Vulnerability Summary for the Week of February 12, 2024

Released
Feb 20, 2024
Document ID
SB24-051

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
9bis -- kittyKiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.2024-02-097.8CVE-2024-23749
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
9bis -- kittyKiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.2024-02-097.8CVE-2024-25003
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
9bis -- kittyKiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.2024-02-097.8CVE-2024-25004
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20726
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20727
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20728
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20729
psirt@adobe.com
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20730
psirt@adobe.com
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20731
psirt@adobe.com
psirt@adobe.com
adobe -- adobe_framemaker
 
Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction.2024-02-159.8CVE-2024-20738
psirt@adobe.com
adobe -- audition
 
Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20739
psirt@adobe.com
adobe -- commerceAdobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.2024-02-159.1CVE-2024-20719
psirt@adobe.com
adobe -- commerceAdobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.2024-02-159.1CVE-2024-20720
psirt@adobe.com
adobe -- substance3d_-_designer
 
Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20750
psirt@adobe.com
adobe -- substance_3d_painterSubstance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20723
psirt@adobe.com
adobe -- substance_3d_painterSubstance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20740
psirt@adobe.com
adobe -- substance_3d_painterSubstance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20741
psirt@adobe.com
adobe -- substance_3d_painterSubstance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20742
psirt@adobe.com
adobe -- substance_3d_painterSubstance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20743
psirt@adobe.com
adobe -- substance_3d_painterSubstance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-157.8CVE-2024-20744
psirt@adobe.com
alayacare -- procura_portal
 
Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.2024-02-168.6CVE-2023-6451
vdp@themissinglink.com.au
alfio-event -- alf.io
 
Alf.io is a free and open-source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-167.6CVE-2024-25628
security-advisories@github.com
angular -- angularThis affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).2024-02-107.5CVE-2024-21490
report@snyk.io
report@snyk.io
apache -- solrImproper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.2024-02-098.8CVE-2023-50386
security@apache.org
security@apache.org
apache -- solrInsufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'2024-02-097.5CVE-2023-50291
security@apache.org
security@apache.org
apache -- solrIncorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue.2024-02-097.5CVE-2023-50292
security@apache.org
security@apache.org
apache -- solrExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.2024-02-097.5CVE-2023-50298
security@apache.org
security@apache.org
security@apache.org
azure -- azure-uamqp_c
 
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.2024-02-129.8CVE-2024-25110
security-advisories@github.com
security-advisories@github.com
boostmyshop -- boostmyshopSQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.2024-02-099.8CVE-2024-24308
cve@mitre.org
code-projects -- cinema_seat_reservation_systemCode-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."2024-02-099.8CVE-2024-25307
cve@mitre.org
code-projects -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."2024-02-098.8CVE-2024-25304
cve@mitre.org
code-projects -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.2024-02-098.8CVE-2024-25305
cve@mitre.org
code-projects -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".2024-02-098.8CVE-2024-25306
cve@mitre.org
code-projects -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.2024-02-098.8CVE-2024-25308
cve@mitre.org
code-projects -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.2024-02-098.8CVE-2024-25309
cve@mitre.org
code-projects -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."2024-02-098.8CVE-2024-25310
cve@mitre.org
code-projects -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."2024-02-098.8CVE-2024-25312
cve@mitre.org
code-projects -- simple_school_management_systemCode-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.2024-02-098.8CVE-2024-25313
cve@mitre.org
comarch -- erp_xl
 
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2.2024-02-157.4CVE-2023-4537
cvd@cert.pl
cvd@cert.pl
comarch -- erp_xl
 
Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. This issue affects ERP XL: from 2020.2.2 through 2023.2.2024-02-157.5CVE-2023-4539
cvd@cert.pl
cvd@cert.pl
contiki-ng -- contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An attacker can trigger out-of-bounds reads in the RPL-Lite implementation of the RPL protocol in the Contiki-NG operating system. This vulnerability is caused by insufficient control of the lengths for DIO and DAO messages, in particular when they contain RPL sub-option headers. The problem has been patched in Contiki-NG 4.9. Users are advised to upgrade. Users unable to upgrade should manually apply the code changes in PR #2484.2024-02-148.6CVE-2023-50927
security-advisories@github.com
security-advisories@github.com
contiki-ng -- contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the `read_frame` function in the `arch/cpu/nrf/net/nrf-ieee-driver-arch.c` module. More specifically, the `read_frame` function performs an incomplete validation of the payload length of the packet, which is a value that can be set by an external party that sends radio packets to a Contiki-NG system. Although the value is validated to be in the range of the MTU length, it is not validated to fit into the given buffer into which the packet will be copied. The problem has been patched in the "develop" branch of Contiki-NG and is expected to be included in subsequent releases. Users are advised to update their develop branch or to update to a subsequent release when available. Users unable to upgrade should consider manually applying the changes in PR #2741.2024-02-147CVE-2023-48229
security-advisories@github.com
security-advisories@github.com
contiki-ng -- contiki-ng
 
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message contains a field that specifies the length of an IPv6 address prefix. The value of this field is not validated, which means that an attacker can set a value that is longer than the maximum prefix length. Subsequently, a memcmp function call that compares different prefixes can be called with a length argument that surpasses the boundary of the array allocated for the prefix, causing an out-of-bounds read. The problem has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. Users are advised to update as soon as they are able to or to manually apply the changes in Contiki-NG pull request #2721.2024-02-147.5CVE-2023-50926
security-advisories@github.com
security-advisories@github.com
dell -- dell_smartfabric_os10
 
Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.2024-02-159.1CVE-2023-28078
security_alert@emc.com
dell -- dell_smartfabric_os10
 
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.2024-02-159.8CVE-2023-32462
security_alert@emc.com
dell -- enterprise_sonic_os
 
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.2024-02-159.8CVE-2023-32484
security_alert@emc.com
dell -- esi_(enterprise_storage_integrator)_for_sap_lama
 
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. A remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.2024-02-159.8CVE-2023-39245
security_alert@emc.com
dell -- esi_(enterprise_storage_integrator)_for_sap_lama
 
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an improper access control vulnerability in EHAC component. A remote unauthenticated attacker could potentially exploit this vulnerability to gain unrestricted access to the SOAP APIs.2024-02-157.3CVE-2023-39244
security_alert@emc.com
dell -- powerprotect_data_manager
 
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change2024-02-138.8CVE-2024-22454
security_alert@emc.com
dell -- powerprotect_data_manager
 
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.2024-02-137.2CVE-2024-22445
security_alert@emc.com
dell -- recoverpoint_for_vms
 
Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.2024-02-167.2CVE-2024-22426
security_alert@emc.com
dell -- supportassist_client_consumer
 
Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 20232024-02-147.2CVE-2023-25535
security_alert@emc.com
dell -- supportassist_for_home_pcs
 
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.2024-02-147.8CVE-2023-44283
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.2024-02-127.8CVE-2024-0164
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.2024-02-127.8CVE-2024-0165
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.2024-02-127.8CVE-2024-0166
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.2024-02-127.8CVE-2024-0167
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.2024-02-127.8CVE-2024-0168
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.2024-02-127.8CVE-2024-0170
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.2024-02-127.8CVE-2024-22222
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.2024-02-127.8CVE-2024-22223
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.2024-02-127.8CVE-2024-22224
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.2024-02-127.8CVE-2024-22225
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.2024-02-127.8CVE-2024-22227
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.2024-02-127.8CVE-2024-22228
security_alert@emc.com
diracgrid -- diracDIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-24825
security-advisories@github.com
security-advisories@github.com
ebm_technologies -- risweb
 
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.2024-02-159.8CVE-2024-26264
twcert@cert.org.tw
ebm_technologies -- uniweb/solipacs_webserver
 
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator.2024-02-158.8CVE-2024-26262
twcert@cert.org.tw
ec-web -- fs-ezviewer(web)
 
EC-WEB FS-EZViewer (Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator.2024-02-158.8CVE-2024-1523
twcert@cert.org.tw
emerson -- gc370xa_firmwareIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.2024-02-099.1CVE-2023-43609
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
emerson -- gc370xa_firmwareIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.2024-02-099.8CVE-2023-46687
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
emerson -- gc370xa_firmwareIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.2024-02-099.8CVE-2023-49716
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
emerson -- gc370xa_firmwareIn Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.2024-02-098.1CVE-2023-51761
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
enlightenment -- imlib2An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-098.8CVE-2024-25447
cve@mitre.org
cve@mitre.org
enlightenment -- imlib2An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-098.8CVE-2024-25448
cve@mitre.org
cve@mitre.org
enlightenment -- imlib2imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().2024-02-098.8CVE-2024-25450
cve@mitre.org
cve@mitre.org
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23322
security-advisories@github.com
security-advisories@github.com
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23324
security-advisories@github.com
security-advisories@github.com
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn't supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23325
security-advisories@github.com
security-advisories@github.com
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-097.5CVE-2024-23327
security-advisories@github.com
security-advisories@github.com
eset_spol_s_r.o. -- eset_nod32_antivirus
 
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET's file operations to delete files without having proper permission.2024-02-157.8CVE-2024-0353
security@eset.com
f5 -- big-ip
 
When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-148.7CVE-2024-22093
f5sirt@f5.com
f5 -- big-ip
 
When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-21763
f5sirt@f5.com
f5 -- big-ip
 
For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-21771
f5sirt@f5.com
f5 -- big-ip
 
When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-21789
f5sirt@f5.com
f5 -- big-ip
 
When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-02-147.5CVE-2024-21849
f5sirt@f5.com
f5 -- big-ip
 
When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.2CVE-2024-22389
f5sirt@f5.com
f5 -- big-ip
 
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns." Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-23308
f5sirt@f5.com
f5 -- big-ip
 
When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-23314
f5sirt@f5.com
f5 -- big-ip
 
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-23805
f5sirt@f5.com
f5 -- big-ip
 
When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-23979
f5sirt@f5.com
f5 -- big-ip
 
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-23982
f5sirt@f5.com
f5 -- nginx_plus
 
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-24989
f5sirt@f5.com
f5 -- nginx_plus
 
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-24990
f5sirt@f5.com
filseclab -- twister_antivirus
 
Twister Antivirus v8.17 allows Elevation of Privileges on the computer where it's installed by triggering the 0x80112067, 0x801120CB and 0x801120CC IOCTL codes of the fildds.sys driver.2024-02-137.8CVE-2024-1096
help@fluidattacks.com
help@fluidattacks.com
flusity -- flusityflusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.2024-02-118.8CVE-2024-25417
cve@mitre.org
flusity -- flusityflusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.2024-02-118.8CVE-2024-25418
cve@mitre.org
flusity -- flusityflusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.2024-02-118.8CVE-2024-25419
cve@mitre.org
fortinet -- forticlientems
 
An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows a Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.2024-02-158.8CVE-2023-45581
psirt@fortinet.com
fortinet -- fortiproxyA out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests2024-02-099.8CVE-2024-21762
psirt@fortinet.com
fortinet -- fortiswitchmanager
 
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.2024-02-159.8CVE-2024-23113
psirt@fortinet.com
g5theme -- ere_recently_viewed_essential_real_estate_add-on
 
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed - Essential Real Estate Add-On. This issue affects ERE Recently Viewed - Essential Real Estate Add-On: from n/a through 1.3.2024-02-129.8CVE-2024-24797
audit@patchstack.com
gambio -- gambioDeserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.2024-02-129.8CVE-2024-23759
cve@mitre.org
gambio -- gambioServer Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.2024-02-129.8CVE-2024-23761
cve@mitre.org
gambio -- gambioSQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.2024-02-129.8CVE-2024-23763
cve@mitre.org
gambio -- gambioUnrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.2024-02-127.8CVE-2024-23762
cve@mitre.org
getcomposer -- composerComposer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh rm vendor/composer/installed.php vendor/composer/InstalledVersions.php composer install --no-scripts --no-plugins ```2024-02-097.8CVE-2024-24821
security-advisories@github.com
security-advisories@github.com
github -- enterprise_server
 
