Vulnerability Summary for the Week of May 6, 2024
Released
May 13, 2024
Document ID
SB24-134
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| academy_lms -- academy_lms | Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. | 2024-05-06 | 7.1 | CVE-2024-33912 audit@patchstack.com |
| brevo_for_woocommerce -- sendinblue_for_woocommerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. | 2024-05-06 | 8.5 | CVE-2024-32807 audit@patchstack.com |
| brocade -- brocade_sannav | The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. | 2024-05-08 | 7.8 | CVE-2024-2860 sirt@brocade.com |
| codesys -- codesys_development_system_v2.3 | An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability. | 2024-05-06 | 7.8 | CVE-2023-49675 info@cert.vde.com |
| delta_electronics -- diaenergie | A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field | 2024-05-06 | 9.8 | CVE-2024-4547 vulnreport@tenable.com |
| delta_electronics -- diaenergie | An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. | 2024-05-06 | 9.8 | CVE-2024-4548 vulnreport@tenable.com |
| delta_electronics -- diaenergie | A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. | 2024-05-06 | 7.5 | CVE-2024-4549 vulnreport@tenable.com |
| denoland -- deno | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `--allow-env`, and writing `/proc/self/mem` may provide access equivalent to `--allow-all`. Users who grant read and write access to the entire filesystem may not realize that these access to these files may have additional, unintended consequences. The documentation did not reflect that this practice should be undertaken to increase the strength of the security sandbox. Users who run code with `--allow-read` or `--allow-write` may unexpectedly end up granting additional permissions via file-system operations. Deno 1.43 and above require explicit `--allow-all` access to read or write `/etc`, `/dev` on unix platform (as well as `/proc` and `/sys` on linux platforms), and any path starting with `\\` on Windows. | 2024-05-07 | 8.4 | CVE-2024-34346 security-advisories@github.com |
| ethereum -- go-ethereum | go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards. | 2024-05-06 | 7.5 | CVE-2024-32972 security-advisories@github.com security-advisories@github.com |
| f5 -- big-ip | A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 8 | CVE-2024-31156 f5sirt@f5.com |
| f5 -- big-ip | When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.5 | CVE-2024-33608 f5sirt@f5.com |
| f5 -- big-ip_edge_client | An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.4 | CVE-2024-28883 f5sirt@f5.com |
| f5 -- big-ip_next_central_manager | An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.5 | CVE-2024-21793 f5sirt@f5.com |
| f5 -- big-ip_next_central_manager | An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-05-08 | 7.5 | CVE-2024-26026 f5sirt@f5.com |
| f5 -- big-ip_next_central_manager | BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.4 | CVE-2024-32049 f5sirt@f5.com |
| f5 -- big-ip | When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 7.5 | CVE-2024-25560 f5sirt@f5.com |
| faraday -- gm8181 | A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304. | 2024-05-07 | 7.3 | CVE-2024-4582 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| fedora -- dnf5daemon-server | Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question. On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though. Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker. | 2024-05-08 | 8.8 | CVE-2024-2746 secalert@redhat.com |
| fedora -- dnf5daemon-server | Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the "config" key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration. Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this "config" map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access. | 2024-05-08 | 7.5 | CVE-2024-1929 patrick@puiterwijk.org |
| fermyon -- spin | Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application's component handling the incoming request is configured with an `allow_outbound_hosts` list containing `"self"`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn't include the hostname/port. Spin 2.4.3 has been released to fix this issue. | 2024-05-08 | 9.1 | CVE-2024-32980 security-advisories@github.com security-advisories@github.com |
| glpi-project -- glpi | GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15. | 2024-05-07 | 7.1 | CVE-2024-29889 security-advisories@github.com security-advisories@github.com |
| glpi-project -- glpi | GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15. | 2024-05-07 | 7.7 | CVE-2024-31456 security-advisories@github.com security-advisories@github.com |
