouldn’t be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue 2024-03-21 4.6 CVE-2024-27932
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
devklan — alma_blog
 
Improper access control vulnerability in Devklan’s Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application’s functionalities without the need for credentials. 2024-03-19 6.5 CVE-2024-1144
cve-coordination@incibe.es
devklan — alma_blog
 
User enumeration vulnerability in Devklan’s Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response. 2024-03-19 5.3 CVE-2024-1145
cve-coordination@incibe.es
devklan — alma_blog
 
Cross-Site Scripting vulnerability in Devklan’s Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to ‘Community Description’ or ‘Community Rules’. 2024-03-19 5.8 CVE-2024-1146
cve-coordination@incibe.es
diygod — rsshub
 
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version 1.0.0-master.d8ca915. No known workarounds are available. 2024-03-21 6.1 CVE-2024-27926
security-advisories@github.com
security-advisories@github.com
diygod — rsshub
 
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request. 2024-03-21 6.5 CVE-2024-27927
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
espocrm — espocrm
 
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in “Password Change” page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2. 2024-03-21 5.9 CVE-2024-24818
security-advisories@github.com
security-advisories@github.com
five_star_plugins — five_star_restaurant_menu
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14. 2024-03-19 6.5 CVE-2024-29089
audit@patchstack.com
folio — spring_module_core
 
A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is d374a5f77e6b58e36f0e0e4419be18b95edcd7ff. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257516. 2024-03-21 5.5 CVE-2022-4963
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
foliovision:_making_the_web_work_for_you — fv_flowplayer_video_player
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. 2024-03-19 6.5 CVE-2024-29122
audit@patchstack.com
franciscop — translate
 
Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue. 2024-03-22 5.3 CVE-2024-29042
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
fujian_kelixin_communication — command_and_dispatch_platform
 
A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation of the argument uuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257197 was assigned to this vulnerability. 2024-03-19 6.3 CVE-2024-2620
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fujian_kelixin_communication — command_and_dispatch_platform
 
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability. 2024-03-19 6.3 CVE-2024-2621
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fujian_kelixin_communication — command_and_dispatch_platform
 
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/enterprise_uuid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257199. 2024-03-19 6.3 CVE-2024-2622
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
funnelkit — automation_by_autonami
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2. 2024-03-21 6.5 CVE-2024-2580
audit@patchstack.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn’t already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue. 2024-03-20 6 CVE-2024-23634
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator’s browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information. Versions 2.23.3 and 2.24.0 contain a patch for this issue. 2024-03-20 4.8 CVE-2023-51445
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user’s browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users’ ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue. 2024-03-20 4.8 CVE-2024-23640
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user’s browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users’ ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue. 2024-03-20 4.8 CVE-2024-23642
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue. 2024-03-20 4.8 CVE-2024-23643
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user’s browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users’ ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue. 2024-03-20 4.8 CVE-2024-23818
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user’s browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users’ ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. 2024-03-20 4.8 CVE-2024-23819
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
geoserver — geoserver
 
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user’s browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users’ ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. 2024-03-20 4.8 CVE-2024-23821
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
github — enterprise_server
 
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program.  2024-03-21 6.3 CVE-2024-1908
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github_ — enterprise_server
 
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.  2024-03-21 4.3 CVE-2024-2748
product-cna@github.com
glpi-project — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13. 2024-03-18 6.4 CVE-2024-27098
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
glpi-project — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13. 2024-03-18 6.5 CVE-2024-27930
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
glpi-project — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13. 2024-03-18 6.5 CVE-2024-27937
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
glpi-project — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13. 2024-03-18 5.3 CVE-2024-27914
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
glpi-project — glpi
 
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13. 2024-03-18 4.5 CVE-2024-27104
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
godaddy — page_builder_gutenberg_blocks_-_coblocks
 
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Icon Widget’s in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-1049
security@wordfence.com
security@wordfence.com
gpriday — page_builder_by_siteorigin
 
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-2202
security@wordfence.com
security@wordfence.com
security@wordfence.com
heyewei — jfinalcms
 
A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257071. 2024-03-17 4.7 CVE-2024-2568
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. 2024-03-21 6.5 CVE-2024-22352
psirt@us.ibm.com
psirt@us.ibm.com
ibm — mq
 
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066. 2024-03-20 5.3 CVE-2023-45177
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_verify_directory
 
IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. 2024-03-22 5.3 CVE-2022-32751
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_verify_directory
 
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444. 2024-03-22 4.5 CVE-2022-32753
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_verify_directory
 
IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445. 2024-03-22 4.8 CVE-2022-32754
psirt@us.ibm.com
psirt@us.ibm.com
ibm — security_verify_governance
 
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. 2024-03-20 5.9 CVE-2023-35888
psirt@us.ibm.com
psirt@us.ibm.com
ibm — storage_protect_plus_server
 
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. 2024-03-21 6.2 CVE-2024-27277
psirt@us.ibm.com
psirt@us.ibm.com
ibm — storage_protect_plus_server
 
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538. 2024-03-21 4.3 CVE-2023-47715
psirt@us.ibm.com
psirt@us.ibm.com
inc2734 — smart_custom_fields
 
The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above, to retrieve post content that is password protected and/or private. 2024-03-20 4.3 CVE-2024-1995
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
infosatech — revivepress_-_keep_your_old_content_evergreen
 
The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them. 2024-03-20 4.3 CVE-2024-1844
security@wordfence.com
security@wordfence.com
security@wordfence.com
isaacs — node-tar
 
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders. 2024-03-21 6.5 CVE-2024-28863
security-advisories@github.com
security-advisories@github.com
jan-peter_lambeck_&_3uu — shariff_wrapper
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10. 2024-03-19 6.5 CVE-2024-29109
audit@patchstack.com
jean-david_daviet — download_media
 
Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2. 2024-03-21 4.3 CVE-2024-27190
audit@patchstack.com
jegtheme — jeg_elementor_kit
 
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2024-1326
security@wordfence.com
security@wordfence.com
security@wordfence.com
jegtheme — jeg_elementor_kit
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2. 2024-03-19 6.5 CVE-2024-29101
audit@patchstack.com
jetbrains — teamcity
 
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process 2024-03-21 4.2 CVE-2024-29880
cve@jetbrains.com
jhpyle — docassemble
 
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user’s name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch. 2024-03-21 6.1 CVE-2024-27290
security-advisories@github.com
security-advisories@github.com
jhpyle — docassemble
 
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch. 2024-03-21 6.1 CVE-2024-27291
security-advisories@github.com
security-advisories@github.com
jp2112 — standout_color_boxes_and_buttons
 
The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘color-button’ shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2474
security@wordfence.com
security@wordfence.com
kilbot — woocommerce_pos
 
The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id 2024-03-20 4.3 CVE-2024-2384
security@wordfence.com
security@wordfence.com
kishor-23 — food_waste_management_system
 
A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 5.3 CVE-2024-2557
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lakernote — easyadmin
 
A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: ‘../filedir’. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257715. 2024-03-22 6.3 CVE-2024-2825
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lakernote — easyadmin
 
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716. 2024-03-22 6.3 CVE-2024-2826
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lakernote — easyadmin
 
A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257717 was assigned to this vulnerability. 2024-03-22 6.3 CVE-2024-2827
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lakernote — easyadmin
 
A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 23165d8cb569048c531150f194fea39f8800b8d5. It is recommended to apply a patch to fix this issue. VDB-257718 is the identifier assigned to this vulnerability. 2024-03-22 6.3 CVE-2024-2828
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
latchset — jwcrypto
 
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. 2024-03-21 6.8 CVE-2024-28102
security-advisories@github.com
security-advisories@github.com
leap13 — premium_addons_for_elementor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16. 2024-03-19 6.5 CVE-2024-29106
audit@patchstack.com
leevio — happy_addons_for_elementor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. 2024-03-19 6.5 CVE-2024-29108
audit@patchstack.com
liquidpoll — liquidpoll_-_polls,_surveys,_nps_and_feedback_reviews
 
The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private. 2024-03-22 4.3 CVE-2024-2080
security@wordfence.com
security@wordfence.com
magenet — website_article_monetization_by_magenet
 
The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘abp_auth_key’ parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.1 CVE-2024-1379
security@wordfence.com
security@wordfence.com
magesh-k21 — online-college-event-hall-reservation-system
 
A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256971. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 6.3 CVE-2024-2534
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
matt_manning — mjm_clinic
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt Manning MJM Clinic.This issue affects MJM Clinic: from n/a through 1.1.22. 2024-03-19 6.5 CVE-2024-29096
audit@patchstack.com
matt_manning — mjm_clinic
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt Manning MJM Clinic allows Stored XSS.This issue affects MJM Clinic: from n/a through 1.1.22. 2024-03-19 5.9 CVE-2024-29140
audit@patchstack.com
matthias-wandel — jhead
 
A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711. 2024-03-22 6.3 CVE-2024-2824
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
mbis — permalink_manager_pro
 
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ajax_save_permalink’ function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts. 2024-03-20 5.4 CVE-2024-2538
security@wordfence.com
security@wordfence.com
security@wordfence.com
melapress — wp_2fa
 