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.2024-02-139.1CVE-2024-1355
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_server
 
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com.2024-02-139.1CVE-2024-1359
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_server
 
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collected configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com.2024-02-139.1CVE-2024-1369
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_server
 
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com.2024-02-139.1CVE-2024-1372
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_server
 
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com.2024-02-139.1CVE-2024-1374
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_server
 
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com.2024-02-139.1CVE-2024-1378
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_server
 
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.2024-02-138CVE-2024-1354
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_server
 
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.2024-02-147.1CVE-2024-1482
product-cna@github.com
product-cna@github.com
product-cna@github.com
grafana -- grafana_son_datasource
 
The JSON data source plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path. This means that if the data source was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the data source which issues queries containing path traversal characters, which would in turn cause the data source to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) https://example.com/api/admin_api/) . In the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability.2024-02-148CVE-2023-5123
security@grafana.com
hcltech -- sametimeSametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.2024-02-098.8CVE-2023-50349
psirt@hcl.com
hgiga -- oaklouds
 
The functionality for synchronization in HGiga OAKlouds' certain modules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.2024-02-159.8CVE-2024-26260
twcert@cert.org.tw
hgiga -- oaklouds
 
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.2024-02-159.8CVE-2024-26261
twcert@cert.org.tw
hima -- f30_03x_yy_(com)
 
An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port. 2024-02-137.5CVE-2024-24781
info@cert.vde.com
hotel_management_system_project -- hotel_management_systemCode-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.2024-02-099.8CVE-2024-25314
cve@mitre.org
hotel_management_system_project -- hotel_management_systemCode-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.2024-02-099.8CVE-2024-25315
cve@mitre.org
hotel_management_system_project -- hotel_management_systemCode-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.2024-02-099.8CVE-2024-25316
cve@mitre.org
hotel_management_system_project -- hotel_management_systemCode-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.2024-02-098.8CVE-2024-25318
cve@mitre.org
hugin_project -- huginAn issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-097.8CVE-2024-25442
cve@mitre.org
cve@mitre.org
hugin_project -- huginAn issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.2024-02-097.8CVE-2024-25443
cve@mitre.org
cve@mitre.org
hugin_project -- huginImproper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.2024-02-097.8CVE-2024-25445
cve@mitre.org
cve@mitre.org
hugin_project -- huginAn issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.2024-02-097.8CVE-2024-25446
cve@mitre.org
cve@mitre.org
ibm -- engineering_lifecycle_optimizationIBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.2024-02-098.8CVE-2023-45187
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- engineering_lifecycle_optimizationIBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.2024-02-097.5CVE-2023-45191
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- semeru_runtimeIBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.2024-02-107.5CVE-2024-22361
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_defender_resiliency_serviceIBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.2024-02-107.2CVE-2023-50957
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_defender_resiliency_serviceIBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.2024-02-107.8CVE-2024-22313
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_scale_container_native_storage_access
 
IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.7.0 could allow a local attacker to initiate connections from a container outside the current namespace. IBM X-Force ID: 237811.2024-02-177.1CVE-2022-41737
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_scale_container_native_storage_access
 
IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812.2024-02-177.5CVE-2022-41738
psirt@us.ibm.com
psirt@us.ibm.com
icinga -- icingaIcinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.2024-02-098.3CVE-2024-24820
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
icinga -- icingaweb2-module-incubatoricingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-098.8CVE-2024-24819
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
innovadeluxe -- manufacturer_or_supplier_alphabetical_searchSQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.2024-02-099.8CVE-2023-46350
cve@mitre.org
intel -- intel(r)_dsa_software
 
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-148.8CVE-2023-39425
secure@intel.com
intel -- intel(r)_oneapi_dpc++/c++_compiler_software
 
Improper access control in some Intel(R) oneAPI DPC++/C++ Compiler software before version 2023.2.1 may allow authenticated user to potentially enable escalation of privilege via local access.2024-02-147.8CVE-2023-35121
secure@intel.com
intel -- intel(r)_pcm_software
 
Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.2024-02-147.5CVE-2023-34351
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access.2024-02-147.1CVE-2023-33875
secure@intel.com
intel -- intel(r)_sur_software
 
Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2024-02-147.1CVE-2023-39941
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper access control in the Intel(R) Thunderbolt (TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-148.2CVE-2023-22293
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper input validation in some Intel(R) Thunderbolt (TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-147.7CVE-2023-22342
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper access control in some Intel(R) Thunderbolt (TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-147.9CVE-2023-25777
secure@intel.com
isc -- bind_9
 
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.2024-02-137.5CVE-2023-4408
security-officer@isc.org
security-officer@isc.org
security-officer@isc.org
isc -- bind_9
 
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.2024-02-137.5CVE-2023-5517
security-officer@isc.org
security-officer@isc.org
security-officer@isc.org
isc -- bind_9
 
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.2024-02-137.5CVE-2023-5679
security-officer@isc.org
security-officer@isc.org
security-officer@isc.org
isc -- bind_9
 
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.2024-02-137.5CVE-2023-6516
security-officer@isc.org
security-officer@isc.org
security-officer@isc.org
ivanti -- connect_secureAn XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.2024-02-138.3CVE-2024-22024
support@hackerone.com
linksys -- wrt54gl_firmwareA vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-097.5CVE-2024-1404
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
litespeedtech -- lsquicIn LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.2024-02-099.8CVE-2024-25678
cve@mitre.org
cve@mitre.org
cve@mitre.org
manageengine -- exchange_reporter_plus
 
Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature.2024-02-168.3CVE-2024-21775
0fc0942c-577d-436f-ae8e-945763c79b02
mhenrixon -- sidekiq-unique-jobs
 
sidekiq-unique-jobs is an open-source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-137.1CVE-2024-25122
security-advisories@github.com
security-advisories@github.com
microsoft -- .net_6.0
 
.NET Denial of Service Vulnerability2024-02-137.5CVE-2024-21404
secure@microsoft.com
microsoft -- asp.net_core_6.0
 
.NET Denial of Service Vulnerability2024-02-137.5CVE-2024-21386
secure@microsoft.com
microsoft -- azure_connected_machine_agent
 
Azure Connected Machine Agent Elevation of Privilege Vulnerability2024-02-137.3CVE-2024-21329
secure@microsoft.com
microsoft -- azure_devops_server_2022
 
Azure DevOps Server Remote Code Execution Vulnerability2024-02-137.5CVE-2024-20667
secure@microsoft.com
microsoft -- azure_kubernetes_service
 
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability2024-02-139CVE-2024-21376
secure@microsoft.com
microsoft -- azure_kubernetes_service
 
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability2024-02-139CVE-2024-21403
secure@microsoft.com
microsoft -- azure_site_recovery
 
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability2024-02-139.3CVE-2024-21364
secure@microsoft.com
microsoft -- entra
 
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability2024-02-139.8CVE-2024-21401
secure@microsoft.com
microsoft -- microsoft_365_apps_for_enterprise
 
Microsoft Office OneNote Remote Code Execution Vulnerability2024-02-137.8CVE-2024-21384
secure@microsoft.com
microsoft -- microsoft_365_apps_for_enterprise
 
Microsoft Outlook Elevation of Privilege Vulnerability2024-02-137.1CVE-2024-21402
secure@microsoft.com
microsoft -- microsoft_defender_for_endpoint_for_windows
 
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability2024-02-137.8CVE-2024-21315
secure@microsoft.com
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1
 
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability2024-02-138.2CVE-2024-21395
secure@microsoft.com
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1
 
Dynamics 365 Sales Spoofing Vulnerability2024-02-137.6CVE-2024-21328
secure@microsoft.com
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1
 
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability2024-02-137.6CVE-2024-21389
secure@microsoft.com
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1
 
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability2024-02-137.6CVE-2024-21393
secure@microsoft.com
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1
 
Dynamics 365 Field Service Spoofing Vulnerability2024-02-137.6CVE-2024-21394
secure@microsoft.com
microsoft -- microsoft_dynamics_365_(on-premises)_version_9.1
 
Dynamics 365 Sales Spoofing Vulnerability2024-02-137.6CVE-2024-21396
secure@microsoft.com
microsoft -- microsoft_dynamics_365_business_central_2022_release_wave_2
 
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability2024-02-138CVE-2024-21380
secure@microsoft.com
microsoft -- microsoft_dynamics_365_customer_engagement_v9.1
 
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability2024-02-137.6CVE-2024-21327
secure@microsoft.com
microsoft -- microsoft_exchange_server_2016_cumulative_update_23
 
Microsoft Exchange Server Elevation of Privilege Vulnerability2024-02-139.8CVE-2024-21410
secure@microsoft.com
microsoft -- microsoft_office_2019
 
Microsoft Outlook Remote Code Execution Vulnerability2024-02-139.8CVE-2024-21413
secure@microsoft.com
secure@microsoft.com
microsoft -- microsoft_office_2019
 
Microsoft Outlook Remote Code Execution Vulnerability2024-02-138CVE-2024-21378
secure@microsoft.com
microsoft -- microsoft_office_2019
 
Microsoft Office Remote Code Execution Vulnerability2024-02-137.8CVE-2024-20673
secure@microsoft.com
microsoft -- microsoft_office_2019
 
Microsoft Word Remote Code Execution Vulnerability2024-02-137.8CVE-2024-21379
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21349
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21350
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21352
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability2024-02-138.1CVE-2024-21357
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21358
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21359
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21360
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21361
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21365
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21366
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21367
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21368
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21369
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21370
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows OLE Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21372
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21375
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21391
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21420
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Kernel Elevation of Privilege Vulnerability2024-02-137.8CVE-2024-21338
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft ODBC Driver Remote Code Execution Vulnerability2024-02-137.5CVE-2024-21347
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Internet Connection Sharing (ICS) Denial of Service Vulnerability2024-02-137.5CVE-2024-21348
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability2024-02-137.8CVE-2024-21354
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability2024-02-137CVE-2024-21355
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability2024-02-137.8CVE-2024-21363
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Kernel Elevation of Privilege Vulnerability2024-02-137CVE-2024-21371
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows DNS Information Disclosure Vulnerability2024-02-137.1CVE-2024-21377
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability2024-02-137CVE-2024-21405
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Printing Service Spoofing Vulnerability2024-02-137.5CVE-2024-21406
secure@microsoft.com
microsoft -- windows_11_version_21h2
 
Internet Shortcut Files Security Feature Bypass Vulnerability2024-02-138.1CVE-2024-21412
secure@microsoft.com
microsoft -- windows_11_version_21h2
 
Win32k Elevation of Privilege Vulnerability2024-02-137.8CVE-2024-21346
secure@microsoft.com
microsoft -- windows_11_version_22h2
 
Windows DNS Client Denial of Service Vulnerability2024-02-137.5CVE-2024-21342
secure@microsoft.com
microsoft -- windows_11_version_23h2
 
Windows SmartScreen Security Feature Bypass Vulnerability2024-02-137.6CVE-2024-21351
secure@microsoft.com
microsoft -- windows_server_2022_23h2_edition_(server_core_installation)
 
Windows Kernel Elevation of Privilege Vulnerability2024-02-138.8CVE-2024-21345
secure@microsoft.com
microsoft -- windows_server_2022_23h2_edition_(server_core_installation)
 
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability2024-02-138.8CVE-2024-21353
secure@microsoft.com
minbrowser -- minIn Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.2024-02-098.8CVE-2024-25677
cve@mitre.org
misp -- mispAn issue was discovered in MISP before 2.4.184. Organization logo upload is insecure because of a lack of checks for the file extension and MIME type.2024-02-099.8CVE-2024-25674
cve@mitre.org
cve@mitre.org
misp -- mispAn issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.2024-02-099.8CVE-2024-25675
cve@mitre.org
cve@mitre.org
nlnet_labs -- unbound
 