| hoppscotch -- hoppscotch | @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0. | 2024-05-08 | 8.3 | CVE-2024-34347 security-advisories@github.com security-advisories@github.com |
| ibm -- aix | IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903. | 2024-05-07 | 8.1 | CVE-2024-27273 psirt@us.ibm.com psirt@us.ibm.com |
| ietf -- dhcp | DHCP can add routes to a client's routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | 2024-05-06 | 7.6 | CVE-2024-3661 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 9119a7d8-5eab-497f-8521-727c672e3725 |
| impronta -- janto_ticketing_software | IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket. | 2024-05-07 | 7.5 | CVE-2024-4537 cve-coordination@incibe.es |
| impronta -- janto_ticketing_software | IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data. | 2024-05-07 | 7.5 | CVE-2024-4538 cve-coordination@incibe.es |
| lan_messenger -- lan_messenger | Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol. | 2024-05-07 | 7.5 | CVE-2024-4599 cve-coordination@incibe.es |
| leadconnector -- leadconnector | Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7. | 2024-05-06 | 8.6 | CVE-2024-34378 audit@patchstack.com |
| litestar-org -- litestar | Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4. | 2024-05-06 | 8.2 | CVE-2024-32982 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| lucian_apostol -- auto_affiliate_links | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1. | 2024-05-06 | 7.6 | CVE-2024-34386 audit@patchstack.com |
| lunar -- lunar | Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information. | 2024-05-08 | 7.7 | CVE-2024-3507 cve-coordination@incibe.es |
| moxa -- nport_5100a_series | The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges. | 2024-05-06 | 8.3 | CVE-2024-3576 psirt@moxa.com |
| oisf -- suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536). | 2024-05-07 | 7.5 | CVE-2024-32663 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| pallets -- werkzeug | Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3. | 2024-05-06 | 7.5 | CVE-2024-34069 security-advisories@github.com security-advisories@github.com |
| parcel_panel -- parcelpanel | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. | 2024-05-06 | 8.5 | CVE-2024-34412 audit@patchstack.com |
| popup_box_team -- popup_box | Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2. | 2024-05-06 | 7.1 | CVE-2024-34367 audit@patchstack.com |
| pressfore -- rolo_slider | Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9. | 2024-05-08 | 7.7 | CVE-2024-1438 audit@patchstack.com |
| ptc -- codebeamer | PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code. | 2024-05-08 | 7.1 | CVE-2024-3951 ics-cert@hq.dhs.gov |
| qualcomm,_inc. -- snapdragon | Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. | 2024-05-06 | 8.4 | CVE-2023-33119 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption while verifying the serialized header when the key pairs are generated. | 2024-05-06 | 8.4 | CVE-2023-43531 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. | 2024-05-06 | 8.4 | CVE-2024-21471 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption when size of buffer from previous call is used without validation or re-initialization. | 2024-05-06 | 8.4 | CVE-2024-21474 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. | 2024-05-06 | 8.4 | CVE-2024-23351 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption when the IOCTL call is interrupted by a signal. | 2024-05-06 | 8.4 | CVE-2024-23354 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. | 2024-05-06 | 7.5 | CVE-2023-43529 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption when the payload received from firmware is not as per the expected protocol size. | 2024-05-06 | 7.8 | CVE-2024-21475 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption when the channel ID passed by user is not validated and further used. | 2024-05-06 | 7.8 | CVE-2024-21476 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. | 2024-05-06 | 7.5 | CVE-2024-21477 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption while playing audio file having large-sized input buffer. | 2024-05-06 | 7.3 | CVE-2024-21480 product-security@qualcomm.com |
| red_hat -- red_hat_openstack_platform_16.1 | The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | 2024-05-08 | 7.5 | CVE-2024-4436 secalert@redhat.com secalert@redhat.com |
| red_hat -- red_hat_openstack_platform_16.1 | The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | 2024-05-08 | 7.5 | CVE-2024-4437 secalert@redhat.com secalert@redhat.com |
| red_hat -- red_hat_openstack_platform_16.1 | The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | 2024-05-08 | 7.5 | CVE-2024-4438 secalert@redhat.com secalert@redhat.com |