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. 2024-03-21 5.3 CVE-2022-44595
audit@patchstack.com
microsoft — microsoft_edge_(chromium-based)
 
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2024-03-22 4.7 CVE-2024-26247
secure@microsoft.com
microsoft — microsoft_edge_(chromium-based)
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-03-22 4.3 CVE-2024-29057
secure@microsoft.com
microsoft — microsoft_edge_for_android
 
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability 2024-03-21 4.3 CVE-2024-26196
secure@microsoft.com
moby — moby
 
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby’s networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `–internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well. When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs. Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly. In addition to configuring the Linux kernel’s various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver. When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container’s network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself. As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved. Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host’s configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected. Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace’s normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers. Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address. Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container’s network namespace. 2024-03-20 5.9 CVE-2024-29018
security-advisories@github.com
security-advisories@github.com
moveaddons — move_addons_for_elementor
 
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-2131
security@wordfence.com
security@wordfence.com
n-media — frontend_file_manager
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. 2024-03-17 5.3 CVE-2024-25903
audit@patchstack.com
n/a — 74cms
 
A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060. 2024-03-17 6.3 CVE-2024-2561
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a — black
 
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. 2024-03-19 5.3 CVE-2024-21503
report@snyk.io
report@snyk.io
report@snyk.io
n/a — dedecms
 
A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2820
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a — dedecms
 
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2821
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a — dedecms
 
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2822
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a — dedecms
 
A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2823
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a — gnutls
 
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. 2024-03-21 5.3 CVE-2024-28834
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n/a — gnutls
 
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the “certtool –verify-chain” command. 2024-03-21 5 CVE-2024-28835
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n/a — iperf
 
A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service. 2024-03-18 5.3 CVE-2023-7250
secalert@redhat.com
secalert@redhat.com
n/a — libvirt
 
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. 2024-03-21 6.2 CVE-2024-2494
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n/a — libvirt
 
A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. 2024-03-18 5 CVE-2024-2496
secalert@redhat.com
secalert@redhat.com
n/a — livewire/livewire
 
Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user’s browser session by crafting a malicious link and convincing the user to click on it. 2024-03-19 6.1 CVE-2024-21504
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
n/a — osbuild-composer
 
A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. 2024-03-19 6.1 CVE-2024-2307
secalert@redhat.com
secalert@redhat.com
n/a — zhicms
 
A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255269 was assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2015
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a — zhicms
 
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2016
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nasirahmed — advanced_form_integration_-_connect_woocommerce_and_contact_form_7_to_google_sheets_and_other_platforms
 
The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integration_id’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries and subsequently inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-20 6.1 CVE-2024-2387
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
netentsec — ns-asg_application_security_gateway
 
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/addfirewall.php. The manipulation of the argument FireWallTableArray leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 6.3 CVE-2024-2644
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec — ns-asg_application_security_gateway
 
A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257284. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 6.3 CVE-2024-2646
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec — ns-asg_application_security_gateway
 
A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257287. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 6.3 CVE-2024-2649
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec — ns-asg_application_security_gateway
 
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257283. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 4.3 CVE-2024-2645
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec — ns-asg_application_security_gateway
 
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257286 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 4.3 CVE-2024-2648
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
octoprint — octoprint
 
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the “Test” button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers. 2024-03-18 4 CVE-2024-28237
security-advisories@github.com
security-advisories@github.com
openbmb — xagent
 
A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-255265 was assigned to this vulnerability. 2024-03-21 5.3 CVE-2024-2007
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
opentext — service_management_automation_x_(smax)

 

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11; and Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. 2024-03-19 6.5 CVE-2023-32259
security@opentext.com
opentext — service_management_automation_x_(smax)
 
Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; Asset Management X (AMX) versions: 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; and Hybrid Cloud Management X (HCMX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05. 2024-03-19 6.5 CVE-2023-32260
security@opentext.com
openzeppelin — openzeppelin-contracts
 
OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6. 2024-03-21 6.5 CVE-2024-27094
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
osamaesh — wp_visitor_statistics_(real_time_traffic)
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4. 2024-03-17 5.3 CVE-2024-24867
audit@patchstack.com
pandaxgo — pandax
 
A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/role_menu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257061 was assigned to this vulnerability. 2024-03-17 6.3 CVE-2024-2562
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pandaxgo — pandax
 
A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: ‘../filedir’. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257063. 2024-03-17 6.3 CVE-2024-2564
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pandaxgo — pandax
 
A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257064. 2024-03-17 6.3 CVE-2024-2565
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pandaxgo — pandax
 
A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability. 2024-03-17 5.4 CVE-2024-2563
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pandora_fms — pandora_fms
 
: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776. 2024-03-19 6.7 CVE-2023-41793
security@pandorafms.com
pandora_fms — pandora_fms
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700 through <776. 2024-03-19 6.8 CVE-2023-44090
security@pandorafms.com
paul_ryley — site_reviews
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Paul Ryley Site Reviews allows Stored XSS.This issue affects Site Reviews: from n/a through 6.11.6. 2024-03-19 5.9 CVE-2024-29095
audit@patchstack.com
pdf_embedder — pdf_embedder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. 2024-03-19 6.5 CVE-2024-29141
audit@patchstack.com
pepro_dev._group — peprodev_ultimate_invoice
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7. 2024-03-17 5.3 CVE-2024-25933
audit@patchstack.com
pickplugins — user_profile
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins User profile allows Stored XSS.This issue affects User profile: from n/a through 2.0.20. 2024-03-19 6.3 CVE-2024-29097
audit@patchstack.com
progress_software — moveit_transfer
 
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. 2024-03-20 4.3 CVE-2024-2291
security@progress.com
security@progress.com
python_software_foundation — cpython
 
An issue was found in the CPython `zipfile` module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. 2024-03-19 6.2 CVE-2024-0450
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
cna@python.org
qiskit — qiskit-ibm-runtime
 
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue. 2024-03-20 5.3 CVE-2024-29032
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
railmedia — order_tip_for_woocommerce
 
The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin’s order fees. 2024-03-20 5.3 CVE-2024-1119
security@wordfence.com
security@wordfence.com
security@wordfence.com
realmag777 — bear
 
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4. 2024-03-23 4.3 CVE-2024-24835
audit@patchstack.com
remyb92 — translate_wordpress_and_go_multilingual_-_weglot
 
The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘className’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2124
security@wordfence.com
security@wordfence.com
security@wordfence.com
repute_infosystems — armember_-_membership_plugin_content_restriction_member_levels_user_profile_&_user_signup
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: from n/a through 4.0.23. 2024-03-21 5.9 CVE-2024-27995
audit@patchstack.com
rewardsfuel — contests_by_rewards_fuel
 
The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘update_rewards_fuel_api_key’ parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-1787
security@wordfence.com
security@wordfence.com
rewardsfuel — contests_by_rewards_fuel
 
The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajax_handler() function. This makes it possible for unauthenticated attackers to update the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site’s user with the edit_posts capability into performing an action such as clicking on a link. 2024-03-20 5.4 CVE-2024-1785
security@wordfence.com
security@wordfence.com
rubengc — gamipress_-_button
 
The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gamipress_button’ shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2460
security@wordfence.com
security@wordfence.com
ruijie — rg-nbs2009g-p
 
A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 5.3 CVE-2024-2641
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
saleor — storefront
 
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`. 2024-03-20 4.3 CVE-2024-29036
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
save_as_pdf_plugin_by_pdfcrowd — word_replacer_pro
 
Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0. 2024-03-20 6.5 CVE-2023-52229
audit@patchstack.com
scrollsequence — scrollsequence
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Scrollsequence allows Stored XSS.This issue affects Scrollsequence: from n/a through 1.5.4. 2024-03-19 6.5 CVE-2024-29118
audit@patchstack.com
sjaved — easy_social_feed_-_social_photos_gallery_-_post_feed_-_like_box
 
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘efb_likebox’ shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2024-1278
security@wordfence.com
security@wordfence.com
sjaved — easy_social_feed_-_social_photos_gallery_-_post_feed_-_like_box
 
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and efbl_save_facebook_access_token functions. This makes it possible for unauthenticated attackers to connect their facebook and instagram pages to the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-21 5.4 CVE-2024-1213
security@wordfence.com
security@wordfence.com
sjaved — easy_social_feed_-_social_photos_gallery_-_post_feed_-_like_box
 
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for unauthenticated attackers to disconnect a site’s facebook or instagram page/group connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-21 4.3 CVE-2024-1214
security@wordfence.com
security@wordfence.com
sonatype — iq_server
 
Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue. 2024-03-21 5.4 CVE-2024-1142
103e4ec9-0a87-450b-af77-479448ddef11
sourcecodester — complete_e-commerce_site
 
A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544. 2024-03-21 4.7 CVE-2024-2754
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability. 2024-03-17 6.3 CVE-2024-2554
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257054 is the identifier assigned to this vulnerability. 2024-03-17 6.3 CVE-2024-2555
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — employee_task_management_system
 
