Vulnerability Summary for the Week of March 25, 2024

Released
Apr 01, 2024
Document ID
SB24-092

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

 

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acowebs -- pdf_invoices_and_packing_slips_for_woocommerce
 
Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7.2024-03-288.2CVE-2024-30230
audit@patchstack.com
active_websight -- seo_backlink_monitor
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor: from n/a through 1.5.0.2024-03-277.1CVE-2024-29907
audit@patchstack.com
adtribes.io -- product_feed_pro_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5.2024-03-277.1CVE-2024-24800
audit@patchstack.com
andy_moyle -- church_admin
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.2024-03-288.5CVE-2024-30244
audit@patchstack.com
ansys -- pyansys-geometry
 
PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.2024-03-267.4CVE-2024-29189
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
apache_software_foundation -- apache_fineract
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.2024-03-299.9CVE-2024-23538
security@apache.org
security@apache.org
apache_software_foundation -- apache_fineract
 
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue.2024-03-298.4CVE-2024-23537
security@apache.org
security@apache.org
apache_software_foundation -- apache_fineract
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.2024-03-298.3CVE-2024-23539
security@apache.org
security@apache.org
appscreo -- easy_social_share_buttons
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 9.4.2024-03-277.1CVE-2024-30196
audit@patchstack.com
archetyped -- cornerstone
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0.2024-03-287.1CVE-2024-28002
audit@patchstack.com
archetyped -- favicon_rotator
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Favicon Rotator allows Reflected XSS.This issue affects Favicon Rotator: from n/a through 1.2.10.2024-03-287.1CVE-2024-28001
audit@patchstack.com
artbees -- jupiterx_core
 
Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5.2024-03-269CVE-2023-38388
audit@patchstack.com
automationdirect -- c-more_ea9_hmi_ea9-t6cl
 
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content.2024-03-267.5CVE-2024-25136
ics-cert@hq.dhs.gov
bdthemes -- element_pack_elementor_addons
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.2024-03-298.5CVE-2024-30496
audit@patchstack.com
benjamin_rojas -- wp_editor
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8.2024-03-277.1CVE-2024-24700
audit@patchstack.com
bestwebsoft -- limit_attempts_by_bestwebsoft
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestWebSoft Limit Attempts by BestWebSoft allows Reflected XSS.This issue affects Limit Attempts by BestWebSoft: from n/a through 1.2.9.2024-03-297.1CVE-2024-30439
audit@patchstack.com
bizswoop_a_cpf_concepts,_llc_brand -- bizprint
 
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.2024-03-277.1CVE-2024-29773
audit@patchstack.com
booking_activities_team -- booking_activities
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking Activities Team Booking Activities allows Reflected XSS.This issue affects Booking Activities: from n/a through 1.15.19.2024-03-297.1CVE-2024-30449
audit@patchstack.com
bosch -- network_synchronizer_enterprise
 
Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device.2024-03-258.8CVE-2024-25002
psirt@bosch.com
brainstorm_force -- spectra
 
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.2024-03-287.1CVE-2023-36679
audit@patchstack.com
brainstorm_force -- starter_templates_-_elementor_wordpress_&_beaver_builder_templates
 
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates - Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates - Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.2024-03-287.1CVE-2023-34370
audit@patchstack.com
audit@patchstack.com
bulletin -- wordpress_announcement_&_notification_banner_plugin_-_bulletin

 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin - Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin - Bulletin: from n/a through 3.8.5.2024-03-297.6CVE-2024-30478
audit@patchstack.com
campcodes-house-rental-management-system

 
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257982 is the identifier assigned to this vulnerability.2024-03-267.3CVE-2024-2916
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
castos -- seriously_simple_podcasting
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.2024-03-287.1CVE-2024-25599
audit@patchstack.com
checkemail -- check_&_log_email
 
The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.2024-03-268.1CVE-2024-0866
security@wordfence.com
security@wordfence.com
cilium -- cilium
 
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3.2024-03-278CVE-2024-28860
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
cisco -- cisco_aironet_access_point_software
 
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.2024-03-278.6CVE-2024-20271
ykramarz@cisco.com
cisco -- cisco_ios_xe_software
 
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.2024-03-278.6CVE-2024-20259
ykramarz@cisco.com
cisco -- cisco_ios_xe_software
 
A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition.2024-03-278.6CVE-2024-20314
ykramarz@cisco.com
cisco -- cisco_ios_xe_software
 
A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition.2024-03-277.4CVE-2024-20303
ykramarz@cisco.com
cisco -- ios
 
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic..2024-03-278.6CVE-2024-20308
ykramarz@cisco.com
cisco -- ios
 
A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This vulnerability could be exploited over either IPv4 or IPv6 transport.2024-03-278.6CVE-2024-20311
ykramarz@cisco.com
cisco -- ios
 
A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.2024-03-277.4CVE-2024-20276
ykramarz@cisco.com
cisco -- ios
 
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency.2024-03-277.4CVE-2024-20312
ykramarz@cisco.com
code-projects -- mobile_shop
 
A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258000.2024-03-267.3CVE-2024-2927
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- online_book_system
 
A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258202 is the identifier assigned to this vulnerability.2024-03-277.3CVE-2024-3000
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeigniter4 -- codeigniter4
 
CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.2024-03-297.5CVE-2024-29904
security-advisories@github.com
security-advisories@github.com
codepeople -- calculated_fields_form
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.2024-03-277.1CVE-2024-29759
audit@patchstack.com
contact_form_with_captcha -- contact_form_with_captcha
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.2024-03-267.1CVE-2023-45771
audit@patchstack.com
contest_gallery -- contest_gallery
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.2024-03-288.5CVE-2024-30236
audit@patchstack.com
contest_gallery -- contest_gallery
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2.2024-03-278.5CVE-2024-30238
audit@patchstack.com
contest_gallery -- contest_gallery
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through 21.3.5.2024-03-297.1CVE-2024-30428
audit@patchstack.com
conversios -- conversios.io
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1.2024-03-277.1CVE-2024-29794
audit@patchstack.com
creative_solutions -- creative_image_slider_-_responsive_slider_plugin
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Solutions Creative Image Slider - Responsive Slider Plugin allows Reflected XSS.This issue affects Creative Image Slider - Responsive Slider Plugin: from n/a through 2.1.3.2024-03-297.1CVE-2024-30447
audit@patchstack.com
crm_perks -- crm_perks_forms
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.2024-03-299.3CVE-2024-30498
audit@patchstack.com
crm_perks -- crm_perks_forms
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.2024-03-298.5CVE-2024-30499
audit@patchstack.com
cubewp -- cubewp_-_all-in-one_dynamic_content_framework
 
Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP - All-in-One Dynamic Content Framework.This issue affects CubeWP - All-in-One Dynamic Content Framework: from n/a through 1.1.12.2024-03-299.9CVE-2024-30500
audit@patchstack.com
cyberchimps -- responsive
 
The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site's footer.2024-03-297.5CVE-2024-2848
security@wordfence.com
security@wordfence.com
datalens-tech -- datalens
 
DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem was fixed in the datalens-ui version `0.1449.0`. Restricting access to the API for creating or modifying charts (`/charts/api/charts/v1/`) would mitigate the issue.2024-03-298.8CVE-2024-29890
security-advisories@github.com
decalog -- decalog
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DecaLog.This issue affects DecaLog: from n/a through 3.9.0.2024-03-287.6CVE-2024-30245
audit@patchstack.com
dell -- insightiq
 
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.2024-03-278.3CVE-2024-25962
security_alert@emc.com
dell -- powerscale_onefs
 
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.2024-03-287.9CVE-2024-25959
security_alert@emc.com
dell -- powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.2024-03-287.3CVE-2024-25960
security_alert@emc.com
dell -- virtual_appliance_(vapp)_manager
 
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.2024-03-287.2CVE-2024-25946
security_alert@emc.com
dell -- virtual_appliance_(vapp)_manager
 
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.2024-03-287.2CVE-2024-25955
security_alert@emc.com
digamber_pradhan -- preview_e-mails_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview E-mails for WooCommerce: from n/a through 2.2.1.2024-03-287.1CVE-2024-27999
audit@patchstack.com
echo_plugins -- knowledge_base_for_documentation_faqs_with_ai_assistance
 
Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2.2024-03-278.7CVE-2024-24842
audit@patchstack.com
eclipse_foundation -- threadx
 
In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows.2024-03-267.3CVE-2024-2212
emo@eclipse.org
eclipse_foundation -- threadx
 
In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c2024-03-267CVE-2024-2214
emo@eclipse.org
eclipse_foundation -- threadx
 
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.2024-03-267CVE-2024-2452
emo@eclipse.org
egehan_security -- webpdks
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-299.8CVE-2023-6191
iletisim@usom.gov.tr
electron -- packager
 
Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.2024-03-297.5CVE-2024-29900
security-advisories@github.com
security-advisories@github.com
elementor.com -- elementor_website_builder
 
Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.2024-03-269.9CVE-2023-48777
audit@patchstack.com
etoile_web_design -- front_end_users
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25.2024-03-267.1CVE-2023-33322
audit@patchstack.com
everpress -- mailster
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.6.2024-03-297.1CVE-2024-30503
audit@patchstack.com
expresstech -- quiz_and_survey_master
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.2024-03-269.3CVE-2023-28787
audit@patchstack.com
faboba -- falang_multilanguage
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47.2024-03-297.6CVE-2024-30495
audit@patchstack.com
foliovision:_making_the_web_work_for_you -- fv_flowplayer_video_player
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.2024-03-277.1CVE-2024-22299
audit@patchstack.com
forgerock -- access_management
 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.2024-03-278.1CVE-2023-0582
psirt@forgerock.com
psirt@forgerock.com
fortra -- robot_schedule_enterprise_agent
 
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.2024-03-287.3CVE-2024-0259
df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.2024-03-288.7CVE-2023-6371
cve@gitlab.com
cve@gitlab.com
givewp -- givewp
 
Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2.2024-03-288CVE-2024-30229
audit@patchstack.com
gsheetconnector -- cf7_google_sheets_connector
 
Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5.2024-03-267.5CVE-2023-44989
audit@patchstack.com
hercules_design -- hercules_core_
 
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.2024-03-289.9CVE-2024-30228
audit@patchstack.com
hitachi -- hitachi_virtual_storage_platform
 
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows local users to gain sensitive information.This issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00.2024-03-259.9CVE-2022-36407
hirt@hitachi.co.jp
hitachi_energy -- mach_scm
 
SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability.2024-03-277.5CVE-2024-0400
cybersecurity@hitachienergy.com
hitachi_energy -- mach_scm
 
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do.2024-03-277.5CVE-2024-2097
cybersecurity@hitachienergy.com
hitachi_energy -- rtu500_series_cmu_firmware
 
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file.2024-03-278.2CVE-2024-1531
cybersecurity@hitachienergy.com
hometory -- mang_board_wp
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Reflected XSS.This issue affects Mang Board WP: from n/a through 1.8.0.2024-03-297.1CVE-2024-30431
audit@patchstack.com
i_thirteen_web_solution -- wp_responsive_tabs_horizontal_vertical_and_accordion_tabs
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.2024-03-298.5CVE-2024-30497
audit@patchstack.com
ibm -- common_cryptographic_architecture
 
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.2024-03-267.5CVE-2023-47150
psirt@us.ibm.com
psirt@us.ibm.com
icegram -- email_subscribers_&_newsletters
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.2024-03-277.1CVE-2024-22300
audit@patchstack.com
indianic -- widgets_controller
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1.2024-03-277.1CVE-2024-25926
audit@patchstack.com
infinitum_form -- geo_controller
 
Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.2024-03-289CVE-2024-30227
audit@patchstack.com
it_path_solutions -- contact_form_to_any_api
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.2024-03-288.5CVE-2024-30242
audit@patchstack.com
jetbrains -- teamcity

 
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter2024-03-287.4CVE-2024-31136
cve@jetbrains.com
johnbillion -- wp-crontrol
 
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met, the site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core, the site's database is compromised at the hosting level, the site is vulnerable to a method of updating arbitrary options in the wp_options table, or the site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters. As a hardening measure, WP Crontrol version 1.16.2 ships with a new feature that prevents tampering of the code stored in a PHP cron event.2024-03-258.1CVE-2024-28850
security-advisories@github.com
security-advisories@github.com
jonathankissam -- action_network
 
The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-03-277.2CVE-2024-2954
security@wordfence.com
security@wordfence.com
jordy_meow -- ai_engine:_chatgpt_chatbot
 
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.2024-03-289.1CVE-2024-29100
audit@patchstack.com
julien_crego -- manager_for_icomoon
 
Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.2024-03-269.1CVE-2023-29386
audit@patchstack.com
jumpserver -- jumpserver
 
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.2024-03-299.9CVE-2024-29201
security-advisories@github.com
jumpserver -- jumpserver
 
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7.2024-03-299.9CVE-2024-29202
security-advisories@github.com
jupyterhub -- jupyterhub
 
JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.2024-03-278.1CVE-2024-28233
security-advisories@github.com
security-advisories@github.com
kadence_wp -- gutenberg_blocks_by_kadence_blocks
 
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19.2024-03-287.7CVE-2024-23500
audit@patchstack.com
kainelabs -- youzify_-_buddypress_moderation
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5.2024-03-257.3CVE-2024-2864
audit@patchstack.com
katie_seaborn -- zotpress
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Seaborn Zotpress.This issue affects Zotpress: from n/a through 7.3.7.2024-03-298.5CVE-2024-30488
audit@patchstack.com
kienso -- co-marquage_service-public.fr
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.72.2024-03-277.1CVE-2024-29758
audit@patchstack.com
kindspells -- astro-shield
 
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.2024-03-287.5CVE-2024-29896
security-advisories@github.com
security-advisories@github.com
klbtheme -- cosmetsy_theme_(core_plugin)
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme (core plugin), KlbTheme Furnob theme (core plugin), KlbTheme Clotya theme (core plugin) allows Reflected XSS.This issue affects Cosmetsy theme (core plugin): from n/a through 1.3.0; Partdo theme (core plugin): from n/a through 1.0.9; Bacola theme (core plugin): from n/a through 1.3.3; Medibazar theme (core plugin): from n/a through 1.2.3; Furnob theme (core plugin): from n/a through 1.1.7; Clotya theme (core plugin): from n/a through 1.1.5.2024-03-267.1CVE-2023-49839
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
kylephillips -- favorites
 
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user_favorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'no_favorites'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-307.2CVE-2024-2948
security@wordfence.com
security@wordfence.com
lg_electronics -- lg_led_assistant
 
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.2024-03-259.1CVE-2024-2862
product.security@lge.com
mad_fish_digital -- bulk_noindex_&_nofollow_toolkit
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01.2024-03-277.1CVE-2024-29791
audit@patchstack.com
mainwp -- mainwp_file_uploader_extension
 
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.2024-03-2610CVE-2023-23656
audit@patchstack.com
mainwp -- mainwp_links_manager_extension
 
Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.2024-03-288.1CVE-2023-23649
audit@patchstack.com
max_foundry -- media_library_folders
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.7.2024-03-298.5CVE-2024-30486
audit@patchstack.com
mergen_software -- quality_management_system
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: through 25032024.2024-03-259.8CVE-2024-2865
iletisim@usom.gov.tr
metagauss -- profilegrid_
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.2024-03-299.3CVE-2024-30490
audit@patchstack.com
metagauss -- profilegrid_
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.2024-03-288.5CVE-2024-30241
audit@patchstack.com
metagauss -- profilegrid_
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.2024-03-298.5CVE-2024-30491
audit@patchstack.com
mndpsingh287 -- theme_editor
 
Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1.2024-03-267.2CVE-2023-6091
audit@patchstack.com
n/a -- cockpit
 
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer.2024-03-287.3CVE-2024-2947
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n/a -- oss_aliyun
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ?? OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10.2024-03-297.6CVE-2024-30494
audit@patchstack.com
n/a -- pcp
 
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.2024-03-288.8CVE-2024-3019
secalert@redhat.com
secalert@redhat.com
n/a -- web3-utils
 
Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.2024-03-257.5CVE-2024-21505
report@snyk.io
report@snyk.io
n/a -- xz
 
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.2024-03-2910CVE-2024-3094
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
n_squared -- simply_schedule_appointments
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20.2024-03-277.1CVE-2024-22311
audit@patchstack.com
netweblogic -- meta_tag_manager
 
The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-03-288.8CVE-2024-1770
security@wordfence.com
security@wordfence.com
nextcloud -- nextcloudpiNextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1.2024-03-2910CVE-2024-30247
security-advisories@github.com
nvidia -- gpu_display_driver,_vgpu_driver_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.2024-03-277.1CVE-2024-0074
psirt@nvidia.com
nvidia -- gpu_display_driver_vgpu_driver,_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.2024-03-277.8CVE-2024-0071
psirt@nvidia.com
nvidia -- gpu_display_driver_vgpu_driver_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.2024-03-277.8CVE-2024-0073
psirt@nvidia.com
nvidia -- vgpu_driver_cloud_gaming_driver
 
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.2024-03-277.8CVE-2024-0077
psirt@nvidia.com
oliver_seidel_bastian_germann -- cformsii
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.2024-03-277.1CVE-2024-22149
audit@patchstack.com
onthegosystems -- types
 
Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17.2024-03-267.2CVE-2023-27440
audit@patchstack.com
openeuler -- a-tune-collector
 