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.2024-02-158CVE-2024-1488
secalert@redhat.com
secalert@redhat.com
objectcomputing -- micronautMicronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.2024-02-097.8CVE-2024-23639
security-advisories@github.com
security-advisories@github.com
objectcomputing -- openddsIn OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits.max_samples. NOTE: the vendor's position is that the product is not designed to handle a max_samples value that is too large for the amount of memory on the system.2024-02-117.5CVE-2023-52427
cve@mitre.org
oduyo -- online_collectionImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2.2024-02-099.8CVE-2023-6677
iletisim@usom.gov.tr
open-mss -- mss
 
MSS (Mission Support System) is an open-source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The `filename` variable is joined with other variables to form a file path in `_file`. However, `filename` is a route parameter that can capture path type values i.e. values including slashes (\). So, it is possible for an attacker to manipulate the file being read by assigning a value containing ../ to `filename` and so the attacker may be able to gain access to other files on the host filesystem. This issue has been addressed in MSS version 8.3.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-157.3CVE-2024-25123
security-advisories@github.com
security-advisories@github.com
open-xchange_gmbh -- ox_app_suite
 
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.2024-02-147.1CVE-2023-27975
cybersecurity@se.com
open-xchange_gmbh -- ox_app_suite
 
Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a user's sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved and resulting content is checked for malicious content. No publicly available exploits are known.2024-02-127.1CVE-2023-41704
security@open-xchange.com
security@open-xchange.com
openidc -- mod_auth_openidc
 
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-137.5CVE-2024-24814
security-advisories@github.com
security-advisories@github.com
openrefine -- openrefine
 
OpenRefine is a free, open-source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-127.5CVE-2024-23833
security-advisories@github.com
security-advisories@github.com
opentext -- alm_octane
 
Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.2024-02-157.5CVE-2023-6123
security@opentext.com
opentext -- operations_agent
 
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on no-Windows platforms. The vulnerability could allow local privilege escalation. 2024-02-158.8CVE-2024-0622
security@opentext.com
oracle_corporation -- agile_plm_framework
 
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).2024-02-178.8CVE-2024-20953
secalert_us@oracle.com
oracle_corporation -- agile_product_lifecycle_management_for_process
 
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).2024-02-177.3CVE-2024-20956
secalert_us@oracle.com
oracle_corporation -- audit_vault_and_database_firewall
 
Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).2024-02-177.5CVE-2024-20909
secalert_us@oracle.com
oracle_corporation -- enterprise_manager_base_platform
 
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L).2024-02-177.5CVE-2024-20917
secalert_us@oracle.com
oracle_corporation -- weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.6 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).2024-02-178.6CVE-2024-20927
secalert_us@oracle.com
oracle_corporation -- weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).2024-02-177.5CVE-2024-20931
secalert_us@oracle.com
phpems -- phpemsA vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability.2024-02-099.8CVE-2024-1353
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pixelfed -- pixelfed
 
Pixelfed is an open-source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-129.9CVE-2024-25108
security-advisories@github.com
security-advisories@github.com
postahsl_ -- online_payment_system
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024.2024-02-159.8CVE-2023-7081
iletisim@usom.gov.tr
presta_monster -- multi_accessories_proSQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().2024-02-099.8CVE-2023-50026
cve@mitre.org
propertyhive -- propertyhive
 
Deserialization of Untrusted Data vulnerability in PropertyHive. This issue affects PropertyHive: from n/a through 2.0.5.2024-02-128.7CVE-2024-23513
audit@patchstack.com
rems -- event_student_attendance_systemSourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.2024-02-099.8CVE-2024-25302
cve@mitre.org
rockwell_automation -- factorytalk_service_platform
 
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.2024-02-169CVE-2024-21915
PSIRT@rockwellautomation.com
sap_se -- sap_aba_(application_basis)
 
In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable.2024-02-139.1CVE-2024-22131
cna@sap.com
cna@sap.com
sap_se -- sap_cloud_connector
 
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.2024-02-137.4CVE-2024-25642
cna@sap.com
cna@sap.com
sap_se -- sap_crm_webclient_ui
 
Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the application data after successful exploitation.2024-02-137.6CVE-2024-22130
cna@sap.com
cna@sap.com
sap_se -- sap_ides_systems
 
SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice. An attacker can therefore control the behavior of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system.2024-02-137.4CVE-2024-22132
cna@sap.com
cna@sap.com
sap_se -- sap_netweaver_as_java_(guided_procedures)
 
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.2024-02-138.6CVE-2024-24743
cna@sap.com
cna@sap.com
sap_se -- sap_netweaver_as_java_(user_admin_application)
 
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.2024-02-138.8CVE-2024-22126
cna@sap.com
cna@sap.com
schneider_electric -- ecostruxure_control_expert
 
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.2024-02-147.7CVE-2023-6409
cybersecurity@se.com
schneider_electric -- harmony_control_relay_rmnf22tb30
 
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication.2024-02-148.8CVE-2024-0568
cybersecurity@se.com
schneider_electric -- modicon_m340_cpu_(part_numbers_bmxp34*)
 
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.2024-02-148.1CVE-2023-6408
cybersecurity@se.com
sherlock -- employee_management_systemAn issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.2024-02-149.8CVE-2024-25214
cve@mitre.org
sherlock -- employee_management_systemEmployee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.2024-02-149.8CVE-2024-25215
cve@mitre.org
sherlock -- employee_management_systemEmployee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.2024-02-149.8CVE-2024-25216
cve@mitre.org
sherlock -- employee_management_systemEmployee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.2024-02-147.2CVE-2024-25212
cve@mitre.org
sherlock -- employee_management_systemEmployee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.2024-02-147.2CVE-2024-25213
cve@mitre.org
siemens -- location_intelligence_perpetual_large
 
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application.2024-02-139.8CVE-2024-23816
productcert@siemens.com
siemens -- parasolid_v35.0
 
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process.2024-02-137.8CVE-2023-49125
productcert@siemens.com
siemens -- polarion_almA vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.2024-02-137.3CVE-2024-23813
productcert@siemens.com
siemens -- polarion_alm
 
A vulnerability has been identified in Polarion ALM (All versions). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.2024-02-137.8CVE-2023-50236
productcert@siemens.com
siemens -- simatic_cp_343-1
 
A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial-of-service condition by injecting spoofed TCP RST packets.2024-02-137.5CVE-2023-51440
productcert@siemens.com
siemens -- simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710)2024-02-137.8CVE-2024-24920
productcert@siemens.com
siemens -- simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712)2024-02-137.8CVE-2024-24921
productcert@siemens.com
siemens -- simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715)2024-02-137.8CVE-2024-24922
productcert@siemens.com
siemens -- simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055)2024-02-137.8CVE-2024-24923
productcert@siemens.com
siemens -- simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059)2024-02-137.8CVE-2024-24924
productcert@siemens.com
siemens -- simcenter_femap
 
A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)2024-02-137.8CVE-2024-24925
productcert@siemens.com
siemens -- sinec_nms
 
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.2024-02-138.8CVE-2024-23810
productcert@siemens.com
siemens -- sinec_nms
 
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.2024-02-138.8CVE-2024-23811
productcert@siemens.com
siemens -- sinec_nms
 
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection.2024-02-138CVE-2024-23812
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.2024-02-137.8CVE-2024-23795
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.2024-02-137.8CVE-2024-23796
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.2024-02-137.8CVE-2024-23797
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.2024-02-137.8CVE-2024-23798
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.2024-02-137.8CVE-2024-23802
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.2024-02-137.8CVE-2024-23803
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process.2024-02-137.8CVE-2024-23804
productcert@siemens.com
siemens -- unicam_fx
 
A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.2024-02-137.8CVE-2024-22042
productcert@siemens.com
simgesel -- hearing_tracking_systemAuthorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.2024-02-098.8CVE-2023-6724
iletisim@usom.gov.tr
solarwinds -- access_rights_manager
 
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.2024-02-159CVE-2023-40057
psirt@solarwinds.com
solarwinds -- access_rights_manager
 
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution.2024-02-159.6CVE-2024-23476
psirt@solarwinds.com
solarwinds -- access_rights_manager
 
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.2024-02-159.6CVE-2024-23479
psirt@solarwinds.com
solarwinds -- access_rights_manager
 
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution.2024-02-158CVE-2024-23478
psirt@solarwinds.com
solarwinds -- access_rights_manager
 
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution.2024-02-157.9CVE-2024-23477
psirt@solarwinds.com
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_codeTask Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.2024-02-149.8CVE-2024-25220
cve@mitre.org
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_codeTask Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.2024-02-149.8CVE-2024-25222
cve@mitre.org
tenable -- security_center
 
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host.2024-02-147.2CVE-2024-1367
vulnreport@tenable.com
typo3 -- typo3
 
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.2024-02-137.1CVE-2024-25121
security-advisories@github.com
security-advisories@github.com
uni-pa_university_marketing_&_computer_internet_trade_inc -- university_information_system
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection. This issue affects University Information System: before 12.12.2023.2024-02-149.8CVE-2023-6441
iletisim@usom.gov.tr
utarit_information_technologies -- solipay_mobile_app
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. This issue affects SoliPay Mobile App: before 5.0.8.2024-02-159.8CVE-2023-5155
iletisim@usom.gov.tr
utarit_information_technologies -- solipay_mobile_app
 
Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8.2024-02-157.5CVE-2023-4993
iletisim@usom.gov.tr
utarit_information_technologies -- solipay_mobile_app
 
Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable. This issue affects SoliPay Mobile App: before 5.0.8.2024-02-157.5CVE-2023-6255
iletisim@usom.gov.tr
vercel -- pkgpkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realizing it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21's support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.2024-02-097.8CVE-2024-24828
security-advisories@github.com
security-advisories@github.com
wordpress -- wordpressThe Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-108.8CVE-2024-0594
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.2024-02-097.5CVE-2024-0842
security@wordfence.com
security@wordfence.com
wordpress -- wordpress
 
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-179.8CVE-2024-0610
security@wordfence.com
security@wordfence.com
wordpress -- wordpress
 
The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-02-179.8CVE-2024-1512
security@wordfence.com
security@wordfence.com
wordpress -- wordpress
 
Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin. This issue affects Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin: from n/a through 4.1.1.2024-02-128.2CVE-2024-24796
audit@patchstack.com
wordpress -- wordpress
 
Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme. This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6.2024-02-127.5CVE-2024-24926
audit@patchstack.com
wp_swings -- coupon_referral_program
 
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program. This issue affects Coupon Referral Program: from n/a through 1.7.2.2024-02-1210CVE-2024-25100
audit@patchstack.com
wpxpo -- productx_woocommerce_builder_&_gutenberg_woocommerce_blocks
 
Deserialization of Untrusted Data vulnerability in wpxpo ProductX - WooCommerce Builder & Gutenberg WooCommerce Blocks. This issue affects ProductX - WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.2024-02-128.7CVE-2024-23512
audit@patchstack.com
x.org -- x.org
 
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.2024-02-097.8CVE-2024-0229
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
zoom_video_communications,_inc -- zoom_desktop_client_for_windows,_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows
 
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.2024-02-149.6CVE-2024-24691
security@zoom.us
zoom_video_communications_inc -- zoom_clients
 
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.2024-02-147.2CVE-2024-24697
security@zoom.us
 f5 -- big-ip
 
When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-147.5CVE-2024-24775
f5sirt@f5.com

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20733
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20734
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20735
psirt@adobe.com
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20736
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20747
psirt@adobe.com
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20748
psirt@adobe.com
psirt@adobe.com
adobe -- acrobat_reader
 