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055. 2024-03-17 6.3 CVE-2024-2556
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — file_manager_app
 
A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability. 2024-03-18 6.3 CVE-2024-2604
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — online_discussion_forum_site
 
A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file /uupdate.php. The manipulation of the argument ima leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257388. 2024-03-20 6.3 CVE-2024-2690
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — simple_file_manager
 
A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability. 2024-03-23 6.3 CVE-2024-2849
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
spring — spring
 
Spring Authorization Server versions 1.0.0 – 1.0.5, 1.1.0 – 1.1.5, 1.2.0 – 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An application is not vulnerable when a Public Client uses PKCE for the Authorization Code Grant. 2024-03-20 6.1 CVE-2024-22258
security@vmware.com
supercleanse — pretty_links_-_affiliate_links_link_branding_link_tracking_&_marketing_plugin
 
The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin’s configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-23 4.3 CVE-2024-2326
security@wordfence.com
security@wordfence.com
survey_maker_team — survey_maker
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5. 2024-03-19 5.9 CVE-2024-27996
audit@patchstack.com
tenda — ac10u
 
A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257458 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 6.3 CVE-2024-2707
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 6.3 CVE-2024-2812
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2816
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac15
 
A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2817
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac18
 
A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 4.3 CVE-2024-2559
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda — ac18
 
A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 4.3 CVE-2024-2560
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
themefic — tourfic
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themefic Tourfic allows Stored XSS.This issue affects Tourfic: from n/a through 2.11.8. 2024-03-19 6.5 CVE-2024-29134
audit@patchstack.com
themegrill — colormag
 
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-22 6.4 CVE-2024-2500
security@wordfence.com
security@wordfence.com
security@wordfence.com
themelocation — custom_woocommerce_checkout_fields_editor
 
The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-1697
security@wordfence.com
security@wordfence.com
security@wordfence.com
themeum — tutor_lms_-_elearning_and_online_course_solution
 
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. 2024-03-21 5.4 CVE-2024-1502
security@wordfence.com
security@wordfence.com
themeum — tutor_lms_-_elearning_and_online_course_solution
 
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erase_tutor_data() function. This makes it possible for unauthenticated attackers to deactivate the plugin and erase all data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This requires the “Erase upon uninstallation” option to be enabled. 2024-03-21 4.3 CVE-2024-1503
security@wordfence.com
security@wordfence.com
timersys — wp_popups
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5. 2024-03-19 5.9 CVE-2024-29105
audit@patchstack.com
tobias_conrad — builder_for_woocommerce_reviews_shortcodes_-_reviewshort
 
Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3. 2024-03-19 4.3 CVE-2024-29093
audit@patchstack.com
visualcomposer — visual_composer_website_builder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.6.0. 2024-03-19 5.9 CVE-2024-27997
audit@patchstack.com
w3_eden_inc — download_manager
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through 3.2.84. 2024-03-19 6.5 CVE-2024-29114
audit@patchstack.com
webtoffee — woocommerce_pdf_invoices_packing_slips_delivery_notes_and_shipping_labels
 
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing. 2024-03-22 6.1 CVE-2024-0957
security@wordfence.com
security@wordfence.com
webvitaly — sitekit
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Webvitaly Sitekit allows Stored XSS.This issue affects Sitekit: from n/a through 1.6. 2024-03-19 6.5 CVE-2024-29111
audit@patchstack.com
wp_marketing_robot — woocommerce_google_feed_manager
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0. 2024-03-19 5.9 CVE-2024-29112
audit@patchstack.com
wpbits — wpbits_addons_for_elementor_page_builder
 
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2129
security@wordfence.com
security@wordfence.com
wpcoder — wp_coder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5. 2024-03-21 5.9 CVE-2024-2578
audit@patchstack.com
wpdevteam — embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos_audios_maps_&_embed_any_documents_in_gutenberg_&_elemento
 
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 5.4 CVE-2024-2688
security@wordfence.com
security@wordfence.com
wpdevteam — embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos_audios_maps_&_embed_any_documents_in_gutenberg_&_elementor
 
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget ’embedpress_pro_twitch_theme ‘ attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-2468
security@wordfence.com
security@wordfence.com
wpdevteam — essential_blocks_-_page_builder_gutenberg_blocks-patterns_&_templates
 
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 4.5.2 due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2255
security@wordfence.com
security@wordfence.com
security@wordfence.com
wpfunnels_team — wpfunnels
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6. 2024-03-21 5.9 CVE-2024-27965
audit@patchstack.com
wpvibes — elementor_addon_elements
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.12.10. 2024-03-19 6.5 CVE-2024-29107
audit@patchstack.com
zaytech — smart_online_order_for_clover
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. 2024-03-19 6.5 CVE-2024-29115
audit@patchstack.com
zimma_ltd. — ticket_tailor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through 1.10. 2024-03-19 6.5 CVE-2024-29104
audit@patchstack.com
zulip — zulip
 
Zulip is an open-source team collaboration. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a private stream, Zulip would successfully move the message, — but active users who did not have access to the private stream, but whose client had already received the message, would continue to see the message in the public stream until they reloaded their client. Additionally, Zulip did not remove view permissions on the message from recently-active users, allowing the message to show up in the “All messages” view or in search results, but not in “Inbox” or “Recent conversations” views. While the bug has been present since moving messages between streams was first introduced in version 3.0, this option became much more common starting in Zulip 8.0, when the default option in the picker for moving the very last message in a conversation was changed. This issue is fixed in Zulip Server 8.3. No known workarounds are available. 2024-03-20 6.5 CVE-2024-27286
security-advisories@github.com
security-advisories@github.com

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — adobe_experience_manager
 
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-03-18 3.4 CVE-2024-26051
psirt@adobe.com
campcodes — complete_online_dj_booking_system
 
A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/user-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257468. 2024-03-20 3.5 CVE-2024-2715
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_dj_booking_system
 
A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument email leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257469 was assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2716
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_dj_booking_system
 
A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257470 is the identifier assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2717
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_dj_booking_system
 
A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257471. 2024-03-20 3.5 CVE-2024-2718
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_dj_booking_system
 
A vulnerability classified as problematic has been found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257472. 2024-03-20 3.5 CVE-2024-2719
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — complete_online_dj_booking_system
 
A vulnerability classified as problematic was found in Campcodes Complete Online DJ Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257473 was assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2720
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vacancy/index.php. The manipulation of the argument view leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257379. 2024-03-20 3.5 CVE-2024-2679
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257380. 2024-03-20 3.5 CVE-2024-2680
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/employee/index.php. The manipulation of the argument view leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257381 was assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2681
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability classified as problematic has been found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/employee/controller.php. The manipulation of the argument EMPLOYEEID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257382 is the identifier assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2682
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability classified as problematic was found in Campcodes Online Job Finder System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/company/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257383. 2024-03-20 3.5 CVE-2024-2683
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability, which was classified as problematic, has been found in Campcodes Online Job Finder System 1.0. Affected by this issue is some unknown functionality of the file /admin/category/index.php. The manipulation of the argument view leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257384. 2024-03-20 3.5 CVE-2024-2684
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability, which was classified as problematic, was found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/applicants/index.php. The manipulation of the argument view leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257385 was assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2685
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_job_finder_system
 
A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257386 is the identifier assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2686
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_marriage_registration_system
 
A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257607. 2024-03-21 3.5 CVE-2024-2773
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_marriage_registration_system
 
A vulnerability, which was classified as problematic, has been found in Campcodes Online Marriage Registration System 1.0. This issue affects some unknown processing of the file /user/user-profile.php. The manipulation of the argument lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257609 was assigned to this vulnerability. 2024-03-21 3.5 CVE-2024-2775
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_marriage_registration_system
 
A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257612. 2024-03-22 3.5 CVE-2024-2778
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_marriage_registration_system
 
A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257613 was assigned to this vulnerability. 2024-03-22 3.5 CVE-2024-2779
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_marriage_registration_system
 
A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257614 is the identifier assigned to this vulnerability. 2024-03-22 3.5 CVE-2024-2780
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes — online_shopping_system
 
A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752. 2024-03-23 3.5 CVE-2024-2832
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
checkmk_gmbh — checkmk
 
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. 2024-03-22 3.8 CVE-2024-1742
security@checkmk.com
clickhouse — clickhouse
 
ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn’t have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not. 2024-03-18 2.4 CVE-2024-22412
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ibm — security_verify_directory
 
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507. 2024-03-22 2.7 CVE-2022-32756
psirt@us.ibm.com
psirt@us.ibm.com
ilicmiljan — secure-props
 
SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as `n`. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). The patch for the issue has been released. Users are advised to update to version 1.2.2. As a workaround, one may use the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic. This workaround is safe but may involve double encoding since `TagAwareCipher` uses `NullEncoder` by default. 2024-03-18 2.6 CVE-2024-28864
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
kaspersky — kaspersky_password_manager_for_windows
 
Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials. 2024-03-22 2.2 CVE-2023-23349
vulnerability@kaspersky.com
magesh-k21 — online-college-event-hall-reservation-system
 