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.2024-03-258.1CVE-2024-24897
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
openeuler -- aops-zeus
 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0.2024-03-257.2CVE-2024-24899
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
openeuler -- gala-gopher
 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2.2024-03-257.8CVE-2024-24890
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
openeuler -- isulad
 
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.2024-03-257CVE-2021-33632
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
openeuler -- migration-tools
 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1.2024-03-258.1CVE-2024-24892
securities@openeuler.org
securities@openeuler.org
opentext -- secure_content_manager
 
By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.2024-03-258.5CVE-2024-1973
security@opentext.com
opentextâ- -- zenworks_configuration_management_(zcm)
 
Incorrect Authorization vulnerability in OpenTextâ„¢ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4.2024-03-277.4CVE-2023-6400
security@opentext.com
ossrs -- srs
 
SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.2024-03-287.2CVE-2024-29882
security-advisories@github.com
security-advisories@github.com
perfectwpthemes -- glaze_blog_lite
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.2024-03-267.1CVE-2023-28687
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
photo_gallery_team -- photo_gallery_by_ays
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by Ays: from n/a through 5.5.2.2024-03-277.1CVE-2024-29919
audit@patchstack.com
phpgurukul -- emergency_ambulance_hiring_portal
 
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability.2024-03-307.3CVE-2024-3085
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- emergency_ambulance_hiring_portal
 
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680.2024-03-307.3CVE-2024-3087
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- emergency_ambulance_hiring_portal
 
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability.2024-03-307.3CVE-2024-3088
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pi-hole -- pi-hole
 
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18.2024-03-277.6CVE-2024-28247
security-advisories@github.com
security-advisories@github.com
pi-hole -- pi-hole
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10.2024-03-287.6CVE-2024-30237
audit@patchstack.com
pickplugins -- post_grid
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through 2.2.74.2024-03-297.1CVE-2024-30441
audit@patchstack.com
pluggabl_llc -- booster_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7.2024-03-277.1CVE-2024-29760
audit@patchstack.com
podlove -- podlove_podcast_publisher
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.2024-03-277.1CVE-2024-29915
audit@patchstack.com
posimyth -- the_plus_blocks_for_block_editor_|_gutenberg
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg allows Reflected XSS.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through 3.2.5.2024-03-297.1CVE-2024-30435
audit@patchstack.com
pretty_links -- shortlinks_by_pretty_links
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2.2024-03-277.1CVE-2024-29770
audit@patchstack.com
princeahmed -- integrate_google_drive_-_browse_upload_download_embed,_play_share_gallery_and_manage_your_google_drive_files_into_your_wordpress_site
 
The Integrate Google Drive - Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.2024-03-3010CVE-2024-2086
security@wordfence.com
security@wordfence.com
propertyhive -- propertyhive
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8.2024-03-277.1CVE-2024-29923
audit@patchstack.com
realmag777 -- bear
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2.2024-03-287.1CVE-2024-30200
audit@patchstack.com
realmag777 -- husky_-_products_filter_professional_for_woocommerce
 
The HUSKY - Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.2024-03-297.2CVE-2024-3061
security@wordfence.com
security@wordfence.com
realmag777 -- wordpress_meta_data_and_taxonomies_filter_(mdtf)
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2024-03-277.1CVE-2024-29763
audit@patchstack.com
repute_infosystems -- armember
 
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.2024-03-289CVE-2024-30223
audit@patchstack.com
repute_infosystems -- armember
 
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.2024-03-288.5CVE-2024-30222
audit@patchstack.com
reservation_diary -- redi_restaurant_reservation
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.2024-03-277.1CVE-2024-29806
audit@patchstack.com
rockwell_automation -- arena_simulation
 
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-21912
PSIRT@rockwellautomation.com
rockwell_automation -- arena_simulation
 
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-21913
PSIRT@rockwellautomation.com
rockwell_automation -- arena_simulation
 
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-21918
PSIRT@rockwellautomation.com
rockwell_automation -- arena_simulation
 
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-21919
PSIRT@rockwellautomation.com
rockwell_automation -- arena_simulation
 
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-267.8CVE-2024-2929
PSIRT@rockwellautomation.com
rockwell_automation_ -- powerflex-_527
 
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.2024-03-257.5CVE-2024-2425
PSIRT@rockwellautomation.com
rockwell_automation_ -- powerflex-_527
 
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.2024-03-257.5CVE-2024-2426
PSIRT@rockwellautomation.com
rockwell_automation_ -- powerflex-_527
 
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.2024-03-257.5CVE-2024-2427
PSIRT@rockwellautomation.com
ruijie -- rg-eg350
 
A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2909
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
salon_booking_system -- salon_booking_system
 
Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5.2024-03-2910CVE-2024-30510
audit@patchstack.com
semenov -- new_royalslider
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semenov New RoyalSlider allows Reflected XSS.This issue affects New RoyalSlider: from n/a through 3.4.2.2024-03-277.1CVE-2024-30195
audit@patchstack.com
serverpod -- serverpod
 
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue.2024-03-277.4CVE-2024-29887
security-advisories@github.com
security-advisories@github.com
shopup -- shipping_with_venipak_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5.2024-03-277.1CVE-2024-29805
audit@patchstack.com
sonaar_music -- mp3_audio_player_for_music_radio_&_podcast_by_sonaar
 
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.2024-03-297.6CVE-2024-30487
audit@patchstack.com
sourcecodester -- music_gallery_site
 
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258001 was assigned to this vulnerability.2024-03-277.3CVE-2024-2930
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
spiffy_plugins -- spiffy_calendar
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7.2024-03-297.1CVE-2024-30427
audit@patchstack.com
splunk -- splunk_enterprise
 
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.2024-03-278.1CVE-2024-29946
prodsec@splunk.com
prodsec@splunk.com
splunk -- splunk_enterprise
 
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level.2024-03-277.2CVE-2024-29945
prodsec@splunk.com
prodsec@splunk.com
squirrly -- seo_plugin_by_squirrly_seo
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.2024-03-277.1CVE-2024-29790
audit@patchstack.com
stylemix -- masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education
 
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.2024-03-299.8CVE-2024-2409
security@wordfence.com
security@wordfence.com
security@wordfence.com
stylemix -- masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education
 
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.2024-03-299.8CVE-2024-2411
security@wordfence.com
security@wordfence.com
security@wordfence.com
survey_maker_team -- survey_maker
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6.2024-03-277.1CVE-2024-29918
audit@patchstack.com
synology -- surveillance_station
 
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.2024-03-289.9CVE-2024-29241
security@synology.com
synology -- surveillance_station
 
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.2024-03-287.7CVE-2024-29228
security@synology.com
synology -- surveillance_station
 
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.2024-03-287.7CVE-2024-29229
security@synology.com
sysaid -- sysaid
 
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash2024-03-287.2CVE-2024-27775
cna@cyber.gov.il
teamviewer -- remote_client
 
Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.2024-03-267.1CVE-2024-1933
psirt@teamviewer.com
tenda -- ac10_firmware
 
A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2856
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac10u_firmware
 
A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2853
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac15_firmware
 
A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2850
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac15_firmware
 
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2851
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac15_firmware
 
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2852
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac15_firmware
 
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2855
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac18_firmware
 
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-249.8CVE-2024-2854
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2891
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2892
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2893
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2894
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2895
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2896
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2898
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257942 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2899
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257943. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2900
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257944. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2901
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2902
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- ac7
 
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-268.8CVE-2024-2903
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- f1203
 
A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2976
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- f1203
 
A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2977
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- f1203
 
A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2978
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- f1203
 
A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2979
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2980
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2981
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2983
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2984
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2985
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2986
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2987
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability classified as critical was found in Tenda FH1203 2.0.1.6. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2988
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability, which was classified as critical, has been found in Tenda FH1203 2.0.1.6. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2989
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1203
 
A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. This affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2990
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1203
 
A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2992
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1203
 
A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classified as critical. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2993
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1203
 
A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258163. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-2994
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1205
 
A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258292. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-3006
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1205
 
A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7(775). This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258293 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-3007
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1205
 
A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258294 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-278.8CVE-2024-3008
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1205
 
A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-288.8CVE-2024-3010
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1205
 
A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258297 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-288.8CVE-2024-3011
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1205
 
A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as critical. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258298 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-288.8CVE-2024-3012
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
teosoft_software -- teobase
 
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-279.8CVE-2023-6153
iletisim@usom.gov.tr
teosoft_software -- teobase
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-279.8CVE-2023-6173
iletisim@usom.gov.tr
terry_lin -- wp_githuber_md
 
Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2.2024-03-269.1CVE-2023-47846
audit@patchstack.com
themefusion -- avada
 
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.2024-03-268.5CVE-2023-39307
audit@patchstack.com
themefusion -- avada
 
Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.2024-03-287.7CVE-2023-39313
audit@patchstack.com
themefusion -- fusion_builder
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.2024-03-288.5CVE-2023-39309
audit@patchstack.com
themefusion -- fusion_builder
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1.2024-03-277.1CVE-2023-39306
audit@patchstack.com
themefusion -- fusion_builder
 
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.2024-03-277.1CVE-2023-39311
audit@patchstack.com
thorsten -- phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.2024-03-258.8CVE-2024-27299
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
thorsten -- phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.2024-03-258.8CVE-2024-28107
security-advisories@github.com
security-advisories@github.com
thorsten -- phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.2024-03-257.2CVE-2024-28105
security-advisories@github.com
security-advisories@github.com
tomas -- wordpress_tooltips
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.2024-03-288.5CVE-2024-30243
audit@patchstack.com
tp-link -- tp-link_ex20v_ax1800_tp-link_archer_c5v_ac1200_tp-link_td-w9970_tp-link_td-w9970v3_tp-link_vx220-g2u_tp-link_vn020-g2u_
 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.This issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also  the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported.2024-03-289.8CVE-2023-6437
iletisim@usom.gov.tr
trustindex.io -- widgets_for_google_reviews
 
Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2.2024-03-268CVE-2023-48275
audit@patchstack.com
trustindex.io -- wp_testimonials
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3.2024-03-287.6CVE-2024-25924
audit@patchstack.com
tumult_inc. -- tumult_hype_animations
 
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.2024-03-289.1CVE-2024-2890
audit@patchstack.com
typps -- calendarista
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.2024-03-288.5CVE-2024-30240
audit@patchstack.com
unlimited_elements -- unlimited_elements_for_elementor_(free_widgets_addons,_templates)
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.93.2024-03-277.1CVE-2024-29792
audit@patchstack.com
venalean -- tuleap
 
Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.2024-03-297.6CVE-2024-30246
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
verapdf -- verapdf-library
 
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2.2024-03-288.1CVE-2024-28109
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
vsourz_digital -- all_in_one_redirection
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vsourz Digital All In One Redirection allows Stored XSS.This issue affects All In One Redirection: from n/a through 2.2.0.2024-03-297.1CVE-2024-30506
audit@patchstack.com
w3_eden_inc. -- premium_packages
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through 5.8.2.2024-03-277.1CVE-2024-29924
audit@patchstack.com
wapppress_team -- wapppress
 
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.2024-03-2710CVE-2023-49815
audit@patchstack.com
webdzier -- button
 
The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-03-298.8CVE-2024-1872
security@wordfence.com
security@wordfence.com
webtoffee -- product_import_export_for_woocommerce
 
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.2024-03-269.1CVE-2024-30231
audit@patchstack.com
webtoffee -- woocommerce_pdf_invoices,_packing_slips,_delivery_notes_and_shipping_labels
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0.2024-03-277.1CVE-2024-22288
audit@patchstack.com
wedevs -- wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-03-298.8CVE-2024-0608
security@wordfence.com
security@wordfence.com
wedevs -- wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-297.2CVE-2024-0609
security@wordfence.com
security@wordfence.com
wedevs -- wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied status and customer_id parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges and higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-03-297.2CVE-2024-0913
security@wordfence.com
security@wordfence.com
wedevs -- wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting
 
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin or accounting manager privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-03-297.2CVE-2024-0956
security@wordfence.com
security@wordfence.com
wen_solutions -- wp_child_theme_generator
 
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.2024-03-269.1CVE-2023-47873
audit@patchstack.com
wholesale_team -- wholesalex
 
Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.2024-03-2810CVE-2024-30224
audit@patchstack.com
wireshark_foundation -- wireshark
 
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file2024-03-267.8CVE-2023-6175
cve@gitlab.com
cve@gitlab.com
wireshark_foundation -- wireshark
 
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file2024-03-267.8CVE-2024-2955
cve@gitlab.com
cve@gitlab.com
wixtoolset -- issues

 
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.2024-03-247.3CVE-2024-29187
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
wixtoolset -- issues
 
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5.2024-03-247.9CVE-2024-29188
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
wobbie.nl -- doneren_met_mollie
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a through 2.10.2.2024-03-277.1CVE-2024-29767
audit@patchstack.com
wolfssl -- wolfssl
 
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.2024-03-257.5CVE-2024-0901
facts@wolfssl.com
facts@wolfssl.com
wolfssl_inc. -- wolfssh
 
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.2024-03-259.1CVE-2024-2873
facts@wolfssl.com
facts@wolfssl.com
facts@wolfssl.com
wp_codeus -- advanced_sermons
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.1.2024-03-277.1CVE-2024-29928
audit@patchstack.com
wp_go_maps_(formerly_wp_google_maps) -- wp_google_maps
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29.2024-03-277.1CVE-2024-29931
audit@patchstack.com
wp_lab -- wp-lister_lite_for_amazon
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.8.2024-03-277.1CVE-2024-30199
audit@patchstack.com
wp_sunshine -- sunshine_photo_cart
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.2024-03-277.1CVE-2024-30194
audit@patchstack.com
wp_travel_engine -- wp_travel_engine
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.2024-03-299.3CVE-2024-30502
audit@patchstack.com
wp_travel_engine -- wp_travel_engine
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9.2024-03-297.6CVE-2024-30504
audit@patchstack.com
wpchill -- download_monitor
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4.2024-03-297.6CVE-2024-30501
audit@patchstack.com
wpdevelop_/_oplugins -- booking_calendar
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3.2024-03-267.6CVE-2023-23991
audit@patchstack.com
wpdeveloper -- betterdocs
 
Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.2024-03-289CVE-2024-30226
audit@patchstack.com
wpdevteam -- essential_addons_for_elementor_-_best_elementor_templates,_widgets_kits_&_woocommerce_builders
 
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'error_resetpassword' attribute of the "Login | Register Form" widget (disabled by default). This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-03-308.8CVE-2024-3018
security@wordfence.com
security@wordfence.com
wpdirectorykit -- wp_directory_kit
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9.2024-03-277.1CVE-2024-29774
audit@patchstack.com
wpengine,_inc. -- wp_migrate
 
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.2024-03-2810CVE-2024-30225
audit@patchstack.com
wpeverest -- user_registration
 
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1.2024-03-267.4CVE-2023-27459
audit@patchstack.com
wpjobboard -- jobeleon_theme
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1.2024-03-297.1CVE-2022-47153
audit@patchstack.com
wpmu_dev -- forminator
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0.2024-03-277.1CVE-2024-29777
audit@patchstack.com
xpeedstudio -- elementskit_elementor_addons
 
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.2024-03-308.8CVE-2024-2047
security@wordfence.com
security@wordfence.com
security@wordfence.com
xylus_themes -- wordpress_importer
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4.2024-03-277.1CVE-2024-30201
audit@patchstack.com
zachary_segal -- catablog
 
Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.2024-03-269.1CVE-2023-47842
audit@patchstack.com
zitadel -- zitadel
 
ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in the browser, where a session in ZITADEL needs to be active for this exploit to work. The exploit could only be reproduced if the victim was using Firefox. Chrome, Safari as well as Edge did not execute the code. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.2024-03-278.7CVE-2024-29891
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
zoho_campaigns -- zoho_campaigns
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.2024-03-288.5CVE-2024-30239
audit@patchstack.com
zscaler -- client_connector
 
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.2024-03-267.3CVE-2023-41969
cve@zscaler.com
zscaler -- client_connector
 
In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.2024-03-267.3CVE-2023-41972
cve@zscaler.com
zscaler -- client_connector
 
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.2024-03-267.3CVE-2023-41973
cve@zscaler.com
zscaler -- client_connector
 
The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.2024-03-267CVE-2024-23482
cve@zscaler.com

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web -- photogallery

 
The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue. Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited.2024-03-266.1CVE-2024-29832
info@appcheck-ng.com
info@appcheck-ng.com
10web -- photogallery
 
The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.2024-03-265.4CVE-2024-29808
info@appcheck-ng.com
info@appcheck-ng.com
10web -- photogallery
 
The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.2024-03-265.4CVE-2024-29809
info@appcheck-ng.com
info@appcheck-ng.com
10web -- photogallery
 
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.2024-03-265.4CVE-2024-29810
info@appcheck-ng.com
info@appcheck-ng.com
10web -- photogallery
 
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.2024-03-265.4CVE-2024-29833
info@appcheck-ng.com
info@appcheck-ng.com
accessally -- popupally
 
Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0.2024-03-264.3CVE-2024-23520
audit@patchstack.com
algoritim -- e-commerce_software
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2.2024-03-296.1CVE-2023-6047
iletisim@usom.gov.tr
alireza_sedghi -- aparat_for_wordpress