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20749
psirt@adobe.com
psirt@adobe.com
adobe -- commerceAdobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.2024-02-156.5CVE-2024-20718
psirt@adobe.com
adobe -- commerceAdobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-02-155.4CVE-2024-20717
psirt@adobe.com
adobe -- commerceAdobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction.2024-02-154.9CVE-2024-20716
psirt@adobe.com
adobe -- substance_3d_painterSubstance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20722
psirt@adobe.com
adobe -- substance_3d_painterSubstance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20724
psirt@adobe.com
adobe -- substance_3d_painterSubstance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-02-155.5CVE-2024-20725
psirt@adobe.com
algosec -- algosec_fireflow
 
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above)2024-02-155.1CVE-2023-46596
security.vulnerabilities@algosec.com
apache_software_foundation -- apache_superset
 
This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.2024-02-146.5CVE-2024-23952
security@apache.org
security@apache.org
security@apache.org
ari_soft -- contact_form_7_connector
 
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector. This issue affects Contact Form 7 Connector: from n/a through 1.2.2.2024-02-124.3CVE-2024-24884
audit@patchstack.com
automattic -- crowdsignal_dashboardImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard - Polls, Surveys & more allows Reflected XSS. This issue affects Crowdsignal Dashboard - Polls, Surveys & more: from n/a through 3.0.11.2024-02-106.1CVE-2023-51488
audit@patchstack.com
automattic -- sensei_lmsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automatic Sensei LMS - Online Courses, Quizzes, & Learning allows Stored XSS. This issue affects Sensei LMS - Online Courses, Quizzes, & Learning: from n/a through 4.17.0.2024-02-125.4CVE-2023-50875
audit@patchstack.com
axiosys -- bento4Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.2024-02-096.5CVE-2024-25451
cve@mitre.org
axiosys -- bento4Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.2024-02-095.5CVE-2024-25452
cve@mitre.org
axiosys -- bento4Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.2024-02-095.5CVE-2024-25453
cve@mitre.org
cve@mitre.org
axiosys -- bento4Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.2024-02-095.5CVE-2024-25454
cve@mitre.org
ays-pro -- chartifyImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify - WordPress Chart Plugin allows Stored XSS.This issue affects Chartify - WordPress Chart Plugin: from n/a through 2.0.6.2024-02-124.8CVE-2023-47526
audit@patchstack.com
badge -- hacker_hotel_badge
 
Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial-of-service attack. Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding. This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.2024-02-115.7CVE-2024-21875
csirt@divd.nl
csirt@divd.nl
barangay_management_system_project -- barangay_management_systemBarangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter.2024-02-145.4CVE-2024-25207
cve@mitre.org
barangay_management_system_project -- barangay_management_systemBarangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter.2024-02-145.4CVE-2024-25208
cve@mitre.org
beds24 -- online_bookingImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.23.2024-02-104.8CVE-2024-24717
audit@patchstack.com
beyondtrust -- privilege_management_for_windows
 
An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When a low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.2024-02-166.3CVE-2024-25083
cve@mitre.org
calculatorsworld -- cc_bmi_calculatorImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1.2024-02-105.4CVE-2024-23516
audit@patchstack.com
canonical_ltd -- lxd
 
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.2024-02-146.7CVE-2023-48733
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
canonical_ltd -- lxd
 
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.2024-02-146.7CVE-2023-49721
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
clicktotweet -- click_to_tweetImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14.2024-02-105.4CVE-2024-23514
audit@patchstack.com
comarch -- erp_xl
 
The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2.2024-02-156.2CVE-2023-4538
cvd@cert.pl
cvd@cert.pl
concretecms -- concrete_cmsConcrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.2024-02-094.8CVE-2024-1245
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de
concretecms -- concrete_cmsConcrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user's browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.2024-02-094.8CVE-2024-1246
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de
concretecms -- concrete_cmsConcrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.2024-02-094.8CVE-2024-1247
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de
content_cards_project -- content_cardsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7.2024-02-125.4CVE-2024-24928
audit@patchstack.com
dell -- bsafe_ssl-jDell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.2024-02-104.4CVE-2023-28077
security_alert@emc.com
dell -- mobility_e-lab_navigator
 
Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Object Reference Vulnerability in Feedback submission. An attacker could potentially exploit this vulnerability, to manipulate the email's appearance, potentially deceiving recipients and causing reputational and security risks.2024-02-144.4CVE-2024-22455
security_alert@emc.com
dell -- recoverpoint_for_vms
 
Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.2024-02-166.5CVE-2024-22425
security_alert@emc.com
dell -- secure_connect_gateway-application
 
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database.2024-02-145.4CVE-2023-44293
security_alert@emc.com
dell -- secure_connect_gateway-application
 
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database.2024-02-145.4CVE-2023-44294
security_alert@emc.com
dell -- supportassist_client_consumer
 
Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes.2024-02-146.3CVE-2023-39249
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.2024-02-126.5CVE-2024-22221
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.2024-02-126.5CVE-2024-22226
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems.2024-02-125.4CVE-2024-0169
security_alert@emc.com
dell -- unity_operating_environmentDell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.2024-02-125.4CVE-2024-22230
security_alert@emc.com
derhansen -- sf_event_mgt
 
sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-134.3CVE-2024-24751
security-advisories@github.com
security-advisories@github.com
ebm_technologies -- risweb
 
EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login.2024-02-155.3CVE-2024-26263
twcert@cert.org.tw
ecshop -- ecshop
 
A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view_sendlist.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250562 is the identifier assigned to this vulnerability.2024-02-156.3CVE-2024-1530
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
envoyproxy -- envoyEnvoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-095.3CVE-2024-23323
security-advisories@github.com
security-advisories@github.com
exiv2 -- exiv2
 
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-125.5CVE-2024-24826
security-advisories@github.com
security-advisories@github.com
exiv2 -- exiv2
 
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-125.5CVE-2024-25112
security-advisories@github.com
security-advisories@github.com
f5 -- big-ip
 
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-146.7CVE-2024-21782
f5sirt@f5.com
f5 -- big-ip
 
When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-146CVE-2024-23976
f5sirt@f5.com
f5 -- big-ip_next_spk
 
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-144.4CVE-2024-23306
f5sirt@f5.com
f5 -- f5os_-_appliance
 
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-02-146.2CVE-2024-24966
f5sirt@f5.com
f5 -- f5os_-_appliance
 
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2024-02-145.5CVE-2024-23607
f5sirt@f5.com
filseclab -- twister_antivirus
 
Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.2024-02-135.8CVE-2024-1140
help@fluidattacks.com
help@fluidattacks.com
filseclab -- twister_antivirus
 
Twister Antivirus v8.17 is vulnerable to a Denial-of-Service vulnerability by triggering the 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver.2024-02-135.5CVE-2024-1216
help@fluidattacks.com
help@fluidattacks.com
fortinet -- fortimanager
 
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.2024-02-155CVE-2023-44253
psirt@fortinet.com
fortinet -- fortinac
 
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.2024-02-156.8CVE-2023-26206
psirt@fortinet.com
fortinet -- fortios
 
An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6 and 7.4.0 - 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch.2024-02-154.8CVE-2023-47537
psirt@fortinet.com
geek_code_lab -- all_404_pages_redirect_to_homepage
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS. This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9.2024-02-126.1CVE-2024-24889
audit@patchstack.com
getawesomesupport -- awesome_supportThe Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails.2024-02-104.3CVE-2024-0595
security@wordfence.com
security@wordfence.com
security@wordfence.com
getgrav -- gravA cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.2024-02-095.4CVE-2023-31506
cve@mitre.org
github -- enterprise_server
 
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program.2024-02-136.3CVE-2024-1082
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
github -- enterprise_server
 
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.2024-02-136.5CVE-2024-1084
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
gitlab -- gitlab
 
An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.2024-02-126.5CVE-2024-1250
cve@gitlab.com
givewp -- givewpImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform allows Stored XSS. This issue affects GiveWP - Donation Plugin and Fundraising Platform: from n/a through 3.2.2.2024-02-105.4CVE-2023-51415
audit@patchstack.com
glewlwyd_sso_server_project -- glewlwyd_sso_serverGlewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.2024-02-116.1CVE-2024-25715
cve@mitre.org
cve@mitre.org
grafana -- grafana
 
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.2024-02-135.4CVE-2023-6152
security@grafana.com
security@grafana.com
grafana -- grafana-csv-datasource
 
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator2024-02-145CVE-2023-5122
security@grafana.com
greenpau -- github.com/greenpau/caddy-security
 
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package.2024-02-176.5CVE-2024-21495
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
greenpau -- github.com/greenpau/caddy-security
 
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], ["], [']), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target user's browser, compromising user sessions.2024-02-176.1CVE-2024-21496
report@snyk.io
report@snyk.io
report@snyk.io
greenpau -- github.com/greenpau/caddy-security
 
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server.2024-02-175.3CVE-2024-21493
report@snyk.io
report@snyk.io
report@snyk.io
greenpau -- github.com/greenpau/caddy-security
 
All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address.2024-02-175.4CVE-2024-21494
report@snyk.io
report@snyk.io
report@snyk.io
greenpau -- github.com/greenpau/caddy-security
 
All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser's back button, to trigger the redirection.2024-02-175.4CVE-2024-21497
report@snyk.io
report@snyk.io
report@snyk.io
greenpau -- github.com/greenpau/caddy-security
 
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability.2024-02-175.3CVE-2024-21498
report@snyk.io
report@snyk.io
report@snyk.io
greenpau -- github.com/greenpau/caddy-security
 
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active, but supposedly logged-out session can perform unauthorized actions on behalf of the user.2024-02-174.8CVE-2024-21492
report@snyk.io
report@snyk.io
report@snyk.io
greenpau -- github.com/greenpau/caddy-security
 
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol. Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.2024-02-174.3CVE-2024-21499
report@snyk.io
report@snyk.io
report@snyk.io
greenpau -- github.com/greenpau/caddy-security
 
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application's full multistep 2FA process.2024-02-174.8CVE-2024-21500
report@snyk.io
report@snyk.io
report@snyk.io
hcl_software -- hcl_connections
 
HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially crafted request an attacker could exploit this vulnerability to cause denial of service for affected users.2024-02-125.5CVE-2023-28018
psirt@hcl.com
helm -- helm
 
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.2024-02-156.4CVE-2024-25620
security-advisories@github.com
security-advisories@github.com
hima -- f30_03x_yy_(com)
 
An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.2024-02-134.3CVE-2024-24782
info@cert.vde.com
howardehrenberg -- custom_post_carousels_with_owlImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS.This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6.2024-02-105.4CVE-2023-51493
audit@patchstack.com
ibm -- cics_tx_standard
 
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440.2024-02-125.9CVE-2022-34309
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- cics_tx_standard
 
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441.2024-02-125.9CVE-2022-34310
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- cics_tx_standard
 
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.2024-02-124.3CVE-2022-34311
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- datastage_on_cloud_pak_for_data
 
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060.2024-02-124.9CVE-2022-38714
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- engineering_lifecycle_optimizationIBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.2024-02-096.1CVE-2023-45190
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- i_access_client_solutionsIBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.2024-02-095.5CVE-2024-22318
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- integration_busThe IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.2024-02-096.5CVE-2024-22332
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- jazz_for_service_management
 
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929.2024-02-145.3CVE-2023-46186
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- qradar_suite_software
 
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975.2024-02-175.1CVE-2024-22335
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- qradar_suite_software
 
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.2024-02-175.1CVE-2024-22336
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- qradar_suite_software
 
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977.2024-02-175.1CVE-2024-22337
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- qradar_suite_software
 
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747.2024-02-174CVE-2023-50951
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- robotic_process_automation
 
IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293.2024-02-124.6CVE-2022-22506
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.2024-02-096.5CVE-2023-32341
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559.2024-02-094.3CVE-2023-42016
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_defender_resiliency_serviceIBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.2024-02-105.5CVE-2024-22312
psirt@us.ibm.com
psirt@us.ibm.com
if-so -- dynamic_content_personalizationImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1.2024-02-105.4CVE-2023-51492
audit@patchstack.com
intel -- acat_software_maintained_by_intel(r)
 