A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 3.5 CVE-2024-2535
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester — product_review_rating_system
 
A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257052. 2024-03-17 3.5 CVE-2024-2553
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
umbraco — umbraco-cms
 
Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins. 2024-03-20 3.7 CVE-2024-28868
security-advisories@github.com
security-advisories@github.com

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
N/A — N/A
 
In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag. 2024-03-18 not yet calculated CVE-2018-25099
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account. 2024-03-21 not yet calculated CVE-2020-26942
cve@mitre.org
N/A — N/A
 
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. 2024-03-18 not yet calculated CVE-2021-47154
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. 2024-03-18 not yet calculated CVE-2021-47155
cve@mitre.org
cve@mitre.org
N/A — N/A
 
The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. 2024-03-18 not yet calculated CVE-2021-47156
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. 2024-03-18 not yet calculated CVE-2021-47157
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for “debug login” by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later. 2024-03-18 not yet calculated CVE-2022-47036
cve@mitre.org
N/A — N/A
 
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. 2024-03-18 not yet calculated CVE-2022-47037
cve@mitre.org
N/A — N/A
 
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php. 2024-03-21 not yet calculated CVE-2023-38825
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp. 2024-03-19 not yet calculated CVE-2023-40275
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp. 2024-03-19 not yet calculated CVE-2023-40276
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter. 2024-03-19 not yet calculated CVE-2023-40277
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message. 2024-03-19 not yet calculated CVE-2023-40278
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do. 2024-03-19 not yet calculated CVE-2023-40279
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp. 2024-03-19 not yet calculated CVE-2023-40280
cve@mitre.org
cve@mitre.org
N/A — N/A
 
In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.(from a regular user to SYSTEM). 2024-03-22 not yet calculated CVE-2023-41099
cve@mitre.org
N/A — N/A
 
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter “id” within the getPhotosByCarId function call in details.php. 2024-03-21 not yet calculated CVE-2023-48901
cve@mitre.org
N/A — N/A
 
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php. 2024-03-21 not yet calculated CVE-2023-48902
cve@mitre.org
N/A — N/A
 
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter “imgType” via in uploadCarImages.php. 2024-03-21 not yet calculated CVE-2023-48903
cve@mitre.org
N/A — N/A
 
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. 2024-03-21 not yet calculated CVE-2023-49978
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. 2024-03-21 not yet calculated CVE-2023-49979
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. 2024-03-21 not yet calculated CVE-2023-49980
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. 2024-03-21 not yet calculated CVE-2023-49981
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. 2024-03-21 not yet calculated CVE-2023-49982
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. 2024-03-21 not yet calculated CVE-2023-49983
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. 2024-03-21 not yet calculated CVE-2023-49984
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter. 2024-03-21 not yet calculated CVE-2023-49985
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one. 2024-03-19 not yet calculated CVE-2023-50811
cve@mitre.org
N/A — N/A
 
erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header. 2024-03-19 not yet calculated CVE-2023-50966
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. 2024-03-20 not yet calculated CVE-2023-50967
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry. 2024-03-18 not yet calculated CVE-2023-52159
cve@mitre.org
N/A — N/A
 
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. 2024-03-20 not yet calculated CVE-2024-22077
cve@mitre.org
N/A — N/A
 
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. 2024-03-20 not yet calculated CVE-2024-22078
cve@mitre.org
N/A — N/A
 
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. 2024-03-20 not yet calculated CVE-2024-22079
cve@mitre.org
N/A — N/A
 
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing. 2024-03-20 not yet calculated CVE-2024-22080
cve@mitre.org
N/A — N/A
 
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. 2024-03-20 not yet calculated CVE-2024-22081
cve@mitre.org
N/A — N/A
 
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system. 2024-03-20 not yet calculated CVE-2024-22082
cve@mitre.org
N/A — N/A
 
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. 2024-03-20 not yet calculated CVE-2024-22083
cve@mitre.org
N/A — N/A
 
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. 2024-03-20 not yet calculated CVE-2024-22084
cve@mitre.org
N/A — N/A
 
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. 2024-03-20 not yet calculated CVE-2024-22085
cve@mitre.org
N/A — N/A
 
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. 2024-03-21 not yet calculated CVE-2024-22724
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information. 2024-03-20 not yet calculated CVE-2024-23721
cve@mitre.org
cve@mitre.org
N/A — N/A
 
ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. 2024-03-23 not yet calculated CVE-2024-23755
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. 2024-03-21 not yet calculated CVE-2024-24028
cve@mitre.org
N/A — N/A
 
Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php. 2024-03-20 not yet calculated CVE-2024-24050
cve@mitre.org
N/A — N/A
 
SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. 2024-03-21 not yet calculated CVE-2024-24110
cve@mitre.org
N/A — N/A
 
Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command. 2024-03-18 not yet calculated CVE-2024-24230
cve@mitre.org
N/A — N/A
 
An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret. 2024-03-21 not yet calculated CVE-2024-24272
cve@mitre.org
N/A — N/A
 
A multiple Cross-site scripting (XSS) vulnerability in the ‘/members/moremember.pl’, and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the ‘Circulation note’ and ‘Patrons Restriction’ components. 2024-03-19 not yet calculated CVE-2024-24336
cve@mitre.org
N/A — N/A
 
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. 2024-03-21 not yet calculated CVE-2024-24520
cve@mitre.org
cve@mitre.org
N/A — N/A
 
FusionPBX before 5.2.0 does not validate a session. 2024-03-18 not yet calculated CVE-2024-24539
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI. 2024-03-23 not yet calculated CVE-2024-24725
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. 2024-03-21 not yet calculated CVE-2024-25167
cve@mitre.org
N/A — N/A
 
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface. 2024-03-22 not yet calculated CVE-2024-25168
cve@mitre.org
N/A — N/A
 
SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. 2024-03-21 not yet calculated CVE-2024-25239
cve@mitre.org
N/A — N/A
 
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. 2024-03-20 not yet calculated CVE-2024-25294
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file. 2024-03-21 not yet calculated CVE-2024-25359
cve@mitre.org
N/A — N/A
 
Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. 2024-03-18 not yet calculated CVE-2024-25654
cve@mitre.org
N/A — N/A
 
Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP. 2024-03-18 not yet calculated CVE-2024-25655
cve@mitre.org
N/A — N/A
 
Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and, ultimately, affect the entire product. 2024-03-18 not yet calculated CVE-2024-25656
cve@mitre.org
N/A — N/A
 
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. 2024-03-18 not yet calculated CVE-2024-25657
cve@mitre.org
N/A — N/A
 
Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. 2024-03-22 not yet calculated CVE-2024-25807
cve@mitre.org
N/A — N/A
 
Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. 2024-03-22 not yet calculated CVE-2024-25808
cve@mitre.org
N/A — N/A
 
An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. 2024-03-21 not yet calculated CVE-2024-25811
cve@mitre.org
N/A — N/A
 
An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter’s data. 2024-03-19 not yet calculated CVE-2024-26369
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. 2024-03-22 not yet calculated CVE-2024-26557
cve@mitre.org
N/A — N/A
 
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. 2024-03-21 not yet calculated CVE-2024-27626
cve@mitre.org
N/A — N/A
 
An issue in GLPI v.10.0.12 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the title field. 2024-03-15 not yet calculated CVE-2024-27756
cve@mitre.org
N/A — N/A
 
flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product “ceased its development as of February 2024.” 2024-03-18 not yet calculated CVE-2024-27757
cve@mitre.org
N/A — N/A
 
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware. 2024-03-18 not yet calculated CVE-2024-28054
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Time Server 1, Time Server 2, Time Server 3, Target, Add Keyword, Add Domain, and Add Allowed Domain. 2024-03-19 not yet calculated CVE-2024-28092
cve@mitre.org
N/A — N/A
 
There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. 2024-03-19 not yet calculated CVE-2024-28283
cve@mitre.org
N/A — N/A
 
In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash 2024-03-21 not yet calculated CVE-2024-28286
cve@mitre.org
N/A — N/A
 
Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php. 2024-03-19 not yet calculated CVE-2024-28303
cve@mitre.org
cve@mitre.org
N/A — N/A
 
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325 2024-03-15 not yet calculated CVE-2024-28318
cve@mitre.org
N/A — N/A
 
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374 2024-03-15 not yet calculated CVE-2024-28319
cve@mitre.org
N/A — N/A
 
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges. 2024-03-15 not yet calculated CVE-2024-28353
cve@mitre.org
N/A — N/A
 
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges. 2024-03-15 not yet calculated CVE-2024-28354
cve@mitre.org
N/A — N/A
 
SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method. 2024-03-19 not yet calculated CVE-2024-28389
cve@mitre.org
N/A — N/A
 
SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. 2024-03-20 not yet calculated CVE-2024-28392
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. 2024-03-19 not yet calculated CVE-2024-28394
cve@mitre.org
cve@mitre.org
N/A — N/A
 
SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. 2024-03-20 not yet calculated CVE-2024-28395
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. 2024-03-20 not yet calculated CVE-2024-28396
cve@mitre.org
cve@mitre.org
N/A — N/A
 
TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. 2024-03-15 not yet calculated CVE-2024-28401
cve@mitre.org
cve@mitre.org
N/A — N/A
 
TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page. 2024-03-15 not yet calculated CVE-2024-28403
cve@mitre.org
cve@mitre.org
N/A — N/A
 
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. 2024-03-15 not yet calculated CVE-2024-28404
cve@mitre.org
cve@mitre.org
N/A — N/A
 
File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. 2024-03-22 not yet calculated CVE-2024-28441
cve@mitre.org
N/A — N/A
 
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi. 2024-03-19 not yet calculated CVE-2024-28446
cve@mitre.org
N/A — N/A
 
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi. 2024-03-19 not yet calculated CVE-2024-28447
cve@mitre.org
N/A — N/A
 
SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component. 2024-03-21 not yet calculated CVE-2024-28521
cve@mitre.org
N/A — N/A
 
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. 2024-03-18 not yet calculated CVE-2024-28537
cve@mitre.org
N/A — N/A
 
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. 2024-03-18 not yet calculated CVE-2024-28547
cve@mitre.org
N/A — N/A
 
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function. 2024-03-18 not yet calculated CVE-2024-28550
cve@mitre.org
N/A — N/A
 
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. 2024-03-22 not yet calculated CVE-2024-28559
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. 2024-03-22 not yet calculated CVE-2024-28560
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format. 2024-03-20 not yet calculated CVE-2024-28562
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format. 2024-03-20 not yet calculated CVE-2024-28563
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format. 2024-03-20 not yet calculated CVE-2024-28564
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format. 2024-03-20 not yet calculated CVE-2024-28565
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format. 2024-03-20 not yet calculated CVE-2024-28566
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format. 2024-03-20 not yet calculated CVE-2024-28567
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format. 2024-03-20 not yet calculated CVE-2024-28568
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format. 2024-03-20 not yet calculated CVE-2024-28569
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28570
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28571
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28572
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28573
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format. 2024-03-20 not yet calculated CVE-2024-28574
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format. 2024-03-20 not yet calculated CVE-2024-28575
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format. 2024-03-20 not yet calculated CVE-2024-28576
cve@mitre.org
N/A — N/A
 
Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28577
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format. 2024-03-20 not yet calculated CVE-2024-28578
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format. 2024-03-20 not yet calculated CVE-2024-28579
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format. 2024-03-20 not yet calculated CVE-2024-28580
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format. 2024-03-20 not yet calculated CVE-2024-28581
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format. 2024-03-20 not yet calculated CVE-2024-28582
cve@mitre.org
N/A — N/A
 
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format. 2024-03-20 not yet calculated CVE-2024-28583
cve@mitre.org
N/A — N/A
 
Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format. 2024-03-20 not yet calculated CVE-2024-28584
cve@mitre.org
N/A — N/A
 
The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor’s Using_Chat page says “If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text.” This page also says “Chat is due to be removed from standard Moodle.” 2024-03-22 not yet calculated CVE-2024-28593
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php. 2024-03-19 not yet calculated CVE-2024-28595
cve@mitre.org
N/A — N/A
 
Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. 2024-03-21 not yet calculated CVE-2024-28635
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint. 2024-03-19 not yet calculated CVE-2024-28715
cve@mitre.org
N/A — N/A
 
Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter. 2024-03-19 not yet calculated CVE-2024-28734
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function. 2024-03-20 not yet calculated CVE-2024-28735
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. 2024-03-21 not yet calculated CVE-2024-29131
security@apache.org
N/A — N/A
 
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. 2024-03-18 not yet calculated CVE-2024-29151
cve@mitre.org
N/A — N/A
 
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service’s MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information. 2024-03-18 not yet calculated CVE-2024-29156
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. 2024-03-21 not yet calculated CVE-2024-29243
cve@mitre.org
N/A — N/A
 
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi. 2024-03-21 not yet calculated CVE-2024-29244
cve@mitre.org
N/A — N/A
 
Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. 2024-03-22 not yet calculated CVE-2024-29271
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. 2024-03-22 not yet calculated CVE-2024-29272
cve@mitre.org
cve@mitre.org
N/A — N/A
 
There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. 2024-03-22 not yet calculated CVE-2024-29273
cve@mitre.org
N/A — N/A
 
SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. 2024-03-22 not yet calculated CVE-2024-29275
cve@mitre.org
N/A — N/A
 
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2. 2024-03-22 not yet calculated CVE-2024-29338
cve@mitre.org
N/A — N/A
 
A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. 2024-03-22 not yet calculated CVE-2024-29366
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the “GET /?lang=” URL parameter. 2024-03-21 not yet calculated CVE-2024-29374
cve@mitre.org
N/A — N/A
 
DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. 2024-03-22 not yet calculated CVE-2024-29385
cve@mitre.org
cve@mitre.org
N/A — N/A
 
There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. 2024-03-20 not yet calculated CVE-2024-29419
cve@mitre.org
cve@mitre.org
N/A — N/A
 
A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. 2024-03-20 not yet calculated CVE-2024-29469
cve@mitre.org
N/A — N/A
 
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. 2024-03-20 not yet calculated CVE-2024-29470
cve@mitre.org
N/A — N/A
 
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. 2024-03-20 not yet calculated CVE-2024-29471
cve@mitre.org
N/A — N/A
 
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. 2024-03-20 not yet calculated CVE-2024-29472
cve@mitre.org
N/A — N/A
 
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. 2024-03-20 not yet calculated CVE-2024-29473
cve@mitre.org
N/A — N/A
 
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. 2024-03-20 not yet calculated CVE-2024-29474
cve@mitre.org
N/A — N/A
 
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. 2024-03-22 not yet calculated CVE-2024-29499
cve@mitre.org
N/A — N/A
 
In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. 2024-03-21 not yet calculated CVE-2024-29858
cve@mitre.org
N/A — N/A
 
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. 2024-03-21 not yet calculated CVE-2024-29859
cve@mitre.org
N/A — N/A
 
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state. 2024-03-21 not yet calculated CVE-2024-29862
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. 2024-03-21 not yet calculated CVE-2024-29864
cve@mitre.org
cve@mitre.org
N/A — N/A
 
Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. 2024-03-22 not yet calculated CVE-2024-29865
cve@mitre.org
N/A — N/A
 
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. 2024-03-21 not yet calculated CVE-2024-29866
cve@mitre.org
cve@mitre.org
N/A — N/A
 
The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the “Unsaflok” issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series. 2024-03-21 not yet calculated CVE-2024-29916
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A
 
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. 2024-03-22 not yet calculated CVE-2024-29943
security@mozilla.org
security@mozilla.org
N/A — N/A
 
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. 2024-03-22 not yet calculated CVE-2024-29944
security@mozilla.org
security@mozilla.org
security@mozilla.org
a.k.i_software — pmc.exe
 
Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software’s PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser. 2024-03-18 not yet calculated CVE-2023-39223
vultures@jpcert.or.jp
vultures@jpcert.or.jp
a.k.i_software — pmman.exe_(standard_edition)
 
Directory traversal vulnerability exists in A.K.I Software’s PMailServer/PMailServer2 products’ CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot. 2024-03-18 not yet calculated CVE-2023-40747
vultures@jpcert.or.jp
vultures@jpcert.or.jp
a.k.i_software_ — pmc.exe
 
Insufficient verification vulnerability exists in Broadcast Mail CGI (pmc.exe) included in A.K.I Software’s PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server’s execution privilege. 2024-03-18 not yet calculated CVE-2023-39933
vultures@jpcert.or.jp
vultures@jpcert.or.jp
a.k.i_software_ — pmmls.exe
 
Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software’s PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server. 2024-03-18 not yet calculated CVE-2023-40160
vultures@jpcert.or.jp
vultures@jpcert.or.jp
abematv,_inc. — ‘abema’_app_for_android
 
Improper export of Android application components issue exists in ‘ABEMA’ App for Android prior to 10.65.0 allowing another app installed on the user’s device to access an arbitrary URL on ‘ABEMA’ App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack. 2024-03-18 not yet calculated CVE-2024-28745
vultures@jpcert.or.
apache_software_foundation — apache_commons_configuration
 
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. 2024-03-21 not yet calculated CVE-2024-29133
security@apache.org
apache_software_foundation — apache_doris
 
Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue. 2024-03-21 not yet calculated CVE-2024-26307
security@apache.org
apache_software_foundation — apache_doris
 
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue. 2024-03-21 not yet calculated CVE-2024-27438
security@apache.org
apache_software_foundation — apache_hop_engine
 
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the “id”, which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client. 2024-03-19 not yet calculated CVE-2024-24683
security@apache.org
apache_software_foundation — apache_wicket
 
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue. 2024-03-19 not yet calculated CVE-2024-27439
security@apache.org
artica_tech — artica_proxy
 
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the “www-data” user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the “www-data” user. 2024-03-21 not yet calculated CVE-2024-2053
cve@takeonme.org
cve@takeonme.org
artica_tech — artica_proxy
 