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0.2024-03-276.5CVE-2024-29765
audit@patchstack.com
all_in_one_wp_security_&_firewall_team -- all_in_one_wp_security_&_firewall
 
Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6.2024-03-294.3CVE-2024-30468
audit@patchstack.com
alordiel -- dropdown_multisite_selector

 
A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-276.3CVE-2024-2991
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
alordiel -- dropdown_multisite_selector

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2.2024-03-276.5CVE-2024-29910
audit@patchstack.com
aminur_islam -- wp_change_email_sender
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0.2024-03-275.9CVE-2024-29815
audit@patchstack.com
ampache -- ampache
 
Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.12024-03-276.1CVE-2024-28852
security-advisories@github.com
security-advisories@github.com
andy_moyle -- church_admin

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.2024-03-276.5CVE-2024-30193
audit@patchstack.com
andy_moyle -- church_admin

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.2024-03-276.5CVE-2024-30197
audit@patchstack.com
andy_moyle -- church_admin
 
Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.2024-03-295.4CVE-2024-30505
audit@patchstack.com
andy_moyle -- church_admin
 
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.2024-03-294.3CVE-2024-30493
audit@patchstack.com
antoine_hurkmans -- football_pool

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3.2024-03-276.5CVE-2024-29802
audit@patchstack.com
appneta -- tcpreplay
 
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-285.3CVE-2024-3024
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
appsmav -- gratisfaction

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Appsmav Gratisfaction allows Stored XSS.This issue affects Gratisfaction: from n/a through 4.3.4.2024-03-276.5CVE-2024-29798
audit@patchstack.com
argoproj -- argo-cd

 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD's helm package, does not limit the size nor time while fetching the data. It fetches it and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out of it. A patch for this vulnerability has been released in v2.10.3, v2.9.8, and v2.8.12.2024-03-296.5CVE-2024-29893
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
athemes -- sydney_toolbox

 
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2936
security@wordfence.com
security@wordfence.com
automationdirect -- c-more_ea9_hmi_ea9-t6cl
 
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.2024-03-266.5CVE-2024-25138
ics-cert@hq.dhs.gov
automationdirect -- c-more_ea9_hmi_ea9-t6cl
 
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions.2024-03-264.3CVE-2024-25137
ics-cert@hq.dhs.gov
azure -- azure-c-shared-utility

 
The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2.2024-03-266CVE-2024-29195
security-advisories@github.com
security-advisories@github.com
backie -- wp-eggdrop
 
The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptions() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-295.4CVE-2024-2969
security@wordfence.com
security@wordfence.com
backie -- wp-eggdrop
 
The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-03-294.4CVE-2024-2968
security@wordfence.com
security@wordfence.com
baptiste_placé -- icalendrier

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80.2024-03-276.5CVE-2024-29912
audit@patchstack.com
bdthemes -- element_pack_elementor_addons

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.2024-03-276.5CVE-2024-30185
audit@patchstack.com
bdthemes -- prime_slider_-_addons_for_elementor

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Prime Slider - Addons For Elementor allows Stored XSS.This issue affects Prime Slider - Addons For Elementor: from n/a through 3.13.1.2024-03-276.5CVE-2024-30186
audit@patchstack.com
betteraddons -- better_elementor_addons

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.3.7.2024-03-296.5CVE-2024-30423
audit@patchstack.com
blocksera -- image_hover_effects_-_elementor_addon

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects - Elementor Addon allows Stored XSS.This issue affects Image Hover Effects - Elementor Addon: from n/a through 1.4.2024-03-276.5CVE-2024-29936
audit@patchstack.com
boldgrid -- boldgrid_easy_seo_-_simple_and_effective_seo
 
The BoldGrid Easy SEO - Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-1692
security@wordfence.com
security@wordfence.com
boldgrid -- post_and_page_builder_by_boldgrid_-_visual_drag_and_drop_editor
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid - Visual Drag and Drop Editor: from n/a through 1.26.2.2024-03-266.5CVE-2024-2888
audit@patchstack.com
boldthemes -- bold_page_builder

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6.2024-03-276.5CVE-2024-30179
audit@patchstack.com
boldthemes -- bold_page_builder

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.8.0.2024-03-296.5CVE-2024-30442
audit@patchstack.com
booster -- booster_plus_for_woocommerce
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2.2024-03-286.5CVE-2023-52231
audit@patchstack.com
booster -- booster_plus_for_woocommerce
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2.2024-03-286.5CVE-2023-52234
audit@patchstack.com
bplugins -- b_slider_-_slider_for_your_block_editor

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider - Slider for your block editor allows Stored XSS.This issue affects B Slider - Slider for your block editor: from n/a through 1.1.12.2024-03-296.5CVE-2024-30432
audit@patchstack.com
bplugins -- print_page_block

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Print Page block allows Stored XSS.This issue affects Print Page block: from n/a through 1.0.8.2024-03-296.5CVE-2024-30438
audit@patchstack.com
brainstorm_force -- astra
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4.2024-03-275.9CVE-2024-29768
audit@patchstack.com
brainstormforce -- ultimate_addons_for_beaver_builder_-_liteThe Ultimate Addons for Beaver Builder - Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2141
security@wordfence.com
security@wordfence.com
security@wordfence.com
brainstormforce -- ultimate_addons_for_beaver_builder_-_liteThe Ultimate Addons for Beaver Builder - Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2142
security@wordfence.com
security@wordfence.com
security@wordfence.com
brainstormforce -- ultimate_addons_for_beaver_builder_-_liteThe Ultimate Addons for Beaver Builder - Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2143
security@wordfence.com
security@wordfence.com
brainstormforce -- ultimate_addons_for_beaver_builder_-_liteThe Ultimate Addons for Beaver Builder - Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2144
security@wordfence.com
security@wordfence.com
security@wordfence.com
brainstormforce -- ultimate_addons_for_beaver_builder_-_lite
 
The Ultimate Addons for Beaver Builder - Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2140
security@wordfence.com
security@wordfence.com
brave -- brave_popup_builder
 
Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5.2024-03-295.4CVE-2024-30453
audit@patchstack.com
brice_capobianco -- simple_revisions_delete
 
Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3.2024-03-294.3CVE-2024-30482
audit@patchstack.com
camille_verrier -- travelers'_map

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camille Verrier Travelers' Map allows Stored XSS.This issue affects Travelers' Map: from n/a through 2.2.0.2024-03-276.5CVE-2024-29909
audit@patchstack.com
campcodes -- house_rental_management_system
 
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983.2024-03-265.4CVE-2024-2917
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_art_gallery_management_system

 
A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258201 was assigned to this vulnerability.2024-03-276.3CVE-2024-2999
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_examination_system

 
A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258029 was assigned to this vulnerability.2024-03-276.3CVE-2024-2938
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_examination_system

 
A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpanel/admin/query/loginExe.php. The manipulation of the argument pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258032.2024-03-276.3CVE-2024-2941
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_examination_system

 
A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. This affects an unknown part of the file /adminpanel/admin/query/deleteQuestionExe.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258033 was assigned to this vulnerability.2024-03-276.3CVE-2024-2942
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_examination_system

 
A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/deleteExamExe.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258034 is the identifier assigned to this vulnerability.2024-03-276.3CVE-2024-2943
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_examination_system

 
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. This issue affects some unknown processing of the file /adminpanel/admin/query/deleteCourseExe.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258035.2024-03-276.3CVE-2024-2944
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_examination_system

 
A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.2024-03-276.3CVE-2024-2945
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
carrierwaveuploader -- carrierwave
 
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.2024-03-246.8CVE-2024-29034
security-advisories@github.com
security-advisories@github.com
cartflows_inc. -- funnel_builder_by_cartflows
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through 2.0.1.2024-03-275.9CVE-2024-29813
audit@patchstack.com
cincopa -- post_video_players
 
Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159.2024-03-275.4CVE-2024-23515
audit@patchstack.com
cisco -- cisco_aironet_access_point_software
 
A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition.2024-03-274.7CVE-2024-20354
ykramarz@cisco.com
cisco -- cisco_digital_network_architecture_center_(dna_center)
 
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field.2024-03-274.3CVE-2024-20333
ykramarz@cisco.com
cisco -- cisco_ios_xe_software
 
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.2024-03-276.5CVE-2024-20278
ykramarz@cisco.com
cisco -- cisco_ios_xe_software
 
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.2024-03-276CVE-2024-20306
ykramarz@cisco.com
cisco -- cisco_ios_xe_software
 
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.2024-03-275.9CVE-2024-20265
ykramarz@cisco.com
cisco -- cisco_ios_xe_software
 
A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition.2024-03-275.6CVE-2024-20309
ykramarz@cisco.com
cisco -- cisco_ios_xe_software
 
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.2024-03-275.8CVE-2024-20316
ykramarz@cisco.com
cisco -- cisco_ios_xe_software
 
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access.2024-03-275.5CVE-2024-20324
ykramarz@cisco.com
cisco -- ios
 
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.2024-03-276.8CVE-2024-20307
ykramarz@cisco.com
cloudways -- breeze
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.3.2024-03-275.9CVE-2024-27188
audit@patchstack.com
code-projects -- online_book_system

 
A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258203.2024-03-276.3CVE-2024-3001
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- online_book_system

 
A vulnerability, which was classified as critical, was found in code-projects Online Book System 1.0. Affected is an unknown function of the file /description.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258204.2024-03-276.3CVE-2024-3002
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- online_book_system

 
A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258205 was assigned to this vulnerability.2024-03-276.3CVE-2024-3003
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codepeople -- google_maps_cp
 
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43.2024-03-254.3CVE-2023-25039
audit@patchstack.com
codesupplyco -- networker_-_tech_news_wordpress_theme_with_dark_mode
 
The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.2024-03-275.3CVE-2024-2962
security@wordfence.com
security@wordfence.com
security@wordfence.com
codexthemes -- thegem_(elementor)
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.2024-03-266.5CVE-2023-32237
audit@patchstack.com
audit@patchstack.com
collect.chat_inc. -- collectchat

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through 2.4.1.2024-03-296.5CVE-2024-30436
audit@patchstack.com
crm_perks -- crm_perks_forms

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4.2024-03-296.5CVE-2024-30446
audit@patchstack.com
currencyrate.today -- crypto_converter_widget

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.4.2024-03-276.5CVE-2024-29930
audit@patchstack.com
currencyrate.today -- exchange_rates_widget

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.Today Exchange Rates Widget allows Stored XSS.This issue affects Exchange Rates Widget: from n/a through 1.4.0.2024-03-276.5CVE-2024-29814
audit@patchstack.com
cyberaz0r -- webrat
 
A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability.2024-03-246.3CVE-2020-36825
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
dearhive -- dearflip

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26.2024-03-276.5CVE-2024-29807
audit@patchstack.com
deepak_anand -- wp_dummy_content_generator
 
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2.2024-03-264.3CVE-2024-24805
audit@patchstack.com
dell -- dell_openmanage_enterprise
 
Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.2024-03-295.7CVE-2024-25944
security_alert@emc.com
dell -- grab_for_windows
 
Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption.2024-03-266.7CVE-2024-25958
security_alert@emc.com
dell -- grab_for_windows
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0.2024-03-265.9CVE-2023-25965
audit@patchstack.com
dell -- grab_for_windows
 
Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information.2024-03-265.5CVE-2024-25956
security_alert@emc.com
dell -- grab_for_windows
 
Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges.2024-03-264.8CVE-2024-25957
security_alert@emc.com
dell -- powerprotect_data_manager
 
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.2024-03-285.5CVE-2024-25971
security_alert@emc.com
dell -- powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.2024-03-286CVE-2024-25952
security_alert@emc.com
dell -- powerscale_onefs
 
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.2024-03-286CVE-2024-25953
security_alert@emc.com
dell -- powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.2024-03-286CVE-2024-25961
security_alert@emc.com
dell -- powerscale_onefs
 
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.2024-03-285.3CVE-2024-25954
security_alert@emc.com
dell -- powerscale_onefs
 
Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.2024-03-285.9CVE-2024-25963
security_alert@emc.com
dell -- powerscale_onefs
 
Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.2024-03-255.3CVE-2024-25964
security_alert@emc.com
dglingren -- media_library_assistant
 
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2475
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
easy_social_feed -- easy_social_feed

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3.2024-03-276.5CVE-2024-30180
audit@patchstack.com
elastic -- elasticsearch
 
An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.2024-03-294.3CVE-2024-23449
bressers@elastic.co
elastic -- elasticsearch
 
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.2024-03-274.9CVE-2024-23450
bressers@elastic.co
bressers@elastic.co
elastic -- elasticsearch
 
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue.2024-03-274.4CVE-2024-23451
bressers@elastic.co
envialosimple -- envíalosimple
 
Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.3.2024-03-266.5CVE-2023-51416
audit@patchstack.com
epsiloncool -- wp_fast_total_search

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211.2024-03-276.5CVE-2024-29799
audit@patchstack.com
espressif -- esp-idf
 
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1.2024-03-256.1CVE-2024-28183
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
exclusive_addons -- exclusive_addons_elementor

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8.2024-03-276.5CVE-2024-30177
audit@patchstack.com
exclusive_addons -- exclusive_addons_elementor

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2024-03-266.5CVE-2024-30232
audit@patchstack.com
expressjs -- express
 
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.2024-03-256.1CVE-2024-29041
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
extend_themes -- calliopeCross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33.2024-03-264.3CVE-2024-2904
audit@patchstack.com
extendthemes -- colibri_page_builder
 
Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248.2024-03-285.4CVE-2024-28004
audit@patchstack.com
fernandobt -- list_category_posts
 
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-1051
security@wordfence.com
security@wordfence.com
security@wordfence.com
flector -- easy_textillate
 
The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textillate' shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-266.4CVE-2024-2303
security@wordfence.com
security@wordfence.com
flir -- ax8

 
A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3013
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fr-d-ric_gilles -- fg_prestashop_to_woocommerce
 
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1.2024-03-295.3CVE-2024-30511
audit@patchstack.com
gamipress -- gamipress
 
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5.2024-03-294.3CVE-2024-30455
audit@patchstack.com
geonode -- geonode
 
GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user's email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3.2024-03-276.1CVE-2024-27091
security-advisories@github.com
security-advisories@github.com
ghozylab_inc. -- web_icons

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10.2024-03-276.5CVE-2024-29933
audit@patchstack.com
ghozylab_inc. -- web_icons

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10.2024-03-296.5CVE-2024-30445
audit@patchstack.com
gitlab -- gitlab
 
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels.2024-03-284.3CVE-2024-2818
cve@gitlab.com
grafana -- grafana
 
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.2024-03-266.5CVE-2024-1313
security@grafana.com
gs_plugins -- gs_testimonial_slider

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Testimonial Slider allows Stored XSS.This issue affects GS Testimonial Slider: from n/a through 3.1.4.2024-03-296.5CVE-2024-30443
audit@patchstack.com
hans_matzen -- wp-forecast

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hans Matzen allows Stored XSS.This issue affects wp-forecast: from n/a through 9.2.2024-03-296.5CVE-2024-30429
audit@patchstack.com
hashthemes -- hash_elements

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements allows Stored XSS.This issue affects Hash Elements: from n/a through 1.3.3.2024-03-296.5CVE-2024-30426
audit@patchstack.com
hashthemes -- viral_news
 
Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0.2024-03-254.3CVE-2023-33923
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
hastheme -- wishsuite

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasTheme WishSuite allows Stored XSS.This issue affects WishSuite: from n/a through 1.3.7.2024-03-276.5CVE-2024-29927
audit@patchstack.com
hasthemes -- ht_mega

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3.2024-03-276.5CVE-2024-30182
audit@patchstack.com
hasthemes -- wc_builder

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WC Builder allows Stored XSS.This issue affects WC Builder: from n/a through 1.0.18.2024-03-276.5CVE-2024-29926
audit@patchstack.com
hewlett_packard_enterprise_(hpe) -- arubaos-s_switch
 
Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon2024-03-264.9CVE-2024-26303
security-alert@hpe.com
hewlett_packard_enterprise_(hpe) -- icewall_gen11_icewall_sso_agent
 
A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service.2024-03-266.5CVE-2024-22436
security-alert@hpe.com
hitachi_energy -- asset_suite_eam
 
REST service authentication anomaly with "valid username/no password" credential combination for batch job processing resulting in successful service invocation. The anomaly doesn't exist with other credential combinations.2024-03-275.3CVE-2024-2244
cybersecurity@hitachienergy.com
hitachi_energy -- rtu500_series_cmu_firmware
 
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file.2024-03-276.8CVE-2024-1532
cybersecurity@hitachienergy.com
hot_themes -- hot_random_image

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1.2024-03-276.5CVE-2024-29796
audit@patchstack.com
htdat -- woo_viet
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2.2024-03-275.9CVE-2024-29816
audit@patchstack.com
https://elementor.com/ -- elementor_website_builder_pro
 
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget's custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-276.4CVE-2024-1364
security@wordfence.com
security@wordfence.com
https://elementor.com/ -- elementor_website_builder_pro
 
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is only exploitable on web servers running NGINX. It is not exploitable on web servers running Apache HTTP Server.2024-03-276.4CVE-2024-1521
security@wordfence.com
security@wordfence.com
https://elementor.com/ -- elementor_website_builder_pro
 