| repute_infosystems -- arforms_form_builder | Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | 2024-05-08 | 7.6 | CVE-2024-31270 audit@patchstack.com |
| scribit -- gdpr_compliance | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5. | 2024-05-06 | 7.5 | CVE-2024-34388 audit@patchstack.com |
| select-themes -- stockholm_core | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1. | 2024-05-08 | 7.1 | CVE-2024-34553 audit@patchstack.com |
| silicon_labs -- z-wave_sdk | A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices. | 2024-05-07 | 8.1 | CVE-2024-22472 product-security@silabs.com |
| socomec -- net_vision | Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the 'set_param.cgi' file. | 2024-05-07 | 7.1 | CVE-2024-4600 cve-coordination@incibe.es |
| stacklok -- minder | Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48. | 2024-05-07 | 7.5 | CVE-2024-34084 security-advisories@github.com security-advisories@github.com |
| thenbrent -- social_connect | The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2024-05-08 | 9.8 | CVE-2024-4393 security@wordfence.com security@wordfence.com |
| vmware -- vmware_avi_load_balancer | VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system. | 2024-05-08 | 7.2 | CVE-2024-22264 security@vmware.com |
| webpushr_web_push_notifications -- webpushr | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0. | 2024-05-06 | 7.1 | CVE-2024-34369 audit@patchstack.com |
| wisdmlabs -- edwiser_bridge_-_wordpress_moodle_lms_integration | The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled. | 2024-05-07 | 9.8 | CVE-2024-4186 security@wordfence.com security@wordfence.com security@wordfence.com |
| wojtekmaj -- react-pdf | react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2. | 2024-05-07 | 7.1 | CVE-2024-34342 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| wshberlin -- startklar_elementor_addons | The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-05-07 | 9.8 | CVE-2024-4345 security@wordfence.com security@wordfence.com security@wordfence.com |
| wshberlin -- startklar_elementor_addons | The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. | 2024-05-07 | 9.1 | CVE-2024-4346 security@wordfence.com security@wordfence.com security@wordfence.com |
| N/A -- N/A | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release. | 2024-05-06 | 7.3 | CVE-2024-34089 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release. | 2024-05-06 | 7.3 | CVE-2024-34090 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release. | 2024-05-06 | 7.3 | CVE-2024-34091 cve@mitre.org cve@mitre.org |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| a_wp_life -- video_gallery_-_api_gallery,_youtube_and_vimeo,_link_gallery | Missing Authorization vulnerability in A WP Life Video Gallery - Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery - Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3. | 2024-05-06 | 4.3 | CVE-2024-34377 audit@patchstack.com |
| addonmaster -- post_grid_master | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8. | 2024-05-06 | 6.5 | CVE-2024-34390 audit@patchstack.com |
| addonmaster -- post_grid_master | Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7. | 2024-05-06 | 5.3 | CVE-2024-34372 audit@patchstack.com |
| af_themes -- wp_post_author | Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. | 2024-05-06 | 4.3 | CVE-2024-34387 audit@patchstack.com |
| af_themes -- wp_post_author | Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. | 2024-05-06 | 4.3 | CVE-2024-34389 audit@patchstack.com |
| aipost -- ai_wp_writer | Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5. | 2024-05-08 | 5.3 | CVE-2024-30459 audit@patchstack.com |
| alttext.ai -- download_alt_text_ai | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through 1.3.4. | 2024-05-06 | 5.9 | CVE-2024-34366 audit@patchstack.com |
| amp-mode -- debug_info | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debug Info allows Stored XSS.This issue affects Debug Info: from n/a through 1.3.10. | 2024-05-08 | 5.9 | CVE-2024-34565 audit@patchstack.com |
| apache_software_foundation -- apache_superset | An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue. | 2024-05-07 | 4.3 | CVE-2024-28148 security@apache.org |
| appsbd -- vitepos | Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1. | 2024-05-08 | 4.3 | CVE-2024-33574 audit@patchstack.com |
| barpachuk -- clickcease_click_fraud_protection | The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to retrieve the plugin's configured API keys. | 2024-05-07 | 4.3 | CVE-2023-6810 security@wordfence.com security@wordfence.com |