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the “www-data” user. 2024-03-21 not yet calculated CVE-2024-2054
cve@takeonme.org
cve@takeonme.org
atlassian — confluence_data_center
 
This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was reported via our Bug Bounty program. 2024-03-19 not yet calculated CVE-2024-21677
security@atlassian.com
security@atlassian.com
autodesk — dwg_trueview
 
A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. 2024-03-18 not yet calculated CVE-2024-23138
psirt@autodesk.com
autodesk — fbx_review
 
An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code “ABC” files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2024-03-18 not yet calculated CVE-2024-23139
psirt@autodesk.com
brother_industries,_ltd — multiple_printers_and_scanners
 
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-03-18 not yet calculated CVE-2024-21824
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
brother_industries,_ltd — multiple_printers_and_scanners
 
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-03-18 not yet calculated CVE-2024-22475
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
cdex_psa — cdex
 
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1. 2024-03-21 not yet calculated CVE-2024-2463
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
cdex_psa — cdex
 
This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1. 2024-03-21 not yet calculated CVE-2024-2464
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
cdex_psa — cdex
 
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. 2024-03-21 not yet calculated CVE-2024-2465
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
claris — filemaker_pro
 
Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS. 2024-03-19 not yet calculated CVE-2023-42920
product-security@apple.com
claris — filemaker_server
 
A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests. 2024-03-21 not yet calculated CVE-2023-42954
product-security@apple.com
david_artiss — code_embed
 
Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6. 2024-03-21 not yet calculated CVE-2023-49837
audit@patchstack.com
fujifilm_business_inovation_corp. — docuprint_p450_d
 
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator’s ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]. 2024-03-18 not yet calculated CVE-2024-27974
vultures@jpcert.or.jp
vultures@jpcert.or.jp
google — chrome
 
Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) 2024-03-20 not yet calculated CVE-2024-2625
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2626
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2627
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2628
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2629
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2630
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google — chrome
 
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) 2024-03-20 not yet calculated CVE-2024-2631
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
gradio-app — gradio-app/gradio
 
To prevent malicious 3rd party websites from making requests to Gradio applications running locally, this PR tightens the CORS rules around Gradio applications. In particular, it checks to see if the host header is localhost (or one of its aliases) and if so, it requires the origin header (if present) to be localhost (or one of its aliases) as well. 2024-03-21 not yet calculated CVE-2024-1727
security@huntr.dev
security@huntr.dev
hp_inc — certain_hp_officejet_pro_printers
 
Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request. 2024-03-22 not yet calculated CVE-2023-4063
hp-security-alert@hp.com
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput() and do_exit() Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero() first. This can race with Task B do_exit() and the final mmput() refcount decrement will come from Task A. Task A | Task B ——————+—————— mmget_not_zero() | | do_exit() | exit_mm() | mmput() mmput() | exit_mmap() | remove_vma() | fput() | In this case, the work of ____fput() from Task B is queued up in Task A as TWA_RESUME. So in theory, Task A returns to userspace and the cleanup work gets executed. However, Task A instead sleep, waiting for a reply from Task B that never comes (it’s dead). This means the binder_deferred_release() is blocked until an unrelated binder event forces Task A to go back to userspace. All the associated death notifications will also be delayed until then. In order to fix this use mmput_async() that will schedule the work in the corresponding mm->async_put_work WQ instead of Task A. 2024-03-18 not yet calculated CVE-2023-52609
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag’s reference is reset in: inet_frag_reasm_prepare skb_morph which is not straightforward. However when frags arrive out of order, nobody unref the last frag, and all frags are leaked. The situation is even worse, as initiating packet capture can lead to a crash[0] when skb has been cloned and shared at the same time. Fix the issue by removing skb_get() before defragmentation. act_ct returns TC_ACT_CONSUMED when defrag failed or in progress. [0]: [ 843.804823] ————[ cut here ]———— [ 843.809659] kernel BUG at net/core/skbuff.c:2091! [ 843.814516] invalid opcode: 0000 [#1] PREEMPT SMP [ 843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2 [ 843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022 [ 843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300 [ 843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b <0f> 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89 [ 843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202 [ 843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820 [ 843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00 [ 843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000 [ 843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880 [ 843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900 [ 843.871680] FS: 0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000 [ 843.876242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0 [ 843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 843.894229] PKRU: 55555554 [ 843.898539] Call Trace: [ 843.902772] <IRQ> [ 843.906922] ? __die_body+0x1e/0x60 [ 843.911032] ? die+0x3c/0x60 [ 843.915037] ? do_trap+0xe2/0x110 [ 843.918911] ? pskb_expand_head+0x2ac/0x300 [ 843.922687] ? do_error_trap+0x65/0x80 [ 843.926342] ? pskb_expand_head+0x2ac/0x300 [ 843.929905] ? exc_invalid_op+0x50/0x60 [ 843.933398] ? pskb_expand_head+0x2ac/0x300 [ 843.936835] ? asm_exc_invalid_op+0x1a/0x20 [ 843.940226] ? pskb_expand_head+0x2ac/0x300 [ 843.943580] inet_frag_reasm_prepare+0xd1/0x240 [ 843.946904] ip_defrag+0x5d4/0x870 [ 843.950132] nf_ct_handle_fragments+0xec/0x130 [nf_conntrack] [ 843.953334] tcf_ct_act+0x252/0xd90 [act_ct] [ 843.956473] ? tcf_mirred_act+0x516/0x5a0 [act_mirred] [ 843.959657] tcf_action_exec+0xa1/0x160 [ 843.962823] fl_classify+0x1db/0x1f0 [cls_flower] [ 843.966010] ? skb_clone+0x53/0xc0 [ 843.969173] tcf_classify+0x24d/0x420 [ 843.972333] tc_run+0x8f/0xf0 [ 843.975465] __netif_receive_skb_core+0x67a/0x1080 [ 843.978634] ? dev_gro_receive+0x249/0x730 [ 843.981759] __netif_receive_skb_list_core+0x12d/0x260 [ 843.984869] netif_receive_skb_list_internal+0x1cb/0x2f0 [ 843.987957] ? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core] [ 843.991170] napi_complete_done+0x72/0x1a0 [ 843.994305] mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core] [ 843.997501] __napi_poll+0x25/0x1b0 [ 844.000627] net_rx_action+0x256/0x330 [ 844.003705] __do_softirq+0xb3/0x29b [ 844.006718] irq_exit_rcu+0x9e/0xc0 [ 844.009672] common_interrupt+0x86/0xa0 [ 844.012537] </IRQ> [ 844.015285] <TASK> [ 844.017937] asm_common_interrupt+0x26/0x40 [ 844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20 [ 844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb —truncated— 2024-03-18 not yet calculated CVE-2023-52610
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comes with an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetooth combo card. The error he observed is identical to what has been fixed in commit e967229ead0e (“wifi: rtw88: sdio: Check the HISR RX_REQUEST bit in rtw_sdio_rx_isr()”) but that commit didn’t fix Lukas’ problem. Lukas found that disabling or limiting RX aggregation works around the problem for some time (but does not fully fix it). In the following discussion a few key topics have been discussed which have an impact on this problem: – The Amlogic A311D (G12B) SoC has a hardware bug in the SDIO controller which prevents DMA transfers. Instead all transfers need to go through the controller SRAM which limits transfers to 1536 bytes – rtw88 chips don’t split incoming (RX) packets, so if a big packet is received this is forwarded to the host in it’s original form – rtw88 chips can do RX aggregation, meaning more multiple incoming packets can be pulled by the host from the card with one MMC/SDIO transfer. This Depends on settings in the REG_RXDMA_AGG_PG_TH register (BIT_RXDMA_AGG_PG_TH limits the number of packets that will be aggregated, BIT_DMA_AGG_TO_V1 configures a timeout for aggregation and BIT_EN_PRE_CALC makes the chip honor the limits more effectively) Use multiple consecutive reads in rtw_sdio_read_port() and limit the number of bytes which are copied by the host from the card in one MMC/SDIO transfer. This allows receiving a buffer that’s larger than the hosts max_req_size (number of bytes which can be transferred in one MMC/SDIO transfer). As a result of this the skb_over_panic error is gone as the rtw88 driver is now able to receive more than 1536 bytes from the card (either because the incoming packet is larger than that or because multiple packets have been aggregated). In case of an receive errors (-EILSEQ has been observed by Lukas) we need to drain the remaining data from the card’s buffer, otherwise the card will return corrupt data for the next rtw_sdio_read_port() call. 2024-03-18 not yet calculated CVE-2023-52611
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: crypto: scomp – fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem. 2024-03-18 not yet calculated CVE-2023-52612
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment PTR_ERR() returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison. Otherwise, tz->type is NULL when thermal-zones is undefined, resulting in the following error: [ 12.290030] CPU 1 Unable to handle kernel paging request at virtual address fffffffffffffff1, era == 900000000355f410, ra == 90000000031579b8 [ 12.302877] Oops[#1]: [ 12.305190] CPU: 1 PID: 181 Comm: systemd-udevd Not tainted 6.6.0-rc7+ #5385 [ 12.312304] pc 900000000355f410 ra 90000000031579b8 tp 90000001069e8000 sp 90000001069eba10 [ 12.320739] a0 0000000000000000 a1 fffffffffffffff1 a2 0000000000000014 a3 0000000000000001 [ 12.329173] a4 90000001069eb990 a5 0000000000000001 a6 0000000000001001 a7 900000010003431c [ 12.337606] t0 fffffffffffffff1 t1 54567fd5da9b4fd4 t2 900000010614ec40 t3 00000000000dc901 [ 12.346041] t4 0000000000000000 t5 0000000000000004 t6 900000010614ee20 t7 900000000d00b790 [ 12.354472] t8 00000000000dc901 u0 54567fd5da9b4fd4 s9 900000000402ae10 s0 900000010614ec40 [ 12.362916] s1 90000000039fced0 s2 ffffffffffffffed s3 ffffffffffffffed s4 9000000003acc000 [ 12.362931] s5 0000000000000004 s6 fffffffffffff000 s7 0000000000000490 s8 90000001028b2ec8 [ 12.362938] ra: 90000000031579b8 thermal_add_hwmon_sysfs+0x258/0x300 [ 12.386411] ERA: 900000000355f410 strscpy+0xf0/0x160 [ 12.391626] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 12.397898] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 12.403678] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 12.409859] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 12.415882] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 12.415907] BADV: fffffffffffffff1 [ 12.415911] PRID: 0014a000 (Loongson-64bit, Loongson-2K1000) [ 12.415917] Modules linked in: loongson2_thermal(+) vfat fat uio_pdrv_genirq uio fuse zram zsmalloc [ 12.415950] Process systemd-udevd (pid: 181, threadinfo=00000000358b9718, task=00000000ace72fe3) [ 12.415961] Stack : 0000000000000dc0 54567fd5da9b4fd4 900000000402ae10 9000000002df9358 [ 12.415982] ffffffffffffffed 0000000000000004 9000000107a10aa8 90000001002a3410 [ 12.415999] ffffffffffffffed ffffffffffffffed 9000000107a11268 9000000003157ab0 [ 12.416016] 9000000107a10aa8 ffffff80020fc0c8 90000001002a3410 ffffffffffffffed [ 12.416032] 0000000000000024 ffffff80020cc1e8 900000000402b2a0 9000000003acc000 [ 12.416048] 90000001002a3410 0000000000000000 ffffff80020f4030 90000001002a3410 [ 12.416065] 0000000000000000 9000000002df6808 90000001002a3410 0000000000000000 [ 12.416081] ffffff80020f4030 0000000000000000 90000001002a3410 9000000002df2ba8 [ 12.416097] 00000000000000b4 90000001002a34f4 90000001002a3410 0000000000000002 [ 12.416114] ffffff80020f4030 fffffffffffffff0 90000001002a3410 9000000002df2f30 [ 12.416131] … [ 12.416138] Call Trace: [ 12.416142] [<900000000355f410>] strscpy+0xf0/0x160 [ 12.416167] [<90000000031579b8>] thermal_add_hwmon_sysfs+0x258/0x300 [ 12.416183] [<9000000003157ab0>] devm_thermal_add_hwmon_sysfs+0x50/0xe0 [ 12.416200] [<ffffff80020cc1e8>] loongson2_thermal_probe+0x128/0x200 [loongson2_thermal] [ 12.416232] [<9000000002df6808>] platform_probe+0x68/0x140 [ 12.416249] [<9000000002df2ba8>] really_probe+0xc8/0x3c0 [ 12.416269] [<9000000002df2f30>] __driver_probe_device+0x90/0x180 [ 12.416286] [<9000000002df3058>] driver_probe_device+0x38/0x160 [ 12.416302] [<9000000002df33a8>] __driver_attach+0xa8/0x200 [ 12.416314] [<9000000002deffec>] bus_for_each_dev+0x8c/0x120 [ 12.416330] [<9000000002df198c>] bus_add_driver+0x10c/0x2a0 [ 12.416346] [<9000000002df46b4>] driver_register+0x74/0x160 [ 12.416358] [<90000000022201a4>] do_one_initcall+0x84/0x220 [ 12.416372] [<90000000022f3ab8>] do_init_module+0x58/0x2c0 [ —truncated— 2024-03-18 not yet calculated CVE-2023-52613
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don’t have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error. 2024-03-18 not yet calculated CVE-2023-52614
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: hwrng: core – Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks. Fix this by using a stack buffer when calling copy_to_user. 2024-03-18 not yet calculated CVE-2023-52615
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi – Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this issue was ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will be triggered when calculating the Za value for SM2 separately. 2024-03-18 not yet calculated CVE-2023-52616
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove(). Otherwise the last ref would vanish with the trailing put_device(), just before return. At that later point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev pointer. Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent future accidents. Reproducible via the script at https://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com 2024-03-18 not yet calculated CVE-2023-52617
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since “dev_search_path” can technically be as large as PATH_MAX, there was a risk of truncation when copying it and a second string into “full_path” since it was also PATH_MAX sized. The W=1 builds were reporting this warning: drivers/block/rnbd/rnbd-srv.c: In function ‘process_msg_open.isra’: drivers/block/rnbd/rnbd-srv.c:616:51: warning: ‘%s’ directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] 616 | snprintf(full_path, PATH_MAX, “%s/%s”, | ^~ In function ‘rnbd_srv_get_full_path’, inlined from ‘process_msg_open.isra’ at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: ‘snprintf’ output between 2 and 4351 bytes into a destination of size 4096 616 | snprintf(full_path, PATH_MAX, “%s/%s”, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 617 | dev_search_path, dev_name); | ~~~~~~~~~~~~~~~~~~~~~~~~~~ To fix this, unconditionally check for truncation (as was already done for the case where “%SESSNAME%” was present). 2024-03-18 not yet calculated CVE-2023-52618
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 = BASE addr of zone1 = BASE + zone_size addr of zone2 = BASE + zone_size*2 … The address of zone1/3/5/7 will be mapped to non-alignment va. Eventually crashes will occur when accessing these va. So, use ALIGN_DOWN() to make sure the zone size is even to avoid this bug. 2024-03-18 not yet calculated CVE-2023-52619
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. 2024-03-21 not yet calculated CVE-2023-52620
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with mutex_lock() and mutex_unlock() accordingly as these functions should only be called with mc_lock per their declarations. [1] BUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work write to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0: mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline] ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725 addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949 addrconf_notify+0x310/0x980 notifier_call_chain kernel/notifier.c:93 [inline] raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461 __dev_notify_flags+0x205/0x3d0 dev_change_flags+0xab/0xd0 net/core/dev.c:8685 do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916 rtnl_group_changelink net/core/rtnetlink.c:3458 [inline] __rtnl_newlink net/core/rtnetlink.c:3717 [inline] rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754 rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910 … write to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1: mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700 worker_thread+0x525/0x730 kernel/workqueue.c:2781 … 2024-03-18 not yet calculated CVE-2024-26631
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bio_for_each_folio_all If the bio contains no data, bio_first_folio() calls page_folio() on a NULL pointer and oopses. Move the test that we’ve reached the end of the bio from bio_next_folio() to bio_first_folio(). [axboe: add unlikely() to error case] 2024-03-18 not yet calculated CVE-2024-26632
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms —truncated— 2024-03-18 not yet calculated CVE-2024-26633
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of init_net get “refunded” to init_net when that namespace disappears. The main interface name may get overwritten in the process if it would have conflicted. We need to also discard all conflicting altnames. Recent fixes addressed ensuring that altnames get moved with the main interface, which surfaced this problem. 2024-03-18 not yet calculated CVE-2024-26634
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ‘)’, “90e5dd”}}}}, 0x16) llc_conn_handler() initialises local variables {saddr,daddr}.mac based on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes them to __llc_lookup(). However, the initialisation is done only when skb->protocol is htons(ETH_P_802_2), otherwise, __llc_lookup_established() and __llc_lookup_listener() will read garbage. The missing initialisation existed prior to commit 211ed865108e (“net: delete all instances of special processing for token ring”). It removed the part to kick out the token ring stuff but forgot to close the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv(). Let’s remove llc_tr_packet_type and complete the deprecation. [0]: BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90 __llc_lookup_established+0xe9d/0xf90 __llc_lookup net/llc/llc_conn.c:611 [inline] llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 __netif_receive_skb_one_core net/core/dev.c:5527 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641 netif_receive_skb_internal net/core/dev.c:5727 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5786 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x1490 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Local variable daddr created at: llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 2024-03-18 not yet calculated CVE-2024-26635
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others, llc_ui_sendmsg() releases the socket lock before calling sock_alloc_send_skb(). Then it acquires it again, but does not redo all the sanity checks that were performed. This fix: – Uses LL_RESERVED_SPACE() to reserve space. – Check all conditions again after socket lock is held again. – Do not account Ethernet header for mtu limitation. [1] skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0 kernel BUG at net/core/skbuff.c:193 ! Internal error: Oops – BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : skb_panic net/core/skbuff.c:189 [inline] pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 lr : skb_panic net/core/skbuff.c:189 [inline] lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 sp : ffff800096f97000 x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000 x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2 x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0 x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001 x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400 x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089 Call trace: skb_panic net/core/skbuff.c:189 [inline] skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 skb_push+0xf0/0x108 net/core/skbuff.c:2451 eth_header+0x44/0x1f8 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3188 [inline] llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33 llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209 llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270 llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x194/0x274 net/socket.c:767 splice_to_socket+0x7cc/0xd58 fs/splice.c:881 do_splice_from fs/splice.c:933 [inline] direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142 splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088 do_splice_direct+0x20c/0x348 fs/splice.c:1194 do_sendfile+0x4bc/0xc70 fs/read_write.c:1254 __do_sys_sendfile64 fs/read_write.c:1322 [inline] __se_sys_sendfile64 fs/read_write.c:1308 [inline] __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000) 2024-03-18 not yet calculated CVE-2024-26636
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing a ath11k to crash when it tried to delete the entries later. Fix this by relying on mac80211 to delete the entries when appropriate and adding them from the vif_add_debugfs handler. 2024-03-18 not yet calculated CVE-2024-26637
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we should always make sure their values is zero by default. [1] BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x12b/0x1e0 net/socket.c:1066 __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700 worker_thread+0xf45/0x1490 kernel/workqueue.c:2781 kthread+0x3ed/0x540 kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Local variable msg created at: __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863 CPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: nbd5-recv recv_work 2024-03-18 not yet calculated CVE-2024-26638
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: mm, kmsan: fix infinite recursion due to RCU critical section Alexander Potapenko writes in [1]: “For every memory access in the code instrumented by KMSAN we call kmsan_get_metadata() to obtain the metadata for the memory being accessed. For virtual memory the metadata pointers are stored in the corresponding `struct page`, therefore we need to call virt_to_page() to get them. According to the comment in arch/x86/include/asm/page.h, virt_to_page(kaddr) returns a valid pointer iff virt_addr_valid(kaddr) is true, so KMSAN needs to call virt_addr_valid() as well. To avoid recursion, kmsan_get_metadata() must not call instrumented code, therefore ./arch/x86/include/asm/kmsan.h forks parts of arch/x86/mm/physaddr.c to check whether a virtual address is valid or not. But the introduction of rcu_read_lock() to pfn_valid() added instrumented RCU API calls to virt_to_page_or_null(), which is called by kmsan_get_metadata(), so there is an infinite recursion now. I do not think it is correct to stop that recursion by doing kmsan_enter_runtime()/kmsan_exit_runtime() in kmsan_get_metadata(): that would prevent instrumented functions called from within the runtime from tracking the shadow values, which might introduce false positives.” Fix the issue by switching pfn_valid() to the _sched() variant of rcu_read_lock/unlock(), which does not require calling into RCU. Given the critical section in pfn_valid() is very small, this is a reasonable trade-off (with preemptible RCU). KMSAN further needs to be careful to suppress calls into the scheduler, which would be another source of recursion. This can be done by wrapping the call to pfn_valid() into preempt_disable/enable_no_resched(). The downside is that this sacrifices breaking scheduling guarantees; however, a kernel compiled with KMSAN has already given up any performance guarantees due to being heavily instrumented. Note, KMSAN code already disables tracing via Makefile, and since mmzone.h is included, it is not necessary to use the notrace variant, which is generally preferred in all other cases. 2024-03-18 not yet calculated CVE-2024-26639
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: – Page must not be a compound one. – page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)=’./file0x00′, 0x181e42, 0x0) fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)=’./file0x00′, 0x181e42, 0x0) 2024-03-18 not yet calculated CVE-2024-26640
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 2024-03-18 not yet calculated CVE-2024-26641
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. 2024-03-21 not yet calculated CVE-2024-26642
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux — linux
 