Incorrect default permissions in some ACAT software maintained by Intel(R) before version 2.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-41231
secure@intel.com
intel -- intel(r)_battery_life_diagnostic_tool_software
 
Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-35060
secure@intel.com
intel -- intel(r)_binary_configuration_tool_software
 
Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-24591
secure@intel.com
intel -- intel(r)_c++_compiler_classic
 
Improper buffer restrictions in some Intel(R) C++ Compiler Classic before version 2021.8 may allow authenticated user to potentially enable escalation of privilege via local access.2024-02-146CVE-2023-29162
secure@intel.com
intel -- intel(r)_chipset_driver_software
 
Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-25174
secure@intel.com
intel -- intel(r)_chipset_driver_software
 
Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-28739
secure@intel.com
intel -- intel(r)_cip_software
 
Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-35769
secure@intel.com
intel -- intel(r)_dsa_software
 
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access.2024-02-146.3CVE-2023-35062
secure@intel.com
intel -- intel(r)_dsa_software
 
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access.2024-02-145.5CVE-2023-25073
secure@intel.com
intel -- intel(r)_ethernet_tools_and_driver_install_software
 
Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-33870
secure@intel.com
intel -- intel(r)_ethernet_tools_and_driver_install_software
 
Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-39432
secure@intel.com
intel -- intel(r)_ispc_software
 
Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-38566
secure@intel.com
intel -- intel(r)_mas_software
 
Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access.2024-02-145CVE-2023-36490
secure@intel.com
intel -- intel(r)_mpi_library_software
 
Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-41091
secure@intel.com
intel -- intel(r)_ofu_software
 
Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-25945
secure@intel.com
intel -- intel(r)_oneapi_toolkit_and_component_software_installers
 
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-32618
secure@intel.com
intel -- intel(r)_oneapi_toolkit_and_component_software_installers
 
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access.2024-02-145CVE-2023-28715
secure@intel.com
intel -- intel(r)_optane(tm)_pmem_100_series_management_software
 
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-22311
secure@intel.com
intel -- intel(r)_optane(tm)_pmem_software
 
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.6CVE-2023-27517
secure@intel.com
intel -- intel(r)_pm_software
 
Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-38135
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.2024-02-146CVE-2023-25951
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2024-02-146.1CVE-2023-28374
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2024-02-146.1CVE-2023-28720
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2024-02-144.3CVE-2023-26586
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2024-02-144.3CVE-2023-32642
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2024-02-144.3CVE-2023-32644
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2024-02-144.3CVE-2023-32651
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.2024-02-144.3CVE-2023-34983
secure@intel.com
intel -- intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
 
Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.2024-02-144.3CVE-2023-35061
secure@intel.com
intel -- intel(r)_qat_software_drivers_for_windows
 
Out-of-bounds read in some Intel(R) QAT software drivers for Windows before version QAT1.7-W-1.11.0 may allow an authenticated user to potentially enable denial of service via local access.2024-02-146.5CVE-2023-41252
secure@intel.com
intel -- intel(r)_qsfp+_configuration_utility_software
 
Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-28745
secure@intel.com
intel -- intel(r)_sdk_for_opencl(tm)_applications_software
 
Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-36493
secure@intel.com
intel -- intel(r)_server_product_openbmc_firmware
 
Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access.2024-02-145.2CVE-2023-31189
secure@intel.com
intel -- intel(r)_server_product_openbmc_firmware
 
Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.2024-02-145.3CVE-2023-32280
secure@intel.com
intel -- intel(r)_ssu_software
 
Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-40156
secure@intel.com
intel -- intel(r)_sur_for_gameplay_software
 
Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privileged user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-39932
secure@intel.com
intel -- intel(r)_sur_for_gameplay_software
 
Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privileged user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-40154
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_controllers_versions
 
Improper access control in firmware for some Intel(R) Thunderbolt(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access.2024-02-146.1CVE-2023-28396
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.2024-02-146.5CVE-2023-22390
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.3CVE-2023-24481
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-24542
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.2024-02-146.1CVE-2023-24589
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-25779
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.2024-02-145.5CVE-2023-22848
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.2024-02-145.5CVE-2023-25769
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.2024-02-145CVE-2023-26585
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.2024-02-144.3CVE-2023-24463
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-144.2CVE-2023-27301
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.2024-02-144.6CVE-2023-27308
secure@intel.com
intel -- intel(r)_vroc_software
 
Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-31271
secure@intel.com
intel -- intel(r)_vroc_software
 
Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-32646
secure@intel.com
intel -- intel(r)_vroc_software
 
Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-34315
secure@intel.com
intel -- intel(r)_vroc_software
 
Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-35003
secure@intel.com
intel -- intel(r)_xtu_software
 
Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.7CVE-2023-28407
secure@intel.com
intel -- intel(r)_xtu_software
 
Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.8CVE-2023-32647
secure@intel.com
intel -- intel(r)_xtu_software
 
Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-145.5CVE-2023-38561
secure@intel.com
intel -- intel_unite(r)_client_software
 
Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-146.6CVE-2023-40161
secure@intel.com
intel -- sps_firmwareUncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access.2024-02-144.9CVE-2023-29153
secure@intel.com
intel -- tensorflow
 
Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-02-145.5CVE-2023-30767
secure@intel.com
internallinkjuicer -- internal_link_juicerThe Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-02-094.8CVE-2024-0657
security@wordfence.com
security@wordfence.com
isc -- bind_9
 
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.2024-02-135.3CVE-2023-5680
security-officer@isc.org
jboss -- undertow
 
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.2024-02-125.3CVE-2024-1459
secalert@redhat.com
secalert@redhat.com
jwcrypto -- jwcrypto
 
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial-of-service attack.2024-02-125.3CVE-2023-6681
secalert@redhat.com
secalert@redhat.com
kalli_dan -- kd_coming_soon
 
Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon. This issue affects KD Coming Soon: from n/a through 1.7.2024-02-125.4CVE-2023-46615
audit@patchstack.com
leap13 -- premium_addons_for_elementorImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16.2024-02-105.4CVE-2024-24831
audit@patchstack.com
linksys -- wrt54gl_firmwareA vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-104.3CVE-2024-1405
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
linksys -- wrt54gl_firmwareA vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-104.3CVE-2024-1406
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
linux -- kernel 
 
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.2024-02-115.5CVE-2024-1151
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- linux
 
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope.2024-02-146.8CVE-2024-1485
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
logichunt -- owl_carouselImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel - WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel - WordPress Owl Carousel Slider: from n/a through 1.4.0.2024-02-105.4CVE-2024-24801
audit@patchstack.com
mastodon -- mastodon
 
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-144.2CVE-2024-25618
security-advisories@github.com
security-advisories@github.com
mattermost -- mattermost_serverMattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. 2024-02-094.3CVE-2024-1402
responsibledisclosure@mattermost.com
mattermost -- mattermost_serverMattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.2024-02-094.1CVE-2024-24774
responsibledisclosure@mattermost.com
mattermost -- mattermost_serverMattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.2024-02-094.3CVE-2024-24776
responsibledisclosure@mattermost.com
mediawiki -- managewiki
 
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability.2024-02-096.5CVE-2024-25109
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
microsoft -- azure_file_sync
 
Microsoft Azure File Sync Elevation of Privilege Vulnerability2024-02-135.3CVE-2024-21397
secure@microsoft.com
microsoft -- azure_stack_hub
 
Azure Stack Hub Spoofing Vulnerability2024-02-136.5CVE-2024-20679
secure@microsoft.com
microsoft -- entra
 
Microsoft Azure Active Directory B2C Spoofing Vulnerability2024-02-136.8CVE-2024-21381
secure@microsoft.com
microsoft -- microsoft_teams_for_android
 
Microsoft Teams for Android Information Disclosure2024-02-135CVE-2024-21374
secure@microsoft.com
microsoft -- skype_for_business_server_2019_cu7
 
Skype for Business Information Disclosure Vulnerability2024-02-135.7CVE-2024-20695
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows USB Generic Parent Driver Remote Code Execution Vulnerability2024-02-136.4CVE-2024-21339
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Kernel Remote Code Execution Vulnerability2024-02-136.8CVE-2024-21341
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability2024-02-136.5CVE-2024-21356
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Network Address Translation (NAT) Denial of Service Vulnerability2024-02-135.9CVE-2024-21343
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Network Address Translation (NAT) Denial of Service Vulnerability2024-02-135.9CVE-2024-21344
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Kernel Security Feature Bypass Vulnerability2024-02-135.5CVE-2024-21362
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Trusted Compute Base Elevation of Privilege Vulnerability2024-02-134.1CVE-2024-21304
secure@microsoft.com
microsoft -- windows_10_version_1809
 
Windows Kernel Information Disclosure Vulnerability2024-02-134.6CVE-2024-21340
secure@microsoft.com
microsoft -- windows_server_2022
 
Windows Hyper-V Denial of Service Vulnerability2024-02-136.5CVE-2024-20684
secure@microsoft.com
mitsubishi_electric_corporation -- melsec_iq-r_series_safety_cpu_r08sfcpu
 
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allow a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.2024-02-136.5CVE-2023-6815
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
moodle -- lms
 
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.2024-02-126.5CVE-2024-1439
cve-coordination@incibe.es
netapp -- snapcenter
 
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings2024-02-165.4CVE-2024-21987
security-alert@netapp.com
netapp -- storagegrid
 
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot.2024-02-166.5CVE-2024-21983
security-alert@netapp.com
netapp -- storagegrid
 
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts.2024-02-165.9CVE-2024-21984
security-alert@netapp.com
netgear -- r7000_firmwareA vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-116.5CVE-2024-1430
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netgear -- r7000_firmwareA vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-02-116.5CVE-2024-1431
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nicdark -- restaurant_reservations
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8.2024-02-126.5CVE-2023-51403
audit@patchstack.com
ninjateam -- wp_chat_app
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS. This issue affects WP Chat App: from n/a through 3.4.4.2024-02-125.9CVE-2023-51370
audit@patchstack.com
nodejs -- undici
 
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body.2024-02-166.5CVE-2024-24750
security-advisories@github.com
security-advisories@github.com
open-xchange_gmbh -- ox_app_suite
 
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a user's session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known.2024-02-126.1CVE-2023-41703
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suite
 
Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.2024-02-126.5CVE-2023-41705
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suite
 
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.2024-02-126.5CVE-2023-41706
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suite
 
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.2024-02-126.5CVE-2023-41707
security@open-xchange.com
security@open-xchange.com
open-xchange_gmbh -- ox_app_suite
 
References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now more strictly controlled to avoid relative references. No publicly available exploits are known.2024-02-125.4CVE-2023-41708
security@open-xchange.com
security@open-xchange.com
oracle_corporation -- application_object_library
 
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).2024-02-176.5CVE-2024-20929
secalert_us@oracle.com
oracle_corporation -- application_object_library
 
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).2024-02-175.3CVE-2024-20915
secalert_us@oracle.com
oracle_corporation -- bi_publisher_(formerly_xml_publisher)
 
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).2024-02-175.4CVE-2024-20980
secalert_us@oracle.com
oracle_corporation -- business_intelligence_enterprise_edition
 
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).2024-02-175.4CVE-2024-20913
secalert_us@oracle.com
oracle_corporation -- common_applications
 
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).2024-02-175.4CVE-2024-20947
secalert_us@oracle.com
oracle_corporation -- crm_technical_foundation
 
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).2024-02-174.3CVE-2024-20939
secalert_us@oracle.com
oracle_corporation -- customer_interaction_history
 
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-02-176.1CVE-2024-20949
secalert_us@oracle.com
oracle_corporation -- customer_interaction_history
 
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-02-176.1CVE-2024-20951
secalert_us@oracle.com
oracle_corporation -- database_-_enterprise_edition
 