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-276.4CVE-2024-2781
security@wordfence.com
security@wordfence.com
https://elementor.com/ -- elementor_website_builder_pro
 
The Elementor Website Builder - More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-275.4CVE-2024-2120
security@wordfence.com
security@wordfence.com
https://elementor.com/ -- elementor_website_builder_pro
 
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-275.4CVE-2024-2121
security@wordfence.com
security@wordfence.com
ibm -- app_connect_enterprise
 
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.2024-03-264.9CVE-2024-22356
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- qradar_siem
 
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.2024-03-275.4CVE-2024-28784
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- qradar_siem
 
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939.2024-03-274.8CVE-2023-50961
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- websphere_application_server_liberty
 
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.2024-03-274.7CVE-2024-27270
psirt@us.ibm.com
psirt@us.ibm.com
ideaboxcreations -- powerpack_addons_for_elementor_(free_widgets_extensions_and_templates)
 
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2491
security@wordfence.com
security@wordfence.com
infinitum_form -- geo_controller

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4.2024-03-296.5CVE-2024-30451
audit@patchstack.com
inspirythemes -- realhomes
 
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.2024-03-255.4CVE-2023-37886
audit@patchstack.com
inspirythemes -- realhomes
 
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.2024-03-254.3CVE-2023-37885
audit@patchstack.com
interfacelab -- media_cloud_for_amazon_s3_imgix_google_cloud_storage_digitalocean_spaces_and_more

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more: from n/a through 4.5.24.2024-03-276.5CVE-2024-29795
audit@patchstack.com
jeff_starr -- user_submitted_posts
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901.2024-03-266.5CVE-2023-7251
audit@patchstack.com
jetbrains -- teamcity
 
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled2024-03-286.5CVE-2024-31134
cve@jetbrains.com
jetbrains -- teamcity
 
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page2024-03-286.1CVE-2024-31135
cve@jetbrains.com
jetbrains -- teamcity
 
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration2024-03-286.8CVE-2024-31137
cve@jetbrains.com
jetbrains -- teamcity
 
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector2024-03-285.9CVE-2024-31139
cve@jetbrains.com
jetbrains -- teamcity
 
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings2024-03-284.6CVE-2024-31138
cve@jetbrains.com
jetbrains -- teamcity
 
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools2024-03-284.1CVE-2024-31140
cve@jetbrains.com
jewel_theme -- master_addons_for_elementor

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.2024-03-276.5CVE-2024-29911
audit@patchstack.com
jordy_meow -- ai_engine:_chatgpt_chatbot

 
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.2024-03-286.8CVE-2024-29090
audit@patchstack.com
jory_hogeveen -- off-canvas_sidebars_&_menus_(slidebars)

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1.2024-03-276.5CVE-2024-29762
audit@patchstack.com
jumpserver -- jumpserver
 
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data. This vulnerability is fixed in v3.10.6.2024-03-294.6CVE-2024-29020
security-advisories@github.com
jumpserver -- jumpserver
 
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. This vulnerability is fixed in v3.10.6.2024-03-294.6CVE-2024-29024
security-advisories@github.com
katex -- katex
 
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.2024-03-256.5CVE-2024-28243
security-advisories@github.com
security-advisories@github.com
katex -- katex
 
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.2024-03-256.5CVE-2024-28244
security-advisories@github.com
security-advisories@github.com
katex -- katex
 
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.2024-03-256.3CVE-2024-28245
security-advisories@github.com
security-advisories@github.com
katex -- katex
 
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.2024-03-255.5CVE-2024-28246
security-advisories@github.com
security-advisories@github.com
kienso -- co-marquage_service-public.fr

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.71.2024-03-276.5CVE-2024-29908
audit@patchstack.com
kimai -- kimai

 
Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0.2024-03-286.8CVE-2024-29200
security-advisories@github.com
kitforest -- better_elementor_addons
 
The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2280
security@wordfence.com
security@wordfence.com
klarna -- klarna_payments_for_woocommerce
 
Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4.2024-03-295.3CVE-2024-30477
audit@patchstack.com
klbtheme -- clotya_theme
 
Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clotya theme: from n/a through 1.1.6; Cosmetsy theme: from n/a through 1.7.7; Furnob theme: from n/a through 1.2.2; Bacola theme: from n/a through 1.3.3; Partdo theme: from n/a through 1.1.1; Medibazar theme: from n/a through 1.8.6; Machic theme: from n/a through 1.2.8.2024-03-264.3CVE-2023-49838
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
krunal_prajapati -- wp_post_disclaimer

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3.2024-03-276.5CVE-2024-29761
audit@patchstack.com
kstover -- ninja_forms_contact_form_-_the_drag_and_drop_form_builder_for_wordpress
 
The Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-294.6CVE-2024-2108
security@wordfence.com
security@wordfence.com
kstover -- ninja_forms_contact_form_-_the_drag_and_drop_form_builder_for_wordpress
 
The Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nf_download_all_subs AJAX action. This makes it possible for unauthenticated attackers to trigger an export of a form's submission to a publicly accessible location via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-294.3CVE-2024-2113
security@wordfence.com
security@wordfence.com
kurudrive -- vk_all_in_one_expansion_unit
 
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className.' This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-266.4CVE-2024-2170
security@wordfence.com
security@wordfence.com
labib_ahmed -- carousel_anything_for_wpbakery_page_builder
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Carousel Anything For WPBakery Page Builder allows Stored XSS.This issue affects Carousel Anything For WPBakery Page Builder: from n/a through 2.1.2024-03-296.5CVE-2024-30520
audit@patchstack.com
landingi -- landingi_landing_pages
 
Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1.2024-03-295.4CVE-2024-30521
audit@patchstack.com
lg_electronics -- lg_led_assistant
 
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.2024-03-255.3CVE-2024-2863
product.security@lge.com
litonice13 -- master_addons_-_free_widgets_hover_effects_toggle_conditions_animations_for_elementor
 
The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-276.4CVE-2024-2139
security@wordfence.com
security@wordfence.com
livemesh -- livemesh_addons_for_wpbakery_page_builder

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.7.2024-03-276.5CVE-2024-30183
audit@patchstack.com
loncar -- easy_appointments
 
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2842
security@wordfence.com
security@wordfence.com
loncar -- easy_appointments
 
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders.2024-03-294.3CVE-2024-2844
security@wordfence.com
security@wordfence.com
security@wordfence.com
looking_forward_software_incorporated. -- popup_builder

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Looking Forward Software Incorporated. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 4.2.6.2024-03-276.5CVE-2024-30184
audit@patchstack.com
lordicon -- lordicon_animated_icons
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lordicon Lordicon Animated Icons allows Stored XSS.This issue affects Lordicon Animated Icons: from n/a through 2.0.1.2024-03-296.5CVE-2024-30519
audit@patchstack.com
mailmunch -- mailchimp_forms_by_mailmunch

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2.2024-03-276.5CVE-2024-29793
audit@patchstack.com
mainwp -- mainwp_wordfence_extension
 
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.2024-03-255.4CVE-2023-22699
audit@patchstack.com
mark_kinchin -- beds24_online_booking
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24.2024-03-276.5CVE-2023-52228
audit@patchstack.com
martyn_chamberlin -- don't_muck_my_markup
 
Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8.2024-03-274.3CVE-2024-23510
audit@patchstack.com
marubon -- pocket_news_generator
 
The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the option_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-295.4CVE-2024-2964
security@wordfence.com
security@wordfence.com
marubon -- pocket_news_generator
 
The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-03-294.4CVE-2024-2963
security@wordfence.com
security@wordfence.com
megamenu -- max_mega_menu
 
Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.2024-03-285.4CVE-2024-28003
audit@patchstack.com
mehanoid.pro -- flatpm

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05.2024-03-276.5CVE-2024-29803
audit@patchstack.com
metagauss -- eventprime
 
Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.2024-03-275.9CVE-2024-29776
audit@patchstack.com
metagauss -- profilegrid_
 
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2.2024-03-296.5CVE-2024-30513
audit@patchstack.com
metagauss -- registrationmagic
 
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0.2024-03-264.3CVE-2024-2951
audit@patchstack.com
miraheze -- createwiki
 
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.2024-03-264.9CVE-2024-29883
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
miraheze -- createwiki
 
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937.2024-03-284.9CVE-2024-29897
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
miraheze -- createwiki
 
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c.2024-03-284.9CVE-2024-29898
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
molongui -- molongui

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7.2024-03-276.5CVE-2024-29764
audit@patchstack.com
motopress -- stratum

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15.2024-03-276.5CVE-2024-29914
audit@patchstack.com
moveaddons -- move_addons_for_elementor

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.2.9.2024-03-276.5CVE-2024-29920
audit@patchstack.com
muffingroup -- betheme
 
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.2024-03-255.4CVE-2022-45351
audit@patchstack.com
muffingroup -- betheme
 
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.2024-03-255.4CVE-2022-45352
audit@patchstack.com
muffingroup -- betheme
 
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.2024-03-255.4CVE-2022-45356
audit@patchstack.com
muffingroup -- betheme
 
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.2024-03-254.3CVE-2022-45349
audit@patchstack.com
multivendorx -- wc_marketplace

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Stored XSS.This issue affects WC Marketplace: from n/a through 4.1.3.2024-03-296.5CVE-2024-30433
audit@patchstack.com
munirkamal -- gutenberg_block_editor_toolkit_-_editorskit
 
The Gutenberg Block Editor Toolkit - EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-2794
security@wordfence.com
security@wordfence.com
n/a -- compact_wp_audio_player

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9.2024-03-276.5CVE-2024-29917
audit@patchstack.com
n/a -- portfolio_gallery_-_image_gallery_plugin

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfolio Gallery - Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery - Image Gallery Plugin: from n/a through 1.5.6.2024-03-276.5CVE-2024-29769
audit@patchstack.com
n/a -- qdrant
 
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is able to address this issue. The patch is named 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-258611.2024-03-295.5CVE-2024-3078
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
n/a -- wp-crm_system
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-CRM System allows Stored XSS.This issue affects WP-CRM System: from n/a through 3.2.9.2024-03-295.9CVE-2024-30434
audit@patchstack.com
netentsec -- ns-asg_application_security_gateway

 
A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3040
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec -- ns-asg_application_security_gateway

 
A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3041
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netty -- netty
 
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.2024-03-255.3CVE-2024-29025
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
netweblogic -- events_manager_-_calendar_bookings_tickets_and_more!
 
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-286.4CVE-2024-2111
security@wordfence.com
security@wordfence.com
netweblogic -- events_manager_-_calendar_bookings_tickets_and_more!
 
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-284.3CVE-2024-2110
security@wordfence.com
security@wordfence.com
nickys -- image_map_pro
 
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9.2024-03-286.1CVE-2022-45850
audit@patchstack.com
niteothemes -- cmp_-_coming_soon_&_maintenance
 
Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP - Coming Soon & Maintenance.This issue affects CMP - Coming Soon & Maintenance: from n/a through 4.1.10.2024-03-285.5CVE-2023-50374
audit@patchstack.com
nuuo -- camera
 
A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258197 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-275.4CVE-2024-2995
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nvidia -- gpu_display_driver_vgpu_driver_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure.2024-03-276.1CVE-2024-0075
psirt@nvidia.com
nvidia -- gpu_display_driver_vgpu_driver_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.2024-03-276.5CVE-2024-0078
psirt@nvidia.com
nvidia -- vgpu_driver,_cloud_gaming_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service.2024-03-276.5CVE-2024-0079
psirt@nvidia.com
oceanwp -- oceanwp
 
The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.2024-03-294.3CVE-2024-2476
security@wordfence.com
security@wordfence.com
oroinc -- orocommerce
 
OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4.2024-03-254.3CVE-2023-48296
security-advisories@github.com
security-advisories@github.com
oroinc -- platform
 
OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.2024-03-254.3CVE-2023-45824
security-advisories@github.com
security-advisories@github.com
paid_memberships_pro -- paid_memberships_pro_-_payfast_gateway_add_on
 
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro - Payfast Gateway Add On.This issue affects Paid Memberships Pro - Payfast Gateway Add On: from n/a through 1.4.1.2024-03-295.3CVE-2024-30514
audit@patchstack.com
patrick_posner -- simply_static
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3.2024-03-275.9CVE-2024-30178
audit@patchstack.com
peepso -- community_by_peepso
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0.2024-03-265.3CVE-2023-27630
audit@patchstack.com
peepso -- community_by_peepso
 
Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0.2024-03-285.3CVE-2024-25923
audit@patchstack.com
petri_damstén -- fullscreen_galleria

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Petri Damstén Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11.2024-03-276.5CVE-2024-29801
audit@patchstack.com
phpgurukul -- emergency_ambulance_hiring_portal
 
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability.2024-03-304.3CVE-2024-3084
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- emergency_ambulance_hiring_portal
 
A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679.2024-03-304.3CVE-2024-3086
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- emergency_ambulance_hiring_portal
 
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.2024-03-304.3CVE-2024-3089
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pimcore -- pimcore

 
Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1.2024-03-266.5CVE-2024-29197
security-advisories@github.com
security-advisories@github.com
piotnet -- piotnet_addons_for_elementor

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25.2024-03-276.5CVE-2024-29934
audit@patchstack.com
pixelite -- events_manager
 
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.2024-03-284.3CVE-2024-30421
audit@patchstack.com
plainware -- locatoraid_store_locator
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30.2024-03-275.9CVE-2024-30181
audit@patchstack.com
pluginops -- landing_page_builder
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Stored XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.7.2024-03-295.9CVE-2024-30452
audit@patchstack.com
podlove -- podlove_web_player

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1.2024-03-276.5CVE-2024-29788
audit@patchstack.com
poll_maker_&_voting_plugin_team_(infotheme) -- wp_poll_maker
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker allows Stored XSS.This issue affects WP Poll Maker: from n/a through 3.1.2024-03-275.9CVE-2024-29818
audit@patchstack.com
posimyththemes -- the_plus_addons_for_elementor
 
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.2024-03-276.4CVE-2024-2203
security@wordfence.com
security@wordfence.com
posimyththemes -- the_plus_addons_for_elementor
 
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.2024-03-276.4CVE-2024-2210
security@wordfence.com
security@wordfence.com
propertyhive -- propertyhive
 
Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.2024-03-264.3CVE-2024-24718
audit@patchstack.com
quantum_cloud -- slider_hero
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1.2024-03-275.9CVE-2024-29922
audit@patchstack.com
realmag777 -- bear
 
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3.2024-03-294.3CVE-2024-30463
audit@patchstack.com
realmag777 -- husky_-_products_filter_for_woocommerce_(formerly_woof)
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY - Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY - Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1.2024-03-294.3CVE-2024-30462
audit@patchstack.com
realmag777 -- woocs_-_woocommerce_currency_switcher
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS - WooCommerce Currency Switcher.This issue affects WOOCS - WooCommerce Currency Switcher: from n/a through 1.4.1.7.2024-03-294.3CVE-2024-30458
audit@patchstack.com
realmag777 -- wordpress_meta_data_and_taxonomies_filter_(mdtf)

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.2024-03-276.5CVE-2024-29906
audit@patchstack.com
realmag777 -- wordpress_meta_data_and_taxonomies_filter_(mdtf)

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.2024-03-276.5CVE-2024-29932
audit@patchstack.com
realmag777 -- wordpress_meta_data_and_taxonomies_filter_(mdtf)
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.1.2024-03-294.3CVE-2024-30457
audit@patchstack.com
realmag777 -- wpcs
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1.2024-03-294.3CVE-2024-30456
audit@patchstack.com
rednao -- pdf_builder_for_wpforms

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88.2024-03-276.5CVE-2024-29820
audit@patchstack.com
reviewx -- reviewx

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.2024-03-276.5CVE-2024-29812
audit@patchstack.com
rockwell_automation -- arena_simulation
 
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.2024-03-264.4CVE-2024-21920
PSIRT@rockwellautomation.com
rockwell_automation -- factorytalk-_view_me
 
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelViewâ„¢ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelViewâ„¢ product.2024-03-255.3CVE-2024-21914
PSIRT@rockwellautomation.com
ruijie -- rg-eg350

 
A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=set_vpn of the component HTTP POST Request Handler. The manipulation of the argument ip/port/user/pass/dns/startIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257978 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-266.3CVE-2024-2910
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
saleor -- saleor
 
Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.2024-03-274.2CVE-2024-29888
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
seraphinite_solutions -- seraphinite_accelerator

 
Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47.2024-03-285.3CVE-2024-22138
audit@patchstack.com
serverpod -- serverpod
 
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.2024-03-275.3CVE-2024-29886
security-advisories@github.com
security-advisories@github.com
servit_software_solutions -- affiliate-toolkit

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5.2024-03-276.5CVE-2024-29817
audit@patchstack.com
shanghai_brad_technology -- bladex

 
A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3039
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sharethis -- sharethis_dashboard_for_google_analytics
 
Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.2024-03-255.4CVE-2022-45851
audit@patchstack.com
simple_sponsorships -- sponsors

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Sponsorships Sponsors allows Stored XSS.This issue affects Sponsors: from n/a through 3.5.1.2024-03-296.5CVE-2024-30483
audit@patchstack.com
sinaextra -- sina_extension_for_elementor

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0.2024-03-276.5CVE-2024-29935
audit@patchstack.com
snp_digital -- salesking
 
Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.2024-03-266.5CVE-2024-22156
audit@patchstack.com
softlab -- dracula_dark_mode_-_the_revolutionary_dark_mode_plugin_for_wordpress

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8.2024-03-276.5CVE-2024-29771
audit@patchstack.com
softlab -- radio_player

 
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.2024-03-266.5CVE-2024-2906
audit@patchstack.com
softlab -- radio_player

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73.2024-03-276.5CVE-2024-29811
audit@patchstack.com
sourcecodester -- online_chatting_system

 
A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012.2024-03-276.3CVE-2024-2932
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- simple_subscription_website

 
A vulnerability classified as critical has been found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file Actions.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258300.2024-03-286.3CVE-2024-3014
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- simple_subscription_website

 
A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Affected by this vulnerability is an unknown functionality of the file manage_plan.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258301 was assigned to this vulnerability.2024-03-286.3CVE-2024-3015
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- simple_subscription_website

 
A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431.2024-03-286.3CVE-2024-3042
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- todo_list_in_kanban_board

 
A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258013 was assigned to this vulnerability.2024-03-276.3CVE-2024-2934
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sparkle_wp -- educenter
 
Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5.2024-03-254.3CVE-2023-30480
audit@patchstack.com
specialk -- simple_ajax_chat_-_add_a_fast_secure_chat_box
 
The Simple Ajax Chat - Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-03-274.4CVE-2024-2956
security@wordfence.com
security@wordfence.com
squirrly -- seo_plugin_by_squirrly_seo
 
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.2024-03-256.3CVE-2022-44626
audit@patchstack.com
step-byte-service_gmbh -- openstreetmap_for_gutenberg_and_wpbakery_page_builder_(formerly_visual_composer)

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer): from n/a through 1.1.1.2024-03-296.5CVE-2024-30450
audit@patchstack.com
stormhill_media -- mybooktable_bookstore

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stormhill Media MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.3.7.2024-03-276.5CVE-2024-29772
audit@patchstack.com
streamweasels -- streamweasels_twitch_integration

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5.2024-03-276.5CVE-2024-29766
audit@patchstack.com
supsystic -- photo_gallery_by_supsystic
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Photo Gallery by Supsystic allows Stored XSS.This issue affects Photo Gallery by Supsystic: from n/a through 1.15.16.2024-03-275.9CVE-2024-29921
audit@patchstack.com
supsystic -- slider_by_supsystic
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Supsystic Slider by Supsystic allows Stored XSS.This issue affects Slider by Supsystic: from n/a through 1.8.10.2024-03-295.9CVE-2024-30448
audit@patchstack.com
swift-server -- swift-prometheus
 
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format -- including creating unbounded numbers of stored metrics, inflating server memory usage, or causing "bogus" metrics. This vulnerability is fixed in2.0.0-alpha.2.2024-03-295.9CVE-2024-28867
security-advisories@github.com
security-advisories@github.com
syam_mohan -- wpfront_notification_bar
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2.2024-03-275.9CVE-2024-29819
audit@patchstack.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29227
security@synology.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29230
security@synology.com
synology -- surveillance_station
 
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.2024-03-285.4CVE-2024-29231
security@synology.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29232
security@synology.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29233
security@synology.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29234
security@synology.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29235
security@synology.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29236
security@synology.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29237
security@synology.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29238
security@synology.com
synology -- surveillance_station
 
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.2024-03-285.4CVE-2024-29239
security@synology.com
synology -- surveillance_station
 
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.2024-03-284.3CVE-2024-29240
security@synology.com
team_heateor -- fancy_comments_wordpress

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14.2024-03-276.5CVE-2024-29804
audit@patchstack.com
technocrackers -- christmas_greetings
 
The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the code parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-03-296.1CVE-2024-2116
security@wordfence.com
security@wordfence.com
tenda -- ac7
 
A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-266.3CVE-2024-2897
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1202
 
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-275.5CVE-2024-2982
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- fh1205

 
A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-286.3CVE-2024-3009
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
the_beaver_builder_team -- beaver_builder

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.7.4.4.2024-03-296.5CVE-2024-30425
audit@patchstack.com
themehunk -- advance_wordpress_search_plugin
 
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.2024-03-256.5CVE-2022-38057
audit@patchstack.com
themeisle -- multiple_page_generator_plugin_-_mpg
 
Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin - MPG.This issue affects Multiple Page Generator Plugin - MPG: from n/a through 3.4.0.2024-03-264.3CVE-2024-30235
audit@patchstack.com
themeisle -- otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse
 
The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2841
security@wordfence.com
security@wordfence.com
themekraft -- buddyforms
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5.2024-03-275.8CVE-2024-30198
audit@patchstack.com
themelocation -- custom_woocommerce_checkout_fields_editor
 
Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.2024-03-294.3CVE-2024-30518
audit@patchstack.com
themeum -- tutor_lms_elementor_addons

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3.2024-03-276.5CVE-2024-29913
audit@patchstack.com
themify -- themify_event_post
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through 1.2.7.2024-03-295.9CVE-2024-30440
audit@patchstack.com
themifyme -- themify_shortcodes
 
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-265.4CVE-2024-2732
security@wordfence.com
security@wordfence.com
thimpress -- wp_hotel_booking
 
Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.2024-03-296.5CVE-2024-30508
audit@patchstack.com
thorsten -- phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.2024-03-255.5CVE-2024-27300
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
thorsten -- phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.2024-03-254.3CVE-2024-28106
security-advisories@github.com
security-advisories@github.com
thorsten -- phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.2024-03-254.7CVE-2024-28108
security-advisories@github.com
security-advisories@github.com
tianjin -- publicms
 
A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257979. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-264.3CVE-2024-2911
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tinymce -- tinymce
 
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE's content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.2024-03-264.3CVE-2024-29203
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
tinymce -- tinymce
 
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE's content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.2024-03-264.3CVE-2024-29881
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
tsina -- news_wall
 
The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwap_newslist_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and modify news lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-03-294.3CVE-2024-2970
security@wordfence.com
security@wordfence.com
tumult_inc -- tumult_hype_animations
 
Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.11.2024-03-294.3CVE-2024-30460
audit@patchstack.com
uncanny_owl -- uncanny_toolkit_for_learndash
 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.2024-03-274.7CVE-2023-34020
audit@patchstack.com
unitecms -- unlimited_elements_for_elementor_(free_widgets,_addons,_templates)
 
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., 'Button Link') in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-0367
security@wordfence.com
security@wordfence.com
uriahs_victor -- location_picker_at_checkout_for_woocommerce
 
Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9.2024-03-264.3CVE-2024-24719
audit@patchstack.com
veronalabs -- wp_sms
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4.2024-03-276.5CVE-2024-25920
audit@patchstack.com
veronalabs -- wp_sms
 
Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2.2024-03-294.3CVE-2024-30454
audit@patchstack.com
vinoth06. -- frontend_dashboard

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1.2024-03-276.5CVE-2024-29775
audit@patchstack.com
voidcoders -- void_contact_form_7_widget_for_elementor_page_builder
 
Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3.2024-03-264.3CVE-2023-52214
audit@patchstack.com
walter_pinem -- oneclick_chat_to_order

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5.2024-03-276.5CVE-2024-29789
audit@patchstack.com
wc_lovers -- wcfm_-_frontend_manager_for_woocommerce
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM - Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM - Frontend Manager for WooCommerce: from n/a through 6.7.8.2024-03-275.9CVE-2024-29929
audit@patchstack.com
weblizar -- lightbox_slider_-_responsive_lightbox_gallery
 
The Lightbox slider - Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2024-03-295.4CVE-2024-1858
security@wordfence.com
security@wordfence.com
webtechstreet -- elementor_addon_elements
 
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-285.4CVE-2024-2091
security@wordfence.com
security@wordfence.com
security@wordfence.com
webtoffee -- import_export_wordpress_users
 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2.2024-03-294.3CVE-2024-30492
audit@patchstack.com
wedevs -- woocommerce_conversion_tracking
 
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.2024-03-264.3CVE-2024-24711
audit@patchstack.com
wholesale_team -- wholesalex

 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.2024-03-266.5CVE-2024-30233
audit@patchstack.com
wholesale_team -- wholesalex

 
Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.2024-03-266.5CVE-2024-30234
audit@patchstack.com
woocommerce -- woocommerce_box_office
 
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.2024-03-266.5CVE-2024-24799
audit@patchstack.com
woocommerce -- woocommerce_stripe_payment_gateway
 
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.2024-03-275.4CVE-2023-44999
audit@patchstack.com
workos -- authkit-nextjs
 
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.2024-03-294.8CVE-2024-29901
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
wp_darko -- grid_shortcodes

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1.2024-03-276.5CVE-2024-29797
audit@patchstack.com
wp_email_newsletter_team_-_fluentcrm -- fluent_crm
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Email Newsletter Team - FluentCRM Fluent CRM allows Stored XSS.This issue affects Fluent CRM: from n/a through 2.8.44.2024-03-295.9CVE-2024-30430
audit@patchstack.com
wp_lab -- wp-lister_lite_for_amazon
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.11.2024-03-265.9CVE-2024-2889
audit@patchstack.com
wp_sunshine -- sunshine_photo_cart
 
Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1.2024-03-285.4CVE-2024-30221
audit@patchstack.com
wp_swings -- points_and_rewards_for_woocommerce
 
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.2024-03-256.5CVE-2023-27608
audit@patchstack.com
wpassist.me -- wordpress_countdown_widget
 
Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1.2024-03-276.1CVE-2022-45847
audit@patchstack.com
wpexperts -- wholesale_for_woocommerce
 
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.2024-03-295.3CVE-2024-30469
audit@patchstack.com
wppool -- webinar_and_video_conference_with_jitsi_meet

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3.2024-03-296.5CVE-2024-30437
audit@patchstack.com
wpvibes -- elementor_addon_elements

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1.2024-03-286.5CVE-2024-30422
audit@patchstack.com
wpwax -- post_grid_slider_&_carousel_ultimate

 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6.2024-03-276.5CVE-2024-29925
audit@patchstack.com
xpeedstudio -- elementskit_elementor_addons
 
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-306.4CVE-2024-1238
security@wordfence.com
security@wordfence.com
xpro -- 140+_widgets_|_best_addons_for_elementor_-_free
 
The 130+ Widgets | Best Addons For Elementor - FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-03-296.4CVE-2024-2250
security@wordfence.com
security@wordfence.com
zephyrproject-rtos -- zephyr
 
An malicious BLE device can crash BLE victim device by sending malformed gatt packet2024-03-296.8CVE-2024-3077
vulnerabilities@zephyrproject.org
zionbuilder.io -- wordpress_page_builder_-_zion_builder
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.Io WordPress Page Builder - Zion Builder allows Stored XSS.This issue affects WordPress Page Builder - Zion Builder: from n/a through 3.6.9.2024-03-295.9CVE-2024-30444
audit@patchstack.com
zitadel -- zitadel

 
ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17.2024-03-276.1CVE-2024-29892
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ampache -- ampache
 
Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1.2024-03-273.9CVE-2024-28853
security-advisories@github.com
awesomestcode -- livebot
 
A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Upgrading to version 0.1 is able to address this issue. The name of the patch is 57505527f838d1e46e8f93d567ba552a30185bfa. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257784.2024-03-253.5CVE-2020-36826
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
bdtask -- multi-store_inventory_management_system
 
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258198 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-272.4CVE-2024-2996
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
bdtask -- multi-store_inventory_management_system
 
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258199. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-272.4CVE-2024-2997
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
bdtask -- multi-store_inventory_management_system
 
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258200. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-03-272.4CVE-2024-2998
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_examination_system
 
A vulnerability classified as problematic has been found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258030 is the identifier assigned to this vulnerability.2024-03-273.5CVE-2024-2939
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_examination_system
 
A vulnerability classified as problematic was found in Campcodes Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258031.2024-03-273.5CVE-2024-2940
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- online_book_system
 
A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258206 is the identifier assigned to this vulnerability.2024-03-273.5CVE-2024-3004
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
easycorp -- easyadmin
 
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. The attack can be launched remotely. Upgrading to version 4.8.10 is able to address this issue. The identifier of the patch is 127436e4c3f56276d548070f99e61b7234200a11. It is recommended to upgrade the affected component. The identifier VDB-258613 was assigned to this vulnerability.2024-03-293.5CVE-2024-3081
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hcl_software -- bigfix_platform
 
An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options.2024-03-283.5CVE-2023-45705
psirt@hcl.com
hcl_software -- bigfix_platform

 
The console may experience a service interruption when processing file names with invalid characters.2024-03-283.5CVE-2023-45715
psirt@hcl.com
hcl_software -- bigfix_platform

 
An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration.2024-03-282CVE-2023-45706
psirt@hcl.com
ibm -- common_cryptographic_architecture
 
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.2024-03-263.7CVE-2023-33855
psirt@us.ibm.com
psirt@us.ibm.com
molongui -- molongui
 
Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7.2024-03-292.7CVE-2024-30507
audit@patchstack.com
nautobot -- nautobot
 
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.2024-03-263.7CVE-2024-29199
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
phpgurukul -- emergency_ambulance_hiring_portal
 
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.2024-03-302.4CVE-2024-3090
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- emergency_ambulance_hiring_portal
 
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684.2024-03-302.4CVE-2024-3091
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- todo_list_in_kanban_board
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258014 is the identifier assigned to this vulnerability.2024-03-273.5CVE-2024-2935
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
thorsten -- phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.2024-03-263.8CVE-2024-29196
security-advisories@github.com
security-advisories@github.com
xpdf -- xpdf
 
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.2024-03-262.9CVE-2024-2971
xpdf@xpdfreader.com

Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache_software_foundation -- apache_airflow
 
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem. If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable. This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) - those images require to have group write permission set anyway. You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users. Also you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems. Recommendation for users using Airflow outside of the containers: * if you are using root to run Airflow, change your Airflow user to use non-root * upgrade Apache Airflow to 2.8.4 or above * If you prefer not to upgrade, you can change the https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions  to 0o755 (original value 0o775). * if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs in all your components and all parent directories of this directory and remove group write access for all the parent directories2024-03-26not yet calculatedCVE-2024-29735
security@apache.org
security@apache.org
apple -- ios_and_ipados
 
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.2024-03-28not yet calculatedCVE-2023-42893
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple -- ios_and_ipados
 
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system.2024-03-28not yet calculatedCVE-2023-42896
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple -- ios_and_ipados
 
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data.2024-03-28not yet calculatedCVE-2023-42936
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple -- ios_and_ipados
 
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox.2024-03-28not yet calculatedCVE-2023-42947
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple -- ios_and_ipados
 
This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service.2024-03-28not yet calculatedCVE-2023-42962
product-security@apple.com
product-security@apple.com
apple -- ios_and_ipados
 
A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges.2024-03-28not yet calculatedCVE-2023-42974
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple -- macos
 
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data.2024-03-28not yet calculatedCVE-2023-40390
product-security@apple.com
apple -- macos
 
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges.2024-03-28not yet calculatedCVE-2023-42892
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple -- macos
 
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.2024-03-28not yet calculatedCVE-2023-42913
product-security@apple.com
apple -- macos
 
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system.2024-03-28not yet calculatedCVE-2023-42930
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple -- macos
 
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.2024-03-28not yet calculatedCVE-2023-42931
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple -- safari
 
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.2024-03-28not yet calculatedCVE-2023-42950
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
product-security@apple.com
apple -- safari
 
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.2024-03-28not yet calculatedCVE-2023-42956
product-security@apple.com
product-security@apple.com
product-security@apple.com
ari_susanto -- easy-popup-show
 
Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in.2024-03-25not yet calculatedCVE-2024-29009
vultures@jpcert.or.jp
vultures@jpcert.or.jp
curl -- curl
 
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.2024-03-27not yet calculatedCVE-2024-2004
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
curl -- curl
 
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.2024-03-27not yet calculatedCVE-2024-2379
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
curl -- curl
 
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.2024-03-27not yet calculatedCVE-2024-2398
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
curl -- curl
 
libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).2024-03-27not yet calculatedCVE-2024-2466
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
2499f714-1537-4658-8207-48ae4bb9eae9
devolutions -- server
 
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.2024-03-26not yet calculatedCVE-2024-2915
security@devolutions.net
devolutions -- server
 
Improper access control in PAM vault permissions in Devolutions Server 2024.1.6 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.2024-03-26not yet calculatedCVE-2024-2921
security@devolutions.net
flash_cgi -- mini_thread
 
Cross-site scripting vulnerability exists in Mini Thread Version 3.33?i. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33?i.2024-03-26not yet calculatedCVE-2024-28034
vultures@jpcert.or.jp
fortunefield -- ffbull
 
OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11.2024-03-26not yet calculatedCVE-2024-28048
vultures@jpcert.or.jp
google -- chrome
 
Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)2024-03-26not yet calculatedCVE-2024-2883
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chrome
 
Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-03-26not yet calculatedCVE-2024-2885
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chrome
 
Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2024-03-26not yet calculatedCVE-2024-2886
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chrome
 
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)2024-03-26not yet calculatedCVE-2024-2887
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
gradio-app -- gradio-app/gradio
 
Previously, it was possible to exfiltrate secrets in Gradio's CI, but this is now fixed.2024-03-27not yet calculatedCVE-2024-1540
security@huntr.dev
security@huntr.dev
gradio-app -- gradio-app/gradio
 