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 (“netfilter: nf_tables: use timestamp to check for set element timeout”). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f (“netfilter: nf_tables: mark newset as dead on transaction abort”), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too. 2024-03-21 not yet calculated CVE-2024-26643
416baaa9-dc9f-4396-8d5f-8c081fb06d67
mikrotik — routeros-tftp
 
Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources. 2024-03-19 not yet calculated CVE-2024-2169
cret@cert.org
cret@cert.org
mozilla — firefox
 
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2023-5388
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2605
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. 2024-03-19 not yet calculated CVE-2024-2606
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2607
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2608
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
The permission prompt input delay could have expired while the window is not in focus, which made the prompt vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124. 2024-03-19 not yet calculated CVE-2024-2609
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2610
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2611
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2612
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. 2024-03-19 not yet calculated CVE-2024-2613
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2614
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124. 2024-03-19 not yet calculated CVE-2024-2615
security@mozilla.org
security@mozilla.org
mozilla — firefox
 
To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2616
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
node.js — node.js
 
setuid() does not affect libuv’s internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21. 2024-03-19 not yet calculated CVE-2024-22017
support@hackerone.com
node.js — node.js
 
A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration. 2024-03-19 not yet calculated CVE-2024-22025
support@hackerone.com
paddlepaddle — paddlepaddle/paddle
 
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. 2024-03-23 not yet calculated CVE-2024-1603
security@huntr.dev
unclebob — fitnesse
 
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters. 2024-03-18 not yet calculated CVE-2024-23604
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
unclebob — fitnesse
 
Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition. 2024-03-18 not yet calculated CVE-2024-28039
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
unclebob — fitnesse
 
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. 2024-03-18 not yet calculated CVE-2024-28125
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
unclebob — fitnesse
 
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter. 2024-03-18 not yet calculated CVE-2024-28128
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
unknown — advanced_social_feeds_widget_&_shortcode
 
The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-03-18 not yet calculated CVE-2024-0951
contact@wpscan.com
unknown — appointment_booking_calendar
 
The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. 2024-03-20 not yet calculated CVE-2024-0856
contact@wpscan.com
unknown — backup_bolt
 
The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. 2024-03-18 not yet calculated CVE-2023-7236
contact@wpscan.com
unknown — buttons_shortcode_and_widget
 
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2024-03-18 not yet calculated CVE-2024-0711
contact@wpscan.com
unknown — enjoy_social_feed_plugin_for_wordpress_website
 
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example 2024-03-18 not yet calculated CVE-2024-0779
contact@wpscan.com
unknown — enjoy_social_feed_plugin_for_wordpress_website
 
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action 2024-03-18 not yet calculated CVE-2024-0780
contact@wpscan.com
unknown — error_log_viewer_by_bestwebsoft
 
The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization 2024-03-18 not yet calculated CVE-2023-6821
contact@wpscan.com
unknown — fancy_product_designer
 
The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. 2024-03-18 not yet calculated CVE-2024-0365
contact@wpscan.com
unknown — grid_shortcodes
 
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-03-18 not yet calculated CVE-2024-1658
contact@wpscan.com
unknown — innovs_hr
 
The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. 2024-03-18 not yet calculated CVE-2024-0858
contact@wpscan.com
unknown — jobs_for_wordpress
 
The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks 2024-03-18 not yet calculated CVE-2024-0820
contact@wpscan.com
unknown — profile_box_shortcode_and_widget
 
The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-03-19 not yet calculated CVE-2024-1401
contact@wpscan.com
unknown — responsive_pricing_table
 
The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks 2024-03-18 not yet calculated CVE-2024-1333
contact@wpscan.com
unknown — scalable_vector_graphics_(svg)
 
The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 2024-03-18 not yet calculated CVE-2023-7085
contact@wpscan.com
unknown — simple_ajax_chat_
 
The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. 2024-03-20 not yet calculated CVE-2024-1983
contact@wpscan.com
unknown — system_dashboard
 
The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks 2024-03-20 not yet calculated CVE-2023-7246
contact@wpscan.com
unknown — tabs_shortcode_and_widget
 
The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-03-18 not yet calculated CVE-2024-0719
contact@wpscan.com
unknown — team_members
 
The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. 2024-03-18 not yet calculated CVE-2024-1331
contact@wpscan.com
unknown — travelpayouts:_all_travel_brands_in_one_place
 
The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. 2024-03-20 not yet calculated CVE-2024-0337
contact@wpscan.com
unknown — widget_for_social_page_feeds
 
The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-03-18 not yet calculated CVE-2024-0973
contact@wpscan.com
xen — xen
 
PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context setup, but failure to setup the context is not fatal when the device is assigned. Not failing device assignment when such failure happens can lead to the primary device being assigned to a guest, while some of the phantom functions are assigned to a different domain. 2024-03-20 not yet calculated CVE-2023-46839
security@xen.org
xen — xen
 
Incorrect placement of a preprocessor directive in source code results in logic that doesn’t operate as intended when support for HVM guests is compiled out of Xen. 2024-03-20 not yet calculated CVE-2023-46840
security@xen.org
xen — xen
 
Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called “shadow stacks”, holding little more than return addresses. Shadow stacks aren’t writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn’t right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing. 2024-03-20 not yet calculated CVE-2023-46841
security@xen.org
security@xen.org

Back to top

Posted by

in