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).2024-02-176.5CVE-2024-20903
secalert_us@oracle.com
oracle_corporation -- installed_base
 
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-02-176.1CVE-2024-20933
secalert_us@oracle.com
oracle_corporation -- installed_base
 
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-02-176.1CVE-2024-20935
secalert_us@oracle.com
oracle_corporation -- installed_base
 
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-02-176.1CVE-2024-20941
secalert_us@oracle.com
oracle_corporation -- installed_base
 
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).2024-02-175.4CVE-2024-20958
secalert_us@oracle.com
oracle_corporation -- java_se_jdk_and_jre
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).2024-02-175.9CVE-2024-20919
secalert_us@oracle.com
oracle_corporation -- java_se_jdk_and_jre
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).2024-02-175.9CVE-2024-20921
secalert_us@oracle.com
oracle_corporation -- java_se_jdk_and_jre
 
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).2024-02-174.7CVE-2024-20945
secalert_us@oracle.com
oracle_corporation -- jd_edwards_enterpriseone_tools
 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).2024-02-174.3CVE-2024-20937
secalert_us@oracle.com
oracle_corporation -- knowledge_management
 
Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).2024-02-175.4CVE-2024-20943
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-02-176.5CVE-2024-20960
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-02-176.5CVE-2024-20962
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-02-175.3CVE-2024-20964
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-02-174.9CVE-2024-20966
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-02-174.4CVE-2024-20968
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-02-174.9CVE-2024-20970
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-02-174.9CVE-2024-20972
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-02-174.9CVE-2024-20974
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-02-174.9CVE-2024-20976
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-02-174.9CVE-2024-20978
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-02-174.9CVE-2024-20982
secalert_us@oracle.com
oracle_corporation -- mysql_server
 
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-02-174.4CVE-2024-20984
secalert_us@oracle.com
oracle_corporation -- sun_zfs_storage_appliance_kit_(ak)_software
 
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).2024-02-174.3CVE-2023-21833
secalert_us@oracle.com
oracle_corporation -- web_applications_desktop_integrator
 
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-02-176.1CVE-2024-20907
secalert_us@oracle.com
oracle_corporation -- weblogic_server
 
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-02-176.1CVE-2024-20986
secalert_us@oracle.com
otwthemes -- buttons_shortcode_and_widgetImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16.2024-02-125.4CVE-2024-24930
audit@patchstack.com
palo_alto_networks -- pan-os
 
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.2024-02-146.8CVE-2024-0007
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.2024-02-146.6CVE-2024-0008
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.2024-02-146.3CVE-2024-0009
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user's browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.2024-02-144.3CVE-2024-0010
psirt@paloaltonetworks.com
palo_alto_networks -- pan-os
 
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user's browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.2024-02-144.3CVE-2024-0011
psirt@paloaltonetworks.com
photoboxone -- smtp_mail
 
Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail. This issue affects SMTP Mail: from n/a through 1.3.20.2024-02-134.3CVE-2024-25914
audit@patchstack.com
pluginus -- wootImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6.2024-02-105.4CVE-2023-51480
audit@patchstack.com
pquic -- pquicIn PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.2024-02-096.5CVE-2024-25679
cve@mitre.org
cve@mitre.org
cve@mitre.org
prasidhdamalla -- honeypot_for_wp_commentImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS. This issue affects Honeypot for WP Comment: from n/a through 2.2.3.2024-02-126.1CVE-2024-24933
audit@patchstack.com
python -- python nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template.2024-02-096.5CVE-2024-21624
security-advisories@github.com
security-advisories@github.com
qnap_systems_inc -- qts
 
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later2024-02-135.8CVE-2023-47218
security@qnapsecurity.com.tw
security@qnapsecurity.com.tw
qnap_systems_inc -- qts
 
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.2665 build 20240131 and later QTS 4.3.4.2675 build 20240131 and later QTS 4.3.3.2644 build 20240131 and later QTS 4.2.6 build 20240131 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later2024-02-135.8CVE-2023-50358
security@qnapsecurity.com.tw
security@qnapsecurity.com.tw
security@qnapsecurity.com.tw
red_hat -- 389-ds-base
 
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.2024-02-125.5CVE-2024-1062
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
red_hat -- openshift
 
A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.2024-02-165.4CVE-2024-1342
secalert@redhat.com
secalert@redhat.com
ryan_duff_peter_westwood -- wp_contact_form
 
Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form. This issue affects WP Contact Form: from n/a through 1.6.2024-02-124.3CVE-2024-24929
audit@patchstack.com
sametime -- sametime
 
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser.2024-02-104CVE-2023-45696
psirt@hcl.com
sametime -- sametime
 
Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks.2024-02-104.8CVE-2023-45698
psirt@hcl.com
sap_se -- sap_bam_(bank_account_management)
 
SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.2024-02-136.3CVE-2024-24739
cna@sap.com
cna@sap.com
sap_se -- sap_companion
 
SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application.2024-02-135.4CVE-2024-22129
cna@sap.com
cna@sap.com
sap_se -- sap_crm_(webclient_ui)
 
SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability.2024-02-134.1CVE-2024-24742
cna@sap.com
cna@sap.com
sap_se -- sap_fiori_app_(my_overtime_requests)
 
The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability.2024-02-134.3CVE-2024-25643
cna@sap.com
cna@sap.com
sap_se -- sap_master_data_governance_material
 
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.2024-02-134.3CVE-2024-24741
cna@sap.com
cna@sap.com
sap_se -- sap_netweaver_application_server_abap_(sap_kernel)
 
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.2024-02-135.3CVE-2024-24740
cna@sap.com
cna@sap.com
sap_se -- sap_netweaver_business_client_for_html
 
SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.2024-02-134.7CVE-2024-22128
cna@sap.com
cna@sap.com
sentry -- sentrySentry is an error tracking and performance monitoring platform. Sentry's integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-095.3CVE-2024-24829
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
siemens -- openpcs_7_v9.1
 
A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain unorganized RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server.2024-02-136.5CVE-2023-48363
productcert@siemens.com
siemens -- openpcs_7_v9.1
 
A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server.2024-02-136.5CVE-2023-48364
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2024-02-135.5CVE-2024-23799
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2024-02-135.5CVE-2024-23800
productcert@siemens.com
siemens -- tecnomatix_plant_simulationA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2024-02-135.5CVE-2024-23801
productcert@siemens.com
silabs.com -- gsdk
 
A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop.2024-02-156.5CVE-2024-0240
product-security@silabs.com
product-security@silabs.com
squid-cache -- squid
 
Squid is an open-source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:22024-02-145.3CVE-2024-25617
security-advisories@github.com
security-advisories@github.com
svix -- svix
 
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification, no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.2024-02-136.8CVE-2024-21491
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
swadeshswain -- before_after_image_sliderImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2.2024-02-125.4CVE-2024-24931
audit@patchstack.com
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_codeA cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.2024-02-146.1CVE-2024-25218
cve@mitre.org
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_codeA cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php.2024-02-146.1CVE-2024-25219
cve@mitre.org
task_manager_in_php_with_source_code_project -- task_manager_in_php_with_source_codeA cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.2024-02-146.1CVE-2024-25221
cve@mitre.org
tenable -- security_center
 
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks.2024-02-145.9CVE-2024-1471
vulnreport@tenable.com
treasure-data -- digdag
 
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-145.3CVE-2024-25125
security-advisories@github.com
security-advisories@github.com
trellix -- trellix_central_management_(cm)
 
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.2024-02-134.6CVE-2023-6072
trellixpsirt@trellix.com
typo3 -- typo3
 
TYPO3 is an open-source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.2024-02-134.3CVE-2024-25118
security-advisories@github.com
security-advisories@github.com
typo3 -- typo3
 
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.2024-02-134.9CVE-2024-25119
security-advisories@github.com
security-advisories@github.com
typo3 -- typo3
 
TYPO3 is an open-source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.2024-02-134.3CVE-2024-25120
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
virusblokada -- vba32_antivirus
 
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.2024-02-136.3CVE-2024-23439
help@fluidattacks.com
help@fluidattacks.com
virusblokada -- vba32_antivirus
 
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.2024-02-136.3CVE-2024-23440
help@fluidattacks.com
help@fluidattacks.com
web-soudan -- mw_wp_formImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6.2024-02-105.4CVE-2024-24804
audit@patchstack.com
wolfssl -- sp_math_all_rsa
 
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define "WOLFSSL_STATIC_RSA" enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However, the server's private key is not exposed.2024-02-095.9CVE-2023-6935
facts@wolfssl.com
facts@wolfssl.com
wolfssl -- sp_math_all_rsa
 
wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.2024-02-155.3CVE-2023-6937
facts@wolfssl.com
facts@wolfssl.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS. This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6.2024-02-126.1CVE-2024-24927
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy - The only GDPR solution for WordPress that you can truly trust allows Stored XSS. This issue affects My Agile Privacy - The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7.2024-02-105.4CVE-2023-51404
audit@patchstack.com
wordpress -- wordpressThe Awesome Support - WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts.2024-02-105.3CVE-2024-0596
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Event Manager, Events Calendar, Events Tickets for WooCommerce - Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.2024-02-095.3CVE-2024-1122
security@wordfence.com
security@wordfence.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin - Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin - Online Booking for WordPress: from n/a through 3.5.10.2024-02-105.4CVE-2024-23517
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS. This issue affects Heateor Social Login WordPress: from n/a through 1.1.30.2024-02-105.4CVE-2024-24712
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings - Car Listings & Car Dealership Plugin for WordPress allows Stored XSS. This issue affects Auto Listings - Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5.2024-02-105.4CVE-2024-24713
audit@patchstack.com
wordpress -- wordpress
 
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-136.4CVE-2024-1159
security@wordfence.com
security@wordfence.com
wordpress -- wordpress
 
The Landing Page Cat - Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public.2024-02-155.3CVE-2024-0708
security@wordfence.com
security@wordfence.com
wordpress -- wordpress
 
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-135.4CVE-2024-1157
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpress
 
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-02-135.4CVE-2024-1160
security@wordfence.com
security@wordfence.com
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery - Contact Form, Upload Form, Social Share and Voting Plugin for WordPress. This issue affects Photos and Files Contest Gallery - Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.2024-02-125.4CVE-2024-24887
audit@patchstack.com
wp-hosting -- pay_with_vipps_and_mobilepay_for_woocommerceImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13.2024-02-105.4CVE-2023-51485
audit@patchstack.com
wpoperation -- ultra_companionImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion - Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion - Companion plugin for WPoperation Themes: from n/a through 1.1.9.2024-02-105.4CVE-2024-24803
audit@patchstack.com
wpsimpletools -- basic_log_viewer
 
Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer. This issue affects Basic Log Viewer: from n/a through 1.0.4.2024-02-124.3CVE-2024-24935
audit@patchstack.com
yannick_lefebvre -- link_library
 
Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library. This issue affects Link Library: from n/a through 7.5.13.2024-02-124.3CVE-2024-24875
audit@patchstack.com
zabbix -- zabbixThe cause of vulnerability is improper validation of form input field "Name" on Graph page in Items section.2024-02-095.4CVE-2024-22119
security@zabbix.com
zalify -- easy_emailCross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.2024-02-096.1CVE-2023-39683
cve@mitre.org
cve@mitre.org
cve@mitre.org
zixn -- vk_poster_groupImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS. This issue affects VK Poster Group: from n/a through 2.0.3.2024-02-126.1CVE-2024-24932
audit@patchstack.com
zoom_video_communications,_inc -- zoom_clients
 
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.2024-02-145.4CVE-2024-24690
security@zoom.us
zoom_video_communications_inc -- zoom_clients
 
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.2024-02-146.5CVE-2024-24699
security@zoom.us
zoom_video_communications_inc -- zoom_clients
 
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.2024-02-144.9CVE-2024-24698
security@zoom.us
zoom_video_communications_inc -- zoom_desktop_client_for_windows_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows
 