Th password check condition is vulnerable to timing attack to guess the password2024-03-29not yet calculatedCVE-2024-1729
security@huntr.dev
security@huntr.dev
gradio-app -- gradio-app/gradio
 
The /proxy route allows a user to proxy arbitrary urls including potential internal endpoints.2024-03-27not yet calculatedCVE-2024-2206
security@huntr.dev
security@huntr.dev
hp,_inc. -- hp_printer_firmware_update_utility
 
A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer's Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.2024-03-27not yet calculatedCVE-2024-2209
hp-security-alert@hp.com
kddi_corporation -- hgw_bl1500hm
 
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.2024-03-25not yet calculatedCVE-2024-28041
vultures@jpcert.or.jp
vultures@jpcert.or.jp
kddi_corporation -- hgw_bl1500hm
 
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.2024-03-25not yet calculatedCVE-2024-29071
vultures@jpcert.or.jp
vultures@jpcert.or.jp
kddi_corporation -- hgw_bl1500hm
 
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.2024-03-25not yet calculatedCVE-2024-21865
vultures@jpcert.or.jp
vultures@jpcert.or.jp
langchain-ai -- langchain-ai/langchain
 
The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service. A successful attack is predicated on: 1. Usage of XMLOutputParser 2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf 3. Exposing the component via a web-service2024-03-26not yet calculatedCVE-2024-1455
security@huntr.dev
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT originally contained only single value tc_skb_ext->chain its users used to just assign the chain value without setting whole extension memory to zero first. This assumption changed when TC_SKB_EXT extension was extended with additional fields but not all users were updated to initialize the new fields which leads to use of uninitialized memory afterwards. UBSAN log: [ 778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28 [ 778.301495] load of value 107 is not a valid value for type '_Bool' [ 778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2 [ 778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 778.307901] Call Trace: [ 778.308680] <IRQ> [ 778.309358] dump_stack+0xbb/0x107 [ 778.310307] ubsan_epilogue+0x5/0x40 [ 778.311167] __ubsan_handle_load_invalid_value.cold+0x43/0x48 [ 778.312454] ? memset+0x20/0x40 [ 778.313230] ovs_flow_key_extract.cold+0xf/0x14 [openvswitch] [ 778.314532] ovs_vport_receive+0x19e/0x2e0 [openvswitch] [ 778.315749] ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch] [ 778.317188] ? create_prof_cpu_mask+0x20/0x20 [ 778.318220] ? arch_stack_walk+0x82/0xf0 [ 778.319153] ? secondary_startup_64_no_verify+0xb0/0xbb [ 778.320399] ? stack_trace_save+0x91/0xc0 [ 778.321362] ? stack_trace_consume_entry+0x160/0x160 [ 778.322517] ? lock_release+0x52e/0x760 [ 778.323444] netdev_frame_hook+0x323/0x610 [openvswitch] [ 778.324668] ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch] [ 778.325950] __netif_receive_skb_core+0x771/0x2db0 [ 778.327067] ? lock_downgrade+0x6e0/0x6f0 [ 778.328021] ? lock_acquire+0x565/0x720 [ 778.328940] ? generic_xdp_tx+0x4f0/0x4f0 [ 778.329902] ? inet_gro_receive+0x2a7/0x10a0 [ 778.330914] ? lock_downgrade+0x6f0/0x6f0 [ 778.331867] ? udp4_gro_receive+0x4c4/0x13e0 [ 778.332876] ? lock_release+0x52e/0x760 [ 778.333808] ? dev_gro_receive+0xcc8/0x2380 [ 778.334810] ? lock_downgrade+0x6f0/0x6f0 [ 778.335769] __netif_receive_skb_list_core+0x295/0x820 [ 778.336955] ? process_backlog+0x780/0x780 [ 778.337941] ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core] [ 778.339613] ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0 [ 778.341033] ? kvm_clock_get_cycles+0x14/0x20 [ 778.342072] netif_receive_skb_list_internal+0x5f5/0xcb0 [ 778.343288] ? __kasan_kmalloc+0x7a/0x90 [ 778.344234] ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core] [ 778.345676] ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core] [ 778.347140] ? __netif_receive_skb_list_core+0x820/0x820 [ 778.348351] ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core] [ 778.349688] ? napi_gro_flush+0x26c/0x3c0 [ 778.350641] napi_complete_done+0x188/0x6b0 [ 778.351627] mlx5e_napi_poll+0x373/0x1b80 [mlx5_core] [ 778.352853] __napi_poll+0x9f/0x510 [ 778.353704] ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core] [ 778.355158] net_rx_action+0x34c/0xa40 [ 778.356060] ? napi_threaded_poll+0x3d0/0x3d0 [ 778.357083] ? sched_clock_cpu+0x18/0x190 [ 778.358041] ? __common_interrupt+0x8e/0x1a0 [ 778.359045] __do_softirq+0x1ce/0x984 [ 778.359938] __irq_exit_rcu+0x137/0x1d0 [ 778.360865] irq_exit_rcu+0xa/0x20 [ 778.361708] common_interrupt+0x80/0xa0 [ 778.362640] </IRQ> [ 778.363212] asm_common_interrupt+0x1e/0x40 [ 778.364204] RIP: 0010:native_safe_halt+0xe/0x10 [ 778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00 [ 778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246 [ 778.370570] RAX ---truncated---2024-03-25not yet calculatedCVE-2021-47136
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.2024-03-25not yet calculatedCVE-2021-47137
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the register can lead to out-of-bound memory access. So, fix by using the saved server TID base when clearing filters.2024-03-25not yet calculatedCVE-2021-47138
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case, if user try to change the channel number or ring param, it may cause the hns3_set_rx_cpu_rmap() being called twice, and report bug. [47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0 [47199.430340] hns3 0000:35:00.0 eth1: already uninitialized [47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1 [47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1 [47200.163524] ------------[ cut here ]------------ [47200.171674] kernel BUG at lib/cpu_rmap.c:142! [47200.177847] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge] [47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O 5.11.0-rc3+ #1 [47200.215601] Hardware name: , xxxxxx 02/04/2021 [47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [47200.230188] pc : cpu_rmap_add+0x38/0x40 [47200.237472] lr : irq_cpu_rmap_add+0x84/0x140 [47200.243291] sp : ffff800010e93a30 [47200.247295] x29: ffff800010e93a30 x28: ffff082100584880 [47200.254155] x27: 0000000000000000 x26: 0000000000000000 [47200.260712] x25: 0000000000000000 x24: 0000000000000004 [47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0 [47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680 [47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0 [47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0 [47200.293456] x15: fffffc2082990600 x14: dead000000000122 [47200.300059] x13: ffffffffffffffff x12: 000000000000003e [47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000 [47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700 [47200.319682] x7 : 0000000000000000 x6 : 000000000000003f [47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20 [47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80 [47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004 [47200.346058] Call trace: [47200.349324] cpu_rmap_add+0x38/0x40 [47200.354300] hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3] [47200.362294] hns3_reset_notify_init_enet+0x1cc/0x340 [hns3] [47200.370049] hns3_change_channels+0x40/0xb0 [hns3] [47200.376770] hns3_set_channels+0x12c/0x2a0 [hns3] [47200.383353] ethtool_set_channels+0x140/0x250 [47200.389772] dev_ethtool+0x714/0x23d0 [47200.394440] dev_ioctl+0x4cc/0x640 [47200.399277] sock_do_ioctl+0x100/0x2a0 [47200.404574] sock_ioctl+0x28c/0x470 [47200.409079] __arm64_sys_ioctl+0xb4/0x100 [47200.415217] el0_svc_common.constprop.0+0x84/0x210 [47200.422088] do_el0_svc+0x28/0x34 [47200.426387] el0_svc+0x28/0x70 [47200.431308] el0_sync_handler+0x1a4/0x1b0 [47200.436477] el0_sync+0x174/0x180 [47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000) [47200.448869] ---[ end trace a01efe4ce42e5f34 ]--- The process is like below: excuting hns3_client_init | register_netdev() | hns3_set_channels() | | hns3_set_rx_cpu_rmap() hns3_reset_notify_uninit_enet() | | | quit without calling function | hns3_free_rx_cpu_rmap for flag | HNS3_NIC_STATE_INITED is unset. | | | hns3_reset_notify_init_enet() | | set HNS3_NIC_STATE_INITED call hns3_set_rx_cpu_rmap()-- crash Fix it by calling register_netdev() at the end of function hns3_client_init().2024-03-25not yet calculatedCVE-2021-47139
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work for AMD IOMMU at the moment because dev->dma_ops is not cleared when switching from a DMA to an identity IOMMU domain. The DMA layer thus attempts to use the dma-iommu ops on an identity domain, causing an oops: # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/unbind # echo identity > /sys/bus/pci/devices/0000:00:05.0/iommu_group/type # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/bind ... BUG: kernel NULL pointer dereference, address: 0000000000000028 ... Call Trace: iommu_dma_alloc e1000e_setup_tx_resources e1000e_open Since iommu_change_dev_def_domain() calls probe_finalize() again, clear the dma_ops there like Vt-d does.2024-03-25not yet calculatedCVE-2021-47140
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL pointer dereference if the driver is unloaded.2024-03-25not yet calculatedCVE-2021-47141
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sg_free_table+0x17/0x20 [ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]2024-03-25not yet calculatedCVE-2021-47142
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcd_dev_list after failed device_add() If the device_add() for a smcd_dev fails, there's no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list. Add some error handling that removes the device from the list.2024-03-25not yet calculatedCVE-2021-47143
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes2024-03-25not yet calculatedCVE-2021-47144
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:link_to_fixup_dir+0xd5/0xe0 RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216 RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0 RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000 RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001 R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800 R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065 FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0 Call Trace: replay_one_buffer+0x409/0x470 ? btree_read_extent_buffer_pages+0xd0/0x110 walk_up_log_tree+0x157/0x1e0 walk_log_tree+0xa6/0x1d0 btrfs_recover_log_trees+0x1da/0x360 ? replay_one_extent+0x7b0/0x7b0 open_ctree+0x1486/0x1720 btrfs_mount_root.cold+0x12/0xea ? __kmalloc_track_caller+0x12f/0x240 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 vfs_kern_mount.part.0+0x71/0xb0 btrfs_mount+0x10d/0x380 ? vfs_parse_fs_string+0x4d/0x90 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 path_mount+0x433/0xa10 __x64_sys_mount+0xe3/0x120 do_syscall_64+0x3d/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae We can get -EIO or any number of legitimate errors from btrfs_search_slot(), panicing here is not the appropriate response. The error path for this code handles errors properly, simply return the error.2024-03-25not yet calculatedCVE-2021-47145
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skb_put(). Test commands: ip netns del A ip netns del B ip netns add A ip netns add B ip link add veth0 type veth peer name veth1 ip link set veth0 netns A ip link set veth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set veth0 up ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0 ip netns exec B ip link set lo up ip netns exec B ip link set veth1 up ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1 for i in {1..99} do let A=$i-1 ip netns exec A ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100 ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i ip netns exec A ip link set ip6gre$i up ip netns exec B ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100 ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i ip netns exec B ip link set ip6gre$i up done Splat looks like: kernel BUG at net/core/skbuff.c:110! invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:skb_panic+0x15d/0x15f Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83 41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89 34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20 RSP: 0018:ffff88810091f820 EFLAGS: 00010282 RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000 RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031 R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028 R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0 FS: 0000000000000000(0000) GS:ffff888117c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 skb_put.cold.104+0x22/0x22 ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? rcu_read_lock_sched_held+0x91/0xc0 mld_newpack+0x398/0x8f0 ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600 ? lock_contended+0xc40/0xc40 add_grhead.isra.33+0x280/0x380 add_grec+0x5ca/0xff0 ? mld_sendpack+0xf40/0xf40 ? lock_downgrade+0x690/0x690 mld_send_initial_cr.part.34+0xb9/0x180 ipv6_mc_dad_complete+0x15d/0x1b0 addrconf_dad_completed+0x8d2/0xbb0 ? lock_downgrade+0x690/0x690 ? addrconf_rs_timer+0x660/0x660 ? addrconf_dad_work+0x73c/0x10e0 addrconf_dad_work+0x73c/0x10e0 Allowing high order page allocation could fix this problem.2024-03-25not yet calculatedCVE-2021-47146
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as already done in the remove function.2024-03-25not yet calculatedCVE-2021-47147
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() This function is called from ethtool_set_rxfh() and "*rss_context" comes from the user. Add some bounds checking to prevent memory corruption.2024-03-25not yet calculatedCVE-2021-47148
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure.2024-03-25not yet calculatedCVE-2021-47149
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues is failed, it can return error directly.2024-03-25not yet calculatedCVE-2021-47150
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: bcm-voter: add a missing of_node_put() Add a missing of_node_put() in of_bcm_voter_get() to avoid the reference leak.2024-03-25not yet calculatedCVE-2021-47151
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to 'mptcp_frag_can_collapse_to()' assuming that only MPTCP will use the given page_frag. If others - e.g. the plain TCP protocol - allocate page fragments, we can end-up re-using already allocated memory for mptcp_data_frag. Fix the issue ensuring that the to-be-expanded data fragment is located at the current page frag end. v1 -> v2: - added missing fixes tag (Mat)2024-03-25not yet calculatedCVE-2021-47152
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction.2024-03-25not yet calculatedCVE-2021-47153
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: add error handling in sja1105_setup() If any of sja1105_static_config_load(), sja1105_clocking_setup() or sja1105_devlink_setup() fails, we can't just return in the middle of sja1105_setup() or memory will leak. Add a cleanup path.2024-03-25not yet calculatedCVE-2021-47158
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it "count" is a negative error code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes. Fix this by checking for error codes and changing the type of "i" to just int.2024-03-25not yet calculatedCVE-2021-47159
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlan_filtering 1 ip link add br1 type bridge vlan_filtering 1 ip link set swp0 master br0 ip link set swp1 master br1 ip link set br0 type bridge vlan_filtering 0 ip link set br1 type bridge vlan_filtering 0 # traffic in br0 and br1 will start leaking to each other As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the PCR_MATRIX write from mt7530_port_set_vlan_aware.2024-03-25not yet calculatedCVE-2021-47160
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix a resource leak in an error handling path 'dspi_request_dma()' should be undone by a 'dspi_release_dma()' call in the error handling path of the probe function, as already done in the remove function2024-03-25not yet calculatedCVE-2021-47161
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's frag_list if the frag_list already has skbs from elsewhere, such as this skb was created by pskb_copy() where the frag_list was cloned (all the skbs in it were skb_get'ed) and shared by multiple skbs. However, the new appended frag skb should have been only seen by the current skb. Otherwise, it will cause use after free crashes as this appended frag skb are seen by multiple skbs but it only got skb_get called once. The same thing happens with a skb updated by pskb_may_pull() with a skb_cloned skb. Li Shuang has reported quite a few crashes caused by this when doing testing over macvlan devices: [] kernel BUG at net/core/skbuff.c:1970! [] Call Trace: [] skb_clone+0x4d/0xb0 [] macvlan_broadcast+0xd8/0x160 [macvlan] [] macvlan_process_broadcast+0x148/0x150 [macvlan] [] process_one_work+0x1a7/0x360 [] worker_thread+0x30/0x390 [] kernel BUG at mm/usercopy.c:102! [] Call Trace: [] __check_heap_object+0xd3/0x100 [] __check_object_size+0xff/0x16b [] simple_copy_to_iter+0x1c/0x30 [] __skb_datagram_iter+0x7d/0x310 [] __skb_datagram_iter+0x2a5/0x310 [] skb_copy_datagram_iter+0x3b/0x90 [] tipc_recvmsg+0x14a/0x3a0 [tipc] [] ____sys_recvmsg+0x91/0x150 [] ___sys_recvmsg+0x7b/0xc0 [] kernel BUG at mm/slub.c:305! [] Call Trace: [] <IRQ> [] kmem_cache_free+0x3ff/0x400 [] __netif_receive_skb_core+0x12c/0xc40 [] ? kmem_cache_alloc+0x12e/0x270 [] netif_receive_skb_internal+0x3d/0xb0 [] ? get_rx_page_info+0x8e/0xa0 [be2net] [] be_poll+0x6ef/0xd00 [be2net] [] ? irq_exit+0x4f/0x100 [] net_rx_action+0x149/0x3b0 ... This patch is to fix it by linearizing the head skb if it has frag_list set in tipc_buf_append(). Note that we choose to do this before calling skb_unshare(), as __skb_linearize() will avoid skb_copy(). Also, we can not just drop the frag_list either as the early time.2024-03-25not yet calculatedCVE-2021-47162
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done On some host, a crash could be triggered simply by repeating these commands several times: # modprobe tipc # tipc bearer enable media udp name UDP1 localip 127.0.0.1 # rmmod tipc [] BUG: unable to handle kernel paging request at ffffffffc096bb00 [] Workqueue: events 0xffffffffc096bb00 [] Call Trace: [] ? process_one_work+0x1a7/0x360 [] ? worker_thread+0x30/0x390 [] ? create_worker+0x1a0/0x1a0 [] ? kthread+0x116/0x130 [] ? kthread_flush_work_fn+0x10/0x10 [] ? ret_from_fork+0x35/0x40 When removing the TIPC module, the UDP tunnel sock will be delayed to release in a work queue as sock_release() can't be done in rtnl_lock(). If the work queue is schedule to run after the TIPC module is removed, kernel will crash as the work queue function cleanup_beareri() code no longer exists when trying to invoke it. To fix it, this patch introduce a member wq_count in tipc_net to track the numbers of work queues in schedule, and wait and exit until all work queues are done in tipc_exit_net().2024-03-25not yet calculatedCVE-2021-47163
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev. After setting the upper dev with bond_master_upper_dev_link() there is a second event and in that event we have an upper dev.2024-03-25not yet calculatedCVE-2021-47164
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix shutdown crash when component not probed When main component is not probed, by example when the dw-hdmi module is not loaded yet or in probe defer, the following crash appears on shutdown: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 ... pc : meson_drv_shutdown+0x24/0x50 lr : platform_drv_shutdown+0x20/0x30 ... Call trace: meson_drv_shutdown+0x24/0x50 platform_drv_shutdown+0x20/0x30 device_shutdown+0x158/0x360 kernel_restart_prepare+0x38/0x48 kernel_restart+0x18/0x68 __do_sys_reboot+0x224/0x250 __arm64_sys_reboot+0x24/0x30 ... Simply check if the priv struct has been allocated before using it.2024-03-25not yet calculatedCVE-2021-47165
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list.2024-03-25not yet calculatedCVE-2021-47166
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfs_pageio_do_add_request() to be more robust by checking whether or not the list is empty rather than relying on the value of pg_count.2024-03-25not yet calculatedCVE-2021-47167
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->data[] buffer. I reversed the size of the arguments to put the variable on the left.2024-03-25not yet calculatedCVE-2021-47168
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't exists, function just return without initializing ports of 'rp2_card'. But now the interrupt handler function has been registered, and when an interrupt comes, 'rp2_uart_interrupt' may access those ports then causing NULL pointer dereference or other bugs. Because the driver does some initialization work in 'rp2_fw_cb', in order to make the driver ready to handle interrupts, 'request_firmware' should be used instead of asynchronous 'request_firmware_nowait'. This report reveals it: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xec/0x156 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:727 [inline] register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753 __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303 lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline] rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493 rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Co ---truncated---2024-03-25not yet calculatedCVE-2021-47169
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in the kernel; it's merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, add the __GFP_NOWARN flag to the kmalloc calls for these buffers.2024-03-25not yet calculatedCVE-2021-47170
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:17282024-03-25not yet calculatedCVE-2021-47171