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.2024-02-146.8CVE-2024-24695
security@zoom.us
zoom_video_communications_inc -- zoom_desktop_client_for_windows_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows
 
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.2024-02-146.8CVE-2024-24696
security@zoom.us

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
alfio-event -- alf.io
 
Alf.io is a free and open-source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an XSS payload. This issue has been addressed in version 2.0-M4-2402. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-163.5CVE-2024-25627
security-advisories@github.com
beyondtrust -- privilege_management_for_windows
 
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.2024-02-163.3CVE-2024-1591
13061848-ea10-403d-bd75-c83a022c2891
dbartholomae -- lambda-middleware_frameguard
 
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability.2024-02-123.5CVE-2021-4437
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
f5 -- big-ip
 
An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2024-02-143.8CVE-2024-23603
f5sirt@f5.com
gambio -- gambioCleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.2024-02-122.7CVE-2024-23760
cve@mitre.org
ibm -- trusteer_ios_sdk
 
An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535.2024-02-172.2CVE-2022-42443
psirt@us.ibm.com
psirt@us.ibm.com
intel -- intel(r)_mas_software
 
Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access.2024-02-141.8CVE-2023-41090
secure@intel.com
intel -- intel(r)_sgx_dcap_software_for_windows
 
Improper input validation in some Intel(R) SGX DCAP software for Windows before version 1.19.100.3 may allow an authenticated user to potentially enable information disclosure via local access.2024-02-143.8CVE-2023-42776
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access.2024-02-143.8CVE-2023-26592
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.2024-02-143.8CVE-2023-27300
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.2024-02-143.8CVE-2023-27303
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.2024-02-143.8CVE-2023-27307
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Unchecked return value in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access.2024-02-142CVE-2023-26591
secure@intel.com
intel -- intel(r)_thunderbolt(tm)_dch_drivers_for_windows
 
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.2024-02-142.5CVE-2023-26596
secure@intel.com
kde -- plasma_workspace
 
A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.2024-02-113.1CVE-2024-1433
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lenovo -- thinksystem_sr670_v2
 
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting.2024-02-162CVE-2024-23591
psirt@lenovo.com
mastodon -- mastodon
 
Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue listening to streaming after the application had been destroyed. Essentially this comes down to the fact that when Doorkeeper sets up the relationship between Applications and Access Tokens, it uses a `dependent: delete_all` configuration, which means the `after_commit` callback setup on `AccessTokenExtension` didn't actually fire, since `delete_all` doesn't trigger ActiveRecord callbacks. To mitigate, we need to add a `before_destroy` callback to `ApplicationExtension` which announces to streaming that all the Application's Access Tokens are being "killed". Impact should be negligible given the affected application had to be owned by the user. None the less this issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability.2024-02-143.1CVE-2024-25619
security-advisories@github.com
security-advisories@github.com
mattermost -- mattermost_serverMattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.2024-02-093.5CVE-2024-23319
responsibledisclosure@mattermost.com
nodejs -- undici
 
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-02-163.9CVE-2024-24758
security-advisories@github.com
security-advisories@github.com
opensc -- authentic_driver
 
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occurring in the card enrolment process using pkcs15-init when a user or administrator enrolls or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.2024-02-123.4CVE-2024-1454
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
oracle_corporation -- audit_vault_and_database_firewall
 
Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N).2024-02-172.6CVE-2024-20911
secalert_us@oracle.com
oracle_corporation -- java_se_jdk_and_jre
 
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).2024-02-173.1CVE-2024-20923
secalert_us@oracle.com
oracle_corporation -- java_se_jdk_and_jre
 
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).2024-02-173.1CVE-2024-20925
secalert_us@oracle.com
oracle_corporation -- jd_edwards_enterpriseone_tools
 
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).2024-02-172.7CVE-2024-20905
secalert_us@oracle.com
sametime -- sametime
 
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session. 2024-02-093.9CVE-2023-45718
psirt@hcl.com
sametime -- sametime
 
Sametime is impacted by sensitive information passed in URL.2024-02-091.7CVE-2023-45716
psirt@hcl.com
siemens -- parasolid_v35.0
 
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2024-02-133.3CVE-2024-22043
productcert@siemens.com

Back to top

 

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
4ipnet -- eap-767
 
4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged.2024-02-14not yet calculatedCVE-2024-24300
cve@mitre.org
4ipnet -- eap-767
 
Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.2024-02-14not yet calculatedCVE-2024-24301
cve@mitre.org
adv_radius -- adv_radius
 
SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script.2024-02-13not yet calculatedCVE-2024-22923
cve@mitre.org
cve@mitre.org
alanclarke -- urlite
 
An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function.2024-02-16not yet calculatedCVE-2023-51931
cve@mitre.org
cve@mitre.org
amd -- 3rd_gen_amd
 
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.2024-02-13not yet calculatedCVE-2023-20587
psirt@amd.com
amd -- 3rd_gen_amd
 
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.2024-02-13not yet calculatedCVE-2023-31346
psirt@amd.com
amd -- 3rd_gen_amd
 
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity. 2024-02-13not yet calculatedCVE-2023-31347
psirt@amd.com
amd -- alveo_card
 
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.2024-02-13not yet calculatedCVE-2023-20570
psirt@amd.com
amd -- amd_ryzen
 
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.2024-02-13not yet calculatedCVE-2021-46757
psirt@amd.com
amd -- amd_ryzen
 
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.2024-02-13not yet calculatedCVE-2023-20579
psirt@amd.com
appleple_inc. -- a-blog_cms
 
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.2024-02-15not yet calculatedCVE-2024-25559
vultures@jpcert.or.jp
vultures@jpcert.or.jp
bludit -- bludit_cms
 
Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.2024-02-17not yet calculatedCVE-2024-25297
cve@mitre.org
caddy -- caddy
 
The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.2024-02-12not yet calculatedCVE-2023-52430
cve@mitre.org
cve@mitre.org
ce-phoenixcart -- phoenixcart
 
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.2024-02-16not yet calculatedCVE-2024-25415
cve@mitre.org
cve@mitre.org
cve@mitre.org
codeprojects -- simple_admin_panel_app
 
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.2024-02-14not yet calculatedCVE-2024-25223
cve@mitre.org
codeprojects -- simple_admin_panel_app
 
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.2024-02-14not yet calculatedCVE-2024-25224
cve@mitre.org
codeprojects -- simple_admin_panel_app
 
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.2024-02-14not yet calculatedCVE-2024-25225
cve@mitre.org
codeprojects -- simple_admin_panel_app
 
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.2024-02-14not yet calculatedCVE-2024-25226
cve@mitre.org
connect2id -- nimbus_jose+jwt
 
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.2024-02-11not yet calculatedCVE-2023-52428
cve@mitre.org
cve@mitre.org
cve@mitre.org
cskaza -- csz_cms
 
An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.2024-02-16not yet calculatedCVE-2024-25414
cve@mitre.org
cve@mitre.org
cu_solutions_group -- cusg_solutions_content_management_solution
 
Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component.2024-02-14not yet calculatedCVE-2023-48985
cve@mitre.org
cu_solutions_group -- cusg_solutions_content_management_solution
 
Cross Site Scripting (XSS) vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component.2024-02-14not yet calculatedCVE-2023-48986
cve@mitre.org
cu_solutions_group -- cusg_solutions_content_management_solution
 
Blind SQL Injection vulnerability in CU Solutions Group (CUSG) Content Management System (CMS) before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component.2024-02-14not yet calculatedCVE-2023-48987
cve@mitre.org
dakkar -- plack::middleware::xsrfblock_perl_package
 
The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).2024-02-13not yet calculatedCVE-2023-52431
cve@mitre.org
cve@mitre.org
darktrace -- threat_visualizer
 
DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.2024-02-16not yet calculatedCVE-2024-22854
cve@mitre.org
digital-peak.com -- dp_calendar_for_joomla
 
XSS vulnerability in DP Calendar component for Joomla.2024-02-15not yet calculatedCVE-2024-21727
security@joomla.org
dnssec -- dnssec
 
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.2024-02-14not yet calculatedCVE-2023-50868
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
ellucian -- banner
 
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.2024-02-13not yet calculatedCVE-2023-49339
cve@mitre.org
cve@mitre.org
expressvpn -- expressvpn
 
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.2024-02-11not yet calculatedCVE-2024-25728
cve@mitre.org
cve@mitre.org
firebear_studio -- improved_import_&_export
 
A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file.2024-02-16not yet calculatedCVE-2024-25413
cve@mitre.org
cve@mitre.org
flusity -- flusity_cms
 
Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component.2024-02-15not yet calculatedCVE-2024-25502
cve@mitre.org
freebsd -- freebsd
 
The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.2024-02-15not yet calculatedCVE-2022-23084
secteam@freebsd.org
freebsd -- freebsd
 
A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.2024-02-15not yet calculatedCVE-2022-23085
secteam@freebsd.org
freebsd -- freebsd
 
Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.2024-02-15not yet calculatedCVE-2022-23086
secteam@freebsd.org
freebsd -- freebsd
 
The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context. The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue.2024-02-15not yet calculatedCVE-2022-23087
secteam@freebsd.org
freebsd -- freebsd
 
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution.2024-02-15not yet calculatedCVE-2022-23088
secteam@freebsd.org
freebsd -- freebsd
 
When dumping core and saving process information, proc_getargv() might return a sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash.2024-02-15not yet calculatedCVE-2022-23089
secteam@freebsd.org
freebsd -- freebsd
 
The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).2024-02-15not yet calculatedCVE-2022-23090
secteam@freebsd.org
freebsd -- freebsd
 
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.2024-02-15not yet calculatedCVE-2022-23091
secteam@freebsd.org
freebsd -- freebsd
 
The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox.2024-02-15not yet calculatedCVE-2022-23092
secteam@freebsd.org
freebsd -- freebsd
 
ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header. The pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes. The memory safety bugs described above can be triggered by a remote host, causing the ping program to crash. The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.2024-02-15not yet calculatedCVE-2022-23093
secteam@freebsd.org
freebsd -- freebsd
 
`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.2024-02-15not yet calculatedCVE-2024-25940
secteam@freebsd.org
freebsd -- freebsd
 
The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.2024-02-15not yet calculatedCVE-2024-25941
secteam@freebsd.org
german_national_identity_card -- online-ausweis-funktion_eid_scheme
 
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the "sPACE (Spoofing Password Authenticated Connection Establishment)" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is "ensuring a secure operational environment at the client side is an obligation of the ID card owner."2024-02-15not yet calculatedCVE-2024-23674
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
gestsup -- gestsup
 
A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.2024-02-13not yet calculatedCVE-2023-52059
cve@mitre.org
cve@mitre.org
gestsup -- gestsup
 
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.2024-02-13not yet calculatedCVE-2023-52060
cve@mitre.org
cve@mitre.org
ghost -- ghost
 
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."2024-02-11not yet calculatedCVE-2024-23724
cve@mitre.org
cve@mitre.org
cve@mitre.org
google -- androidIn applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2023-40122
security@android.com
security@android.com
google -- android
 
In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2023-21165
security@android.com
google -- android
 
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2023-40085
security@android.com
security@android.com
google -- android
 
In multiple files, there is a possible way that trimmed content could be included in PDF output due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2023-40093
security@android.com
security@android.com
security@android.com
google -- android
 
In discovery_thread of Dns64Configuration.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-15not yet calculatedCVE-2023-40100
security@android.com
security@android.com
google -- android
 
In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-15not yet calculatedCVE-2023-40104
security@android.com
security@android.com
google -- android
 
In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-15not yet calculatedCVE-2023-40105
security@android.com
security@android.com
google -- android
 
In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-15not yet calculatedCVE-2023-40106
security@android.com
security@android.com
google -- android
 
In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-15not yet calculatedCVE-2023-40107
security@android.com
security@android.com
google -- android
 
In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2024-02-15not yet calculatedCVE-2023-40109
security@android.com
security@android.com
google -- android
 
In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2024-02-15not yet calculatedCVE-2023-40110
security@android.com
security@android.com
google -- android
 
In setMediaButtonReceiver of MediaSessionRecord.java, there is a possible way to send a pending intent on behalf of system_server due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2024-02-15not yet calculatedCVE-2023-40111
security@android.com
security@android.com
google -- android
 
In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-15not yet calculatedCVE-2023-40112
security@android.com
security@android.com
google -- android
 
In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-15not yet calculatedCVE-2023-40113
security@android.com
security@android.com
google -- android
 
In multiple functions of MtpFfsHandle.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2024-02-15not yet calculatedCVE-2023-40114
security@android.com
security@android.com
google -- android
 
In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-15not yet calculatedCVE-2023-40115
security@android.com
security@android.com
google -- android
 
In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-15not yet calculatedCVE-2023-40124
security@android.com
security@android.com
google -- android
 
In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0014
security@android.com
google -- android
 
In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0015
security@android.com
security@android.com
google -- android
 
In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0016
security@android.com
security@android.com
google -- android
 
In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.2024-02-16not yet calculatedCVE-2024-0017
security@android.com
security@android.com
google -- android
 
In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0018
security@android.com
security@android.com
google -- android
 
In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.2024-02-16not yet calculatedCVE-2024-0019
security@android.com
security@android.com
google -- android
 
In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0020
security@android.com
security@android.com
google -- android
 
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2024-02-16not yet calculatedCVE-2024-0021
security@android.com
security@android.com
google -- android
 
In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0023
security@android.com
security@android.com
google -- android
 
In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0029
security@android.com
security@android.com
google -- android
 
In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0030
security@android.com
security@android.com
google -- android
 
In attp_build_read_by_type_value_cmd of att_protocol.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0031
security@android.com
security@android.com
google -- android
 
In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.2024-02-16not yet calculatedCVE-2024-0032
security@android.com
security@android.com
security@android.com
google -- android
 
In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0033
security@android.com
security@android.com
security@android.com
google -- android
 
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0034
security@android.com
security@android.com
google -- android
 
In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0035
security@android.com
security@android.com
google -- android
 
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0036
security@android.com
security@android.com
google -- android
 
In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0037
security@android.com
security@android.com
google -- android
 
In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0038
security@android.com
security@android.com
google -- android
 
In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0040
security@android.com
security@android.com
google -- android
 
In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation.2024-02-16not yet calculatedCVE-2024-0041
security@android.com
security@android.com
hazelcast -- hazelcast_platform
 
In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.2024-02-16not yet calculatedCVE-2023-45860
cve@mitre.org
cve@mitre.org
honeywell -- niagara_framework
 
Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing. This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.2024-02-13not yet calculatedCVE-2024-1309
psirt@honeywell.com
psirt@honeywell.com
hp_inc -- certain_hp_desktop_pc_products
 
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.2024-02-14not yet calculatedCVE-2022-48219
hp-security-alert@hp.com
hp_inc -- certain_hp_desktop_pc_products
 
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.2024-02-14not yet calculatedCVE-2022-48220
hp-security-alert@hp.com
hp_inc. -- certain_hp_workstation_pcs
 
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.2024-02-14not yet calculatedCVE-2023-6138
hp-security-alert@hp.com
idocview -- idocv
 
An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script.2024-02-16not yet calculatedCVE-2024-24377
cve@mitre.org
inprax -- izzi_connect
 
INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401.2024-02-15not yet calculatedCVE-2024-0390
cvd@cert.pl
cvd@cert.pl
koha -- koha
 
CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components.2024-02-12not yet calculatedCVE-2024-24337
cve@mitre.org
linux -- kernel
 
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.2024-02-12not yet calculatedCVE-2023-52429
cve@mitre.org
cve@mitre.org
linux -- kernel
 
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.2024-02-12not yet calculatedCVE-2024-25741
cve@mitre.org
linux -- kernel
 
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.2024-02-12not yet calculatedCVE-2024-25744
cve@mitre.org
cve@mitre.org
linux -- ubi
 
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.2024-02-12not yet calculatedCVE-2024-25739
cve@mitre.org
cve@mitre.org
linux -- ubi
 
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.2024-02-12not yet calculatedCVE-2024-25740
cve@mitre.org
mbloch -- mbloch/mapshaper
 
Path Traversal in GitHub repository mbloch/mapshaper prior to 0.6.44.2024-02-13not yet calculatedCVE-2024-1163
security@huntr.dev
security@huntr.dev
motorola -- cx2l
 
A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.2024-02-12not yet calculatedCVE-2024-25360
cve@mitre.org
mysten_labs -- sui blockchain
 
An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component.2024-02-13not yet calculatedCVE-2023-42374
cve@mitre.org
cve@mitre.org
cve@mitre.org
ncurses -- ncurses
 
ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.2024-02-16not yet calculatedCVE-2023-45918
cve@mitre.org
qanything -- kernel 
 
qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.2024-02-11not yet calculatedCVE-2024-25722
cve@mitre.org
cve@mitre.org
raidenmaild -- raidenmaild
 
Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory.2024-02-13not yet calculatedCVE-2023-38960
cve@mitre.org
react_ative -- document_picker
 
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.2024-02-16not yet calculatedCVE-2024-25466
cve@mitre.org
cve@mitre.org
redaxo -- redaxo_cms
 
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.2024-02-17not yet calculatedCVE-2024-25298
cve@mitre.org
redaxo -- redaxo_cms
 
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.2024-02-14not yet calculatedCVE-2024-25300
cve@mitre.org
redaxo -- redaxo_cms
 
Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.2024-02-14not yet calculatedCVE-2024-25301
cve@mitre.org
cve@mitre.org
rhonabwy -- rhonabwy
 
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)2024-02-11not yet calculatedCVE-2024-25714
cve@mitre.org
rurban -- cpanel::json::xs_perl_package
 
The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.2024-02-13not yet calculatedCVE-2022-48623
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
samly -- samly
 
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.2024-02-11not yet calculatedCVE-2024-25718
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
sharp_corporation -- energy_management_controller_with_cloud_services
 
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication.2024-02-14not yet calculatedCVE-2024-23783
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
sharp_corporation -- energy_management_controller_with_cloud_services
 
Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product.2024-02-14not yet calculatedCVE-2024-23784
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
sharp_corporation -- energy_management_controller_with_cloud_services
 
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.2024-02-14not yet calculatedCVE-2024-23785
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
sharp_corporation -- energy_management_controller_with_cloud_services
 
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product.2024-02-14not yet calculatedCVE-2024-23786
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
sharp_corporation -- energy_management_controller_with_cloud_services
 
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.2024-02-14not yet calculatedCVE-2024-23787
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
sharp_corporation -- energy_management_controller_with_cloud_services
 
Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product.2024-02-14not yet calculatedCVE-2024-23788
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
sharp_corporation -- energy_management_controller_with_cloud_services
 
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.2024-02-14not yet calculatedCVE-2024-23789
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
smartcalc.es -- osticky_component_for_joomla
 
An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL.2024-02-15not yet calculatedCVE-2024-21728
security@joomla.org
sourcecodester -- barangay_population_monitoring_system
 
Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php.2024-02-14not yet calculatedCVE-2024-25209
cve@mitre.org
sourcecodester -- online_medicine_ordering_system
 
Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product.2024-02-14not yet calculatedCVE-2024-25217
cve@mitre.org
sourcecodester -- school_task_manager
 
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.2024-02-13not yet calculatedCVE-2024-24142
cve@mitre.org
sourcecodester -- simple_expense_tracker
 
Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php.2024-02-14not yet calculatedCVE-2024-25210
cve@mitre.org
sourcecodester -- simple_expense_tracker
 
Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php.2024-02-14not yet calculatedCVE-2024-25211
cve@mitre.org
steve-community -- steve
 
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.2024-02-13not yet calculatedCVE-2024-25407
cve@mitre.org
swftools -- swftools
 
A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.2024-02-14not yet calculatedCVE-2024-25165
cve@mitre.org
teltonika - rut240
 
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.2024-02-17not yet calculatedCVE-2023-31728
cve@mitre.org
cve@mitre.org
teltonika -- trb1
 
Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB.2024-02-17not yet calculatedCVE-2024-22727
cve@mitre.org
tenda -- ac10
 
Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function.2024-02-15not yet calculatedCVE-2024-25373
cve@mitre.org
tongda -- office_anywhere
 
Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.2024-02-16not yet calculatedCVE-2024-25320
cve@mitre.org
totoline -- x5000r
 
An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.2024-02-17not yet calculatedCVE-2024-25468
cve@mitre.org
vitalpbx -- vitalpbx
 
An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.2024-02-15not yet calculatedCVE-2024-24386
cve@mitre.org
cve@mitre.org
wind_river -- vxworks
 
An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak.2024-02-15not yet calculatedCVE-2023-51787
cve@mitre.org
wordpress -- analytics_insights_for_google_analytics_4_(aiwp)
 
The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.2024-02-12not yet calculatedCVE-2024-0250
contact@wpscan.com
wordpress -- mappress_maps_for_wordpress
 
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks2024-02-12not yet calculatedCVE-2024-0420
contact@wpscan.com
wordpress -- mappress_maps_for_wordpress
 
The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.2024-02-12not yet calculatedCVE-2024-0421
contact@wpscan.com
wordpress -- smart_manager
 
The Smart Manager WordPress plugin before 8.28.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.2024-02-12not yet calculatedCVE-2024-0566
contact@wpscan.com
wordpress -- wordpress
 
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'handle_login_request'. This makes it possible for non-authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.2024-02-12not yet calculatedCVE-2023-6036
contact@wpscan.com
wordpress -- wordpress
 
The chartjs WordPress plugin through 2023.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2024-02-12not yet calculatedCVE-2023-6081
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpress
 
The chartjs WordPress plugin through 2023.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2024-02-12not yet calculatedCVE-2023-6082
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpress
 
The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.2024-02-12not yet calculatedCVE-2023-6294
contact@wpscan.com
wordpress -- wordpress
 
The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitization as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack2024-02-12not yet calculatedCVE-2023-6499
contact@wpscan.com
wordpress -- wordpress
 
The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2024-02-12not yet calculatedCVE-2023-6501
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpress
 
The Popup Box WordPress plugin before 20.9.0 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2024-02-12not yet calculatedCVE-2023-6591
contact@wpscan.com
wordpress -- wordpress
 
The GigPress WordPress plugin through 2.3.29 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-02-12not yet calculatedCVE-2023-7233
contact@wpscan.com
wordpress -- wordpress
 
The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9.2024-02-12not yet calculatedCVE-2024-0248
contact@wpscan.com
yetiforcecompany -- yetiforcecrm
 
Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.2024-02-16not yet calculatedCVE-2023-49508
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonyou -- space-time_enterprise_information_integration_platform
 
SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory.2024-02-15not yet calculatedCVE-2024-24256
cve@mitre.org
zimbra -- zimbra_collaboration
 
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.2024-02-13not yet calculatedCVE-2023-26562
cve@mitre.org
cve@mitre.org
cve@mitre.org
zimbra -- zimbra_collaboration
 
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)2024-02-13not yet calculatedCVE-2023-45206
cve@mitre.org
cve@mitre.org
cve@mitre.org
zimbra -- zimbra_collaboration
 
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitizing the JavaScript code present in a PDF document.)2024-02-13not yet calculatedCVE-2023-45207
cve@mitre.org
cve@mitre.org
cve@mitre.org
zimbra -- zimbra_collaboration
 
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail.2024-02-13not yet calculatedCVE-2023-48432
cve@mitre.org
cve@mitre.org
cve@mitre.org
zimbra -- zimbra_collaboration
 
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.2024-02-13not yet calculatedCVE-2023-50808
cve@mitre.org
cve@mitre.org
cve@mitre.org

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.