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have any holes, or it is possible to overflow the available storage. Note this bug was introduced as part of a fix to ensure we didn't rely on the ordering of child nodes. So we need to support arbitrary ordering but they all need to be there somewhere. Note I hit this when using qemu to test the rest of this series. Arguably this isn't the best fix, but it is probably the most minimal option for backporting etc. Alexandru's sign-off is here because he carried this patch in a larger set that Jonathan then applied.2024-03-25not yet calculatedCVE-2021-47172
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ backtrace: [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:2942024-03-25not yet calculatedCVE-2021-47173
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0 [709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod [709732.358941] pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common [709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1 [709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020 [709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0 [709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb [709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202 [709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001 [709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003 [709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462 [709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960 [709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660 [709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000 [709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0 [709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [709732.359003] PKRU: 55555554 [709732.359005] Call Trace: [709732.359009] <IRQ> [709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables] [709732.359046] ? sched_clock+0x5/0x10 [709732.359054] ? sched_clock_cpu+0xc/0xb0 [709732.359061] ? record_times+0x16/0x80 [709732.359068] ? plist_add+0xc1/0x100 [709732.359073] ? psi_group_change+0x47/0x230 [709732.359079] ? skb_clone+0x4d/0xb0 [709732.359085] ? enqueue_task_rt+0x22b/0x310 [709732.359098] ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en] [709732.359102] ? packet_rcv+0x40/0x4a0 [709732.359121] nft_lookup_eval+0x59/0x160 [nf_tables] [709732.359133] nft_do_chain+0x350/0x500 [nf_tables] [709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables] [709732.359163] ? nft_do_chain+0x364/0x500 [nf_tables] [709732.359172] ? fib4_rule_action+0x6d/0x80 [709732.359178] ? fib_rules_lookup+0x107/0x250 [709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat] [709732.359193] nf_nat_inet_fn+0xea/0x210 [nf_nat] [709732.359202] nf_nat_ipv4_out+0x14/0xa0 [nf_nat] [709732.359207] nf_hook_slow+0x44/0xc0 [709732.359214] ip_output+0xd2/0x100 [709732.359221] ? __ip_finish_output+0x210/0x210 [709732.359226] ip_forward+0x37d/0x4a0 [709732.359232] ? ip4_key_hashfn+0xb0/0xb0 [709732.359238] ip_subli ---truncated---2024-03-25not yet calculatedCVE-2021-47174
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority 0x10002 # ping 192.0.2.2 -I eth0 -c2 -w1 -q produces the following splat: BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] Read of size 4 at addr ffff888171306924 by task ping/942 CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 Call Trace: dump_stack+0x92/0xc1 print_address_description.constprop.7+0x1a/0x150 kasan_report.cold.13+0x7f/0x111 fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] __dev_queue_xmit+0x1034/0x2b10 ip_finish_output2+0xc62/0x2120 __ip_finish_output+0x553/0xea0 ip_output+0x1ca/0x4d0 ip_send_skb+0x37/0xa0 raw_sendmsg+0x1c4b/0x2d00 sock_sendmsg+0xdb/0x110 __sys_sendto+0x1d7/0x2b0 __x64_sys_sendto+0xdd/0x1b0 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe69735c3eb Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89 RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003 RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260 R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0 Allocated by task 917: kasan_save_stack+0x19/0x40 __kasan_kmalloc+0x7f/0xa0 __kmalloc_node+0x139/0x280 fq_pie_init+0x555/0x8e8 [sch_fq_pie] qdisc_create+0x407/0x11b0 tc_modify_qdisc+0x3c2/0x17e0 rtnetlink_rcv_msg+0x346/0x8e0 netlink_rcv_skb+0x120/0x380 netlink_unicast+0x439/0x630 netlink_sendmsg+0x719/0xbf0 sock_sendmsg+0xe2/0x110 ____sys_sendmsg+0x5ba/0x890 ___sys_sendmsg+0xe9/0x160 __sys_sendmsg+0xd3/0x170 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff888171306800 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 36 bytes to the right of 256-byte region [ffff888171306800, ffff888171306900) The buggy address belongs to the page: page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306 head:00000000bcfb624e order:1 compound_mapcount:0 flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc >ffff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fix fq_pie traffic path to avoid selecting 'q->flows + q->flows_cnt' as a valid flow: it's an address beyond the allocated memory.2024-03-25not yet calculatedCVE-2021-47175
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasd_device_tasklet. Commit b72949328869 ("s390/dasd: Prepare for additional path event handling") renamed the verify_path function for ECKD but not for FBA and DIAG. This leads to a panic when the path verification function is called for a FBA or DIAG device. Fix by defining a wrapper function for dasd_generic_verify_path().2024-03-25not yet calculatedCVE-2021-47176
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors.2024-03-25not yet calculatedCVE-2021-47177
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper"). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code. [1] [ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] ch ---truncated---2024-03-25not yet calculatedCVE-2021-47178
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesn't check if we have a value here before dereferencing it, causing an oops. I'm able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap.2024-03-25not yet calculatedCVE-2021-47179
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:5542024-03-25not yet calculatedCVE-2021-47180
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers These three bpf_map_{lookup,update,delete}_elem() helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program, otherwise the following warning will be reported when a sleepable bpf program manipulates bpf map under interpreter mode (aka bpf_jit_enable=0): WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ...... CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ...... RIP: 0010:bpf_map_lookup_elem+0x54/0x60 ...... Call Trace: <TASK> ? __warn+0xa5/0x240 ? bpf_map_lookup_elem+0x54/0x60 ? report_bug+0x1ba/0x1f0 ? handle_bug+0x40/0x80 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1b/0x20 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ? rcu_lockdep_current_cpu_online+0x65/0xb0 ? rcu_is_watching+0x23/0x50 ? bpf_map_lookup_elem+0x54/0x60 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ___bpf_prog_run+0x513/0x3b70 __bpf_prog_run32+0x9d/0xd0 ? __bpf_prog_enter_sleepable_recur+0xad/0x120 ? __bpf_prog_enter_sleepable_recur+0x3e/0x120 bpf_trampoline_6442580665+0x4d/0x1000 __x64_sys_getpgid+0x5/0x30 ? do_syscall_64+0x36/0xb0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK>2024-03-26not yet calculatedCVE-2023-52621
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARN_ON is triggered: ================================================================== WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550 Modules linked in: sg(E) CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314 RIP: 0010:__alloc_pages+0x411/0x550 Call Trace: <TASK> __kmalloc_large_node+0xa2/0x200 __kmalloc+0x16e/0x290 ext4_resize_fs+0x481/0xd80 __ext4_ioctl+0x1616/0x1d90 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90 ================================================================== This is because flexbg_size is too large and the size of the new_group_data array to be allocated exceeds MAX_ORDER. Currently, the minimum value of MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding maximum number of groups that can be allocated is: (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ? 21845 And the value that is down-aligned to the power of 2 is 16384. Therefore, this value is defined as MAX_RESIZE_BG, and the number of groups added each time does not exceed this value during resizing, and is added multiple times to complete the online resizing. The difference is that the metadata in a flex_bg may be more dispersed.2024-03-26not yet calculatedCVE-2023-52622
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running pNFS: [ 57.202521] ============================= [ 57.202522] WARNING: suspicious RCU usage [ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted [ 57.202525] ----------------------------- [ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!! [ 57.202527] other info that might help us debug this: [ 57.202528] rcu_scheduler_active = 2, debug_locks = 1 [ 57.202529] no locks held by test5/3567. [ 57.202530] stack backtrace: [ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e [ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022 [ 57.202536] Call Trace: [ 57.202537] <TASK> [ 57.202540] dump_stack_lvl+0x77/0xb0 [ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0 [ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a] [ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a] [ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202866] write_cache_pages+0x265/0x450 [ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202913] do_writepages+0xd2/0x230 [ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80 [ 57.202921] filemap_fdatawrite_wbc+0x67/0x80 [ 57.202924] filemap_write_and_wait_range+0xd9/0x170 [ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202969] __se_sys_close+0x46/0xd0 [ 57.202972] do_syscall_64+0x68/0x100 [ 57.202975] ? do_syscall_64+0x77/0x100 [ 57.202976] ? do_syscall_64+0x77/0x100 [ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 57.202982] RIP: 0033:0x7fe2b12e4a94 [ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3 [ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94 [ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003 [ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49 [ 57.202993] R10: 00007f ---truncated---2024-03-26not yet calculatedCVE-2023-52623
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands [Why] DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. [How] Add dc_wake_and_execute_gpint() to wrap the wake, execute, sleep sequence. If the GPINT executes successfully then DMCUB will be put back into sleep after the optional response is returned. It functions similar to the inbox command interface.2024-03-26not yet calculatedCVE-2023-52624
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Refactor DMCUB enter/exit idle interface [Why] We can hang in place trying to send commands when the DMCUB isn't powered on. [How] We need to exit out of the idle state prior to sending a command, but the process that performs the exit also invokes a command itself. Fixing this issue involves the following: 1. Using a software state to track whether or not we need to start the process to exit idle or notify idle. It's possible for the hardware to have exited an idle state without driver knowledge, but entering one is always restricted to a driver allow - which makes the SW state vs HW state mismatch issue purely one of optimization, which should seldomly be hit, if at all. 2. Refactor any instances of exit/notify idle to use a single wrapper that maintains this SW state. This works simialr to dc_allow_idle_optimizations, but works at the DMCUB level and makes sure the state is marked prior to any notify/exit idle so we don't enter an infinite loop. 3. Make sure we exit out of idle prior to sending any commands or waiting for DMCUB idle. This patch takes care of 1/2. A future patch will take care of wrapping DMCUB command submission with calls to this new interface.2024-03-26not yet calculatedCVE-2023-52625
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context Indirection (*) is of lower precedence than postfix increment (++). Logic in napi_poll context would cause an out-of-bound read by first increment the pointer address by byte address space and then dereference the value. Rather, the intended logic was to dereference first and then increment the underlying value.2024-03-26not yet calculatedCVE-2023-52626
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user space when ADC readings fall bellow the thresholds of low limit registers or above the values set in high limit registers. However, to configure iio events and their thresholds, a set of callback functions must be implemented and those were not present until now. The consequence of trying to configure ad7091r-5 events without the proper callback functions was a null pointer dereference in the kernel because the pointers to the callback functions were not set. Implement event configuration callbacks allowing users to read/write event thresholds and enable/disable event generation. Since the event spec structs are generic to AD7091R devices, also move those from the ad7091r-5 driver the base driver so they can be reused when support for ad7091r-2/-4/-8 be added.2024-03-26not yet calculatedCVE-2023-52627
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961).2024-03-28not yet calculatedCVE-2023-52628
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts flush_work() before timer_shutdown_sync() in switch_drv_remove(). Although we use flush_work() to stop the worker, it could be rescheduled in switch_timer(). As a result, a use-after-free bug can occur. The details are shown below: (cpu 0) | (cpu 1) switch_drv_remove() | flush_work() | ... | switch_timer // timer | schedule_work(&psw->work) timer_shutdown_sync() | ... | switch_work_handler // worker kfree(psw) // free | | psw->state = 0 // use This patch puts timer_shutdown_sync() before flush_work() to mitigate the bugs. As a result, the worker and timer will be stopped safely before the deallocate operations.2024-03-29not yet calculatedCVE-2023-52629
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl refers to a deleted subvolume, we get the following abort: BTRFS: Transaction aborted (error -2) WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs] Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs] RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027 RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840 RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998 R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80 FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0 Call Trace: <TASK> ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? __warn+0x81/0x130 ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? report_bug+0x171/0x1a0 ? handle_bug+0x3a/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? create_pending_snapshot+0x1040/0x1190 [btrfs] create_pending_snapshots+0x92/0xc0 [btrfs] btrfs_commit_transaction+0x66b/0xf40 [btrfs] btrfs_mksubvol+0x301/0x4d0 [btrfs] btrfs_mksnapshot+0x80/0xb0 [btrfs] __btrfs_ioctl_snap_create+0x1c2/0x1d0 [btrfs] btrfs_ioctl_snap_create_v2+0xc4/0x150 [btrfs] btrfs_ioctl+0x8a6/0x2650 [btrfs] ? kmem_cache_free+0x22/0x340 ? do_sys_openat2+0x97/0xe0 __x64_sys_ioctl+0x97/0xd0 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7fe20abe83af RSP: 002b:00007ffe6eff1360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe20abe83af RDX: 00007ffe6eff23c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fe20ad16cd0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe6eff13c0 R14: 00007fe20ad45000 R15: 0000559a120b6d58 </TASK> ---[ end trace 0000000000000000 ]--- BTRFS: error (device vdc: state A) in create_pending_snapshot:1875: errno=-2 No such entry BTRFS info (device vdc: state EA): forced readonly BTRFS warning (device vdc: state EA): Skipping commit of aborted transaction. BTRFS: error (device vdc: state EA) in cleanup_transaction:2055: errno=-2 No such entry This happens because create_pending_snapshot() initializes the new root item as a copy of the source root item. This includes the refs field, which is 0 for a deleted subvolume. The call to btrfs_insert_root() therefore inserts a root with refs == 0. btrfs_get_new_fs_root() then finds the root and returns -ENOENT if refs == 0, which causes create_pending_snapshot() to abort. Fix it by checking the source root's refs before attempting the snapshot, but after locking subvol_sem to avoid racing with deletion.2024-03-26not yet calculatedCVE-2024-26644
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram entries: $ while true; do echo hist:key=id.syscall:val=hitcount > \ /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist sleep 0.001 done $ stress-ng --sysbadaddr $(nproc) The warning looks as follows: [ 2911.172474] ------------[ cut here ]------------ [ 2911.173111] Duplicates detected: 1 [ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408 [ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E) [ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1 [ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01 [ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018 [ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408 [ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408 [ 2911.185310] sp : ffff8000a1513900 [ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001 [ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008 [ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180 [ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff [ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8 [ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731 [ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c [ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8 [ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000 [ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480 [ 2911.194259] Call trace: [ 2911.194626] tracing_map_sort_entries+0x3e0/0x408 [ 2911.195220] hist_show+0x124/0x800 [ 2911.195692] seq_read_iter+0x1d4/0x4e8 [ 2911.196193] seq_read+0xe8/0x138 [ 2911.196638] vfs_read+0xc8/0x300 [ 2911.197078] ksys_read+0x70/0x108 [ 2911.197534] __arm64_sys_read+0x24/0x38 [ 2911.198046] invoke_syscall+0x78/0x108 [ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8 [ 2911.199157] do_el0_svc+0x28/0x40 [ 2911.199613] el0_svc+0x40/0x178 [ 2911.200048] el0t_64_sync_handler+0x13c/0x158 [ 2911.200621] el0t_64_sync+0x1a8/0x1b0 [ 2911.201115] ---[ end trace 0000000000000000 ]--- The problem appears to be caused by CPU reordering of writes issued from __tracing_map_insert(). The check for the presence of an element with a given key in this function is: val = READ_ONCE(entry->val); if (val && keys_match(key, val->key, map->key_size)) ... The write of a new entry is: elt = get_free_elt(map); memcpy(elt->key, key, map->key_size); entry->val = elt; The "memcpy(elt->key, key, map->key_size);" and "entry->val = elt;" stores may become visible in the reversed order on another CPU. This second CPU might then incorrectly determine that a new key doesn't match an already present val->key and subse ---truncated---2024-03-26not yet calculatedCVE-2024-26645
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains constant throughout runtime. When resuming from hibernation, the restore kernel allocates a second memory buffer and reprograms the HFI hardware with the new location as part of a normal boot. The location of the second memory buffer may differ from the one allocated by the image kernel. When the restore kernel transfers control to the image kernel, its HFI buffer becomes invalid, potentially leading to memory corruption if the hardware writes to it (the hardware continues to use the buffer from the restore kernel). It is also possible that the hardware "forgets" the address of the memory buffer when resuming from "deep" suspend. Memory corruption may also occur in such a scenario. To prevent the described memory corruption, disable HFI when preparing to suspend or hibernate. Enable it when resuming. Add syscore callbacks to handle the package of the boot CPU (packages of non-boot CPUs are handled via CPU offline). Syscore ops always run on the boot CPU. Additionally, HFI only needs to be disabled during "deep" suspend and hibernation. Syscore ops only run in these cases. [ rjw: Comment adjustment, subject and changelog edits ]2024-03-26not yet calculatedCVE-2024-26646
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' In link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc' was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc' NULL pointer check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903)2024-03-26not yet calculatedCVE-2024-26647
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() In edp_setup_replay(), 'struct dc *dc' & 'struct dmub_replay *replay' was dereferenced before the pointer 'link' & 'replay' NULL check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933)2024-03-26not yet calculatedCVE-2024-26648
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it.2024-03-26not yet calculatedCVE-2024-26649
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe p2sb_bar() unhides P2SB device to get resources from the device. It guards the operation by locking pci_rescan_remove_lock so that parallel rescans do not find the P2SB device. However, this lock causes deadlock when PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan locks pci_rescan_remove_lock and probes PCI devices. When PCI devices call p2sb_bar() during probe, it locks pci_rescan_remove_lock again. Hence the deadlock. To avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar(). Instead, do the lock at fs_initcall. Introduce p2sb_cache_resources() for fs_initcall which gets and caches the P2SB resources. At p2sb_bar(), refer the cache and return to the caller. Before operating the device at P2SB DEVFN for resource cache, check that its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH specifications define. This avoids unexpected operation to other devices at the same DEVFN. Tested-by Klara Modin <klarasmodin@gmail.com>2024-03-26not yet calculatedCVE-2024-26650
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error.2024-03-27not yet calculatedCVE-2024-26651
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
linux -- linux
 
In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.2024-03-27not yet calculatedCVE-2024-26652
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
416baaa9-dc9f-4396-8d5f-8c081fb06d67
lunarnight_laboratory -- webproxy
 
OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9.2024-03-26not yet calculatedCVE-2024-28033
vultures@jpcert.or.jp
n/a -- vertx
 
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.2024-03-27not yet calculatedCVE-2024-1023
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
nec_corporation -- wg1800hp4
 
Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker who has obtained high privileges can execute arbitrary scripts.2024-03-28not yet calculatedCVE-2024-28005
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to view device information.2024-03-28not yet calculatedCVE-2024-28006
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.2024-03-28not yet calculatedCVE-2024-28007
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command via the internet.2024-03-28not yet calculatedCVE-2024-28008
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.2024-03-28not yet calculatedCVE-2024-28009
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command via the internet.2024-03-28not yet calculatedCVE-2024-28010
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet2024-03-28not yet calculatedCVE-2024-28011
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.2024-03-28not yet calculatedCVE-2024-28012
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to change settings via the internet.2024-03-28not yet calculatedCVE-2024-28013
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command via the internet.2024-03-28not yet calculatedCVE-2024-28014
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.2024-03-28not yet calculatedCVE-2024-28015
psirt-info@cyber.jp.nec.com
nec_corporation -- wg1800hp4
 
Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to get device informations via the internet.2024-03-28not yet calculatedCVE-2024-28016
psirt-info@cyber.jp.nec.com
okta -- okta_verify_for_windows
 
The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.2024-03-28not yet calculatedCVE-2024-0980
psirt@okta.com
parisneo -- parisneo/lollms-webui
 
I have activated the CORS because I had a development ui that uses another port number then I forgot to remove it. So what I just did is : - First removed the cors configuration that allows everyone to access it : before: ```python sio = socketio.AsyncServer(async_mode="asgi", cors_allowed_origins="*", ping_timeout=1200, ping_interval=30) # Enable CORS for every one ``` after: ```python cert_file_path = lollms_paths.personal_certificates/"cert.pem" key_file_path = lollms_paths.personal_certificates/"key.pem" if os.path.exists(cert_file_path) and os.path.exists(key_file_path): is_https = True else: is_https = False # Create a Socket.IO server sio = socketio.AsyncServer(async_mode="asgi", cors_allowed_origins=config.allowed_origins+[f"https://localhost:{config['port']}" if is_https else f"http://localhost:{config['port']}"], ping_timeout=1200, ping_interval=30) # Enable CORS for selected origins ``` - Second, I have updated lollms to have two modes (a headless mode and a ui mode). And updated the /execute_code to block if the server is headless or is exposed ```python @router.post("/execute_code") async def execute_code(request: Request): """ Executes Python code and returns the output. :param request: The HTTP request object. :return: A JSON response with the status of the operation. """ if lollmsElfServer.config.headless_server_mode: return {"status":False,"error":"Code execution is blocked when in headless mode for obvious security reasons!"} if lollmsElfServer.config.host=="0.0.0.0": return {"status":False,"error":"Code execution is blocked when the server is exposed outside for very obvipous reasons!"} try: data = (await request.json()) code = data["code"] discussion_id = int(data.get("discussion_id","unknown_discussion")) message_id = int(data.get("message_id","unknown_message")) language = data.get("language","python") if language=="python": ASCIIColors.info("Executing python code:") ASCIIColors.yellow(code) return execute_python(code, discussion_id, message_id) if language=="javascript": ASCIIColors.info("Executing javascript code:") ASCIIColors.yellow(code) return execute_javascript(code, discussion_id, message_id) if language in ["html","html5","svg"]: ASCIIColors.info("Executing javascript code:") ASCIIColors.yellow(code) return execute_html(code, discussion_id, message_id) elif language=="latex": ASCIIColors.info("Executing latex code:") ASCIIColors.yellow(code) return execute_latex(code, discussion_id, message_id) elif language in ["bash","shell","cmd","powershell"]: ASCIIColors.info("Executing shell code:") ASCIIColors.yellow(code) return execute_bash(code, discussion_id, message_id) elif language in ["mermaid"]: ASCIIColors.info("Executing mermaid code:") ASCIIColors.yellow(code) return execute_mermaid(code, discussion_id, message_id) elif language in ["graphviz","dot"]: ASCIIColors.info("Executing graphviz code:") ASCIIColors.yellow(code) return execute_graphviz(code, discussion_id, message_id) return {"status": False, "error": "Unsupported language", "execution_time": 0} except Exception as ex: trace_exception(ex) lollmsElfServer.error(ex) return {"status":False,"error":str(ex)} ``` I also added an optional https mode and looking forward to add a full authentication with cookies and a personal session etc. All updates will be in V 9.1 Again, thanks alot for your work. I will make it harder next time, but if you find more bugs, just be my guest :)2024-03-30not yet calculatedCVE-2024-1522
security@huntr.dev
security@huntr.dev
sira.jp -- easyrange
 
EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41.2024-03-26not yet calculatedCVE-2024-28131
vultures@jpcert.or.jp
thorsten -- phpmyfaq
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.2024-03-25not yet calculatedCVE-2024-29179
security-advisories@github.com
tvrock -- tvrock
 
Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a.2024-03-26not yet calculatedCVE-2024-26018
vultures@jpcert.or.jp
unknown -- backup_and_restore_wordpress_
 
The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data2024-03-26not yet calculatedCVE-2023-7232
contact@wpscan.com
unknown -- cm_download_manager_
 
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack2024-03-25not yet calculatedCVE-2024-1231
contact@wpscan.com
unknown -- cm_download_manager_
 
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack2024-03-25not yet calculatedCVE-2024-1232
contact@wpscan.com
unknown -- cm_download_manager_
 
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack2024-03-25not yet calculatedCVE-2024-1962
contact@wpscan.com
unknown -- pz-linkcard
 
The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2024-03-28not yet calculatedCVE-2024-0672
contact@wpscan.com
unknown -- pz-linkcard
 
The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2024-03-28not yet calculatedCVE-2024-0673
contact@wpscan.com
unknown -- pz-linkcard
 
The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.2024-03-28not yet calculatedCVE-2024-0677
contact@wpscan.com
unknown -- testimonial_slider
 
The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them.2024-03-26not yet calculatedCVE-2024-1745
contact@wpscan.com
unknown -- wp-schema-pro
 
The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode2024-03-25not yet calculatedCVE-2024-1564
contact@wpscan.com
zerochannel -- 0ch_bbs_script
v
Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using 0ch BBS Script ver.4.00.2024-03-26not yet calculatedCVE-2024-28126
vultures@jpcert.or.jp
N/A -- N/A

 
Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability.2024-03-27not yet calculatedCVE-2017-20190
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.2024-03-24not yet calculatedCVE-2018-25100
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.2024-03-24not yet calculatedCVE-2020-36827
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data.2024-03-28not yet calculatedCVE-2021-31156
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests.2024-03-28not yet calculatedCVE-2023-25341
cve@mitre.org
N/A -- N/A

 
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks.2024-03-27not yet calculatedCVE-2023-25364
cve@mitre.org
N/A -- N/A

 
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.2024-03-27not yet calculatedCVE-2023-29134
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.2024-03-27not yet calculatedCVE-2023-31634
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem.2024-03-27not yet calculatedCVE-2023-31854
cve@mitre.org
N/A -- N/A

 
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).2024-03-28not yet calculatedCVE-2023-33528
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.2024-03-27not yet calculatedCVE-2023-39804
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.2024-03-27not yet calculatedCVE-2023-40284
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.2024-03-27not yet calculatedCVE-2023-40285
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.2024-03-27not yet calculatedCVE-2023-40286
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.2024-03-27not yet calculatedCVE-2023-40287
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.2024-03-27not yet calculatedCVE-2023-40288
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.2024-03-27not yet calculatedCVE-2023-40289
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.2024-03-27not yet calculatedCVE-2023-40290
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.2024-03-27not yet calculatedCVE-2023-43768
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.2024-03-27not yet calculatedCVE-2023-45913
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.2024-03-27not yet calculatedCVE-2023-45919
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.2024-03-27not yet calculatedCVE-2023-45920
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.2024-03-27not yet calculatedCVE-2023-45922
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.2024-03-27not yet calculatedCVE-2023-45924
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails).2024-03-27not yet calculatedCVE-2023-45925
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().2024-03-27not yet calculatedCVE-2023-45927
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().2024-03-27not yet calculatedCVE-2023-45929
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.2024-03-27not yet calculatedCVE-2023-45931
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.2024-03-27not yet calculatedCVE-2023-45935
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.2024-03-27not yet calculatedCVE-2023-46046
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.2024-03-27not yet calculatedCVE-2023-46047
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.2024-03-27not yet calculatedCVE-2023-46048
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.2024-03-27not yet calculatedCVE-2023-46049
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.2024-03-27not yet calculatedCVE-2023-46051
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.2024-03-27not yet calculatedCVE-2023-46052
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.2024-03-25not yet calculatedCVE-2023-47430
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter.2024-03-27not yet calculatedCVE-2023-47438
cve@mitre.org
N/A -- N/A

 
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.2024-03-29not yet calculatedCVE-2023-49231
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users.2024-03-29not yet calculatedCVE-2023-49232
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server.2024-03-29not yet calculatedCVE-2023-49234
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%\SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem.2024-03-26not yet calculatedCVE-2023-50702
cve@mitre.org
N/A -- N/A

 
In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information.2024-03-26not yet calculatedCVE-2023-50894
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code.2024-03-26not yet calculatedCVE-2023-50895
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468.2024-03-28not yet calculatedCVE-2023-50969
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action.2024-03-26not yet calculatedCVE-2023-51146
cve@mitre.org
N/A -- N/A

 
Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action.2024-03-26not yet calculatedCVE-2023-51147
cve@mitre.org
N/A -- N/A

 
An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.2024-03-26not yet calculatedCVE-2023-51148
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.2024-03-26not yet calculatedCVE-2024-23722
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.2024-03-28not yet calculatedCVE-2024-23727
cve@mitre.org
N/A -- N/A

 
A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2.2024-03-27not yet calculatedCVE-2024-24334
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2.2024-03-27not yet calculatedCVE-2024-24335
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component.2024-03-28not yet calculatedCVE-2024-24407
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack.2024-03-25not yet calculatedCVE-2024-25175
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function.2024-03-27not yet calculatedCVE-2024-25354
cve@mitre.org
N/A -- N/A

 
drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow.2024-03-27not yet calculatedCVE-2024-25388
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c.2024-03-27not yet calculatedCVE-2024-25389
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2.2024-03-27not yet calculatedCVE-2024-25390
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2.2024-03-27not yet calculatedCVE-2024-25391
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2.2024-03-27not yet calculatedCVE-2024-25392
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.2024-03-27not yet calculatedCVE-2024-25393
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character.2024-03-27not yet calculatedCVE-2024-25394
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2.2024-03-27not yet calculatedCVE-2024-25395
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.2024-03-26not yet calculatedCVE-2024-25420
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.2024-03-26not yet calculatedCVE-2024-25421
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie.2024-03-28not yet calculatedCVE-2024-25506
cve@mitre.org
N/A -- N/A

 
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.2024-03-27not yet calculatedCVE-2024-25580
cve@mitre.org
N/A -- N/A

 
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts.2024-03-27not yet calculatedCVE-2024-25734
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request.2024-03-27not yet calculatedCVE-2024-25735
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.2024-03-27not yet calculatedCVE-2024-25736
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data.2024-03-26not yet calculatedCVE-2024-26577
cve@mitre.org
N/A -- N/A

 
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user "root").2024-03-26not yet calculatedCVE-2024-27521
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot.2024-03-29not yet calculatedCVE-2024-27619
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function.2024-03-28not yet calculatedCVE-2024-27719
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.2024-03-27not yet calculatedCVE-2024-28085
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp.2024-03-28not yet calculatedCVE-2024-28090
cve@mitre.org
N/A -- N/A

 
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion).2024-03-28not yet calculatedCVE-2024-28091
cve@mitre.org
N/A -- N/A

 
The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account.2024-03-26not yet calculatedCVE-2024-28093
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise.2024-03-30not yet calculatedCVE-2024-28288
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command.2024-03-27not yet calculatedCVE-2024-28335
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.2024-03-25not yet calculatedCVE-2024-28386
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.2024-03-25not yet calculatedCVE-2024-28387
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method.2024-03-25not yet calculatedCVE-2024-28393
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.2024-03-29not yet calculatedCVE-2024-28405
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php2024-03-25not yet calculatedCVE-2024-28421
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.2024-03-25not yet calculatedCVE-2024-28434
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.2024-03-25not yet calculatedCVE-2024-28435
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component.2024-03-26not yet calculatedCVE-2024-28442
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form.2024-03-28not yet calculatedCVE-2024-28456
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.2024-03-26not yet calculatedCVE-2024-28545
cve@mitre.org
N/A -- N/A

 
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function.2024-03-26not yet calculatedCVE-2024-28551
cve@mitre.org
N/A -- N/A

 
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.2024-03-28not yet calculatedCVE-2024-28713
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter.2024-03-28not yet calculatedCVE-2024-28714
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system.2024-03-27not yet calculatedCVE-2024-28815
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.2024-03-29not yet calculatedCVE-2024-28960
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.2024-03-25not yet calculatedCVE-2024-29216
vultures@jpcert.or.jp
vultures@jpcert.or.jp
N/A -- N/A

 
funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in "create a message ."2024-03-30not yet calculatedCVE-2024-29278
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=2024-03-26not yet calculatedCVE-2024-29301
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php.2024-03-26not yet calculatedCVE-2024-29302
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection2024-03-26not yet calculatedCVE-2024-29303
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true.2024-03-28not yet calculatedCVE-2024-29316
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.2024-03-26not yet calculatedCVE-2024-29401
cve@mitre.org
N/A -- N/A

 
An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information.2024-03-25not yet calculatedCVE-2024-29440
cve@mitre.org
N/A -- N/A

 
An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information.2024-03-25not yet calculatedCVE-2024-29442
cve@mitre.org
N/A -- N/A

 
Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type.2024-03-28not yet calculatedCVE-2024-29489
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.2024-03-25not yet calculatedCVE-2024-29515
cve@mitre.org
N/A -- N/A

 
An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component.2024-03-29not yet calculatedCVE-2024-29640
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.2024-03-26not yet calculatedCVE-2024-29644
cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components.2024-03-25not yet calculatedCVE-2024-29650
cve@mitre.org
cve@mitre.org
N/A -- N/A

 
Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.2024-03-25not yet calculatedCVE-2024-29666
cve@mitre.org
N/A -- N/A

 
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter.2024-03-29not yet calculated