| basecamp -- trix | Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content. | 2024-05-07 | 5.4 | CVE-2024-34341 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| bluenet_technology -- clinical_browsing_system | A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263498 is the identifier assigned to this vulnerability. | 2024-05-08 | 6.3 | CVE-2024-4653 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| bluenet_technology -- clinical_browsing_system | A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499. | 2024-05-08 | 6.3 | CVE-2024-4654 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| breakdance -- breakdance | The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-05-06 | 6.4 | CVE-2023-6854 security@wordfence.com security@wordfence.com |
| codesys -- codesys_development_system_v2.3 | An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability. | 2024-05-06 | 5.5 | CVE-2023-49676 info@cert.vde.com |
| creative_interactive_media -- 3d_flipbook,_pdf_viewer,_pdf_embedder_-_real_3d_flipbook_wordpress_plugin | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress Plugin: from n/a through 3.71. | 2024-05-08 | 5.9 | CVE-2024-34561 audit@patchstack.com |
| dell -- data_manager_appliance_software_(dmas) | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | 2024-05-08 | 6.5 | CVE-2024-24908 security_alert@emc.com |
| eclipse_foundation -- edc | In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specific data address properties are resolved by the provider data plane. Problematically, the consumer-provided clientSecretKey, which indicates the OAuth2 client secret to retrieve from a secrets vault, is resolved in the context of the provider's vault, not the consumer. This secret's value is then sent to the tokenUrl, also consumer-controlled, as part of an OAuth2 client credentials grant. The returned access token is then sent as a bearer token to the data sink URL. This feature is now disabled entirely, because not all code paths necessary for a successful realization were fully implemented. | 2024-05-07 | 6.8 | CVE-2024-4536 emo@eclipse.org emo@eclipse.org emo@eclipse.org emo@eclipse.org |
| eprolo -- eprolo_dropshipping | Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1. | 2024-05-08 | 4.3 | CVE-2024-33573 audit@patchstack.com |
| f5 -- big-ip | Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-05-08 | 6.5 | CVE-2024-32761 f5sirt@f5.com |
| f5 -- big-ip | A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-05-08 | 6.1 | CVE-2024-33604 f5sirt@f5.com |
| f5 -- big-ip | When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 5.9 | CVE-2024-28889 f5sirt@f5.com |
| f5 -- big-ip | A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 4.7 | CVE-2024-27202 f5sirt@f5.com |
| f5 -- big-ip_next_central_manager | An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 6.8 | CVE-2024-33612 f5sirt@f5.com |
| f5 -- big-ip_next_cnf | Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-05-08 | 4.4 | CVE-2024-28132 f5sirt@f5.com |
| faraday -- gm8181 | A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability. | 2024-05-07 | 5.3 | CVE-2024-4583 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| faraday -- gm8181 | A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 5.3 | CVE-2024-4584 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| fedora -- dnf5daemon-server | No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service. | 2024-05-08 | 6.5 | CVE-2024-1930 patrick@puiterwijk.org |
| goldaddons -- gold_addons_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoldAddons Gold Addons for Elementor allows Stored XSS.This issue affects Gold Addons for Elementor: from n/a through 1.2.9. | 2024-05-08 | 6.5 | CVE-2024-34563 audit@patchstack.com |
| gomo -- gee_search_plus | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GOMO gee Search Plus allows Stored XSS.This issue affects gee Search Plus: from n/a through 1.4.4. | 2024-05-08 | 5.9 | CVE-2024-34560 audit@patchstack.com |
| habibcoder -- sticky_social_link | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HabibCoder Sticky Social Link allows Stored XSS.This issue affects Sticky Social Link: from n/a through 1.0.0. | 2024-05-08 | 5.9 | CVE-2024-34546 audit@patchstack.com |
| hamid_alinia_-_idehweb -- login_with_phone_number | Missing Authorization vulnerability in Hamid Alinia - idehweb Login with phone number.This issue affects Login with phone number: from n/a through 1.7.18. | 2024-05-06 | 4.3 | CVE-2024-34371 audit@patchstack.com |
| hcl_software -- bigfix_compliance | Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity. | 2024-05-07 | 6.5 | CVE-2024-23551 psirt@hcl.com |
| horearadu -- mesmerize_companion | The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerize_contact_form' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-05-08 | 6.4 | CVE-2024-3494 security@wordfence.com security@wordfence.com |
| ibm -- watson_cp4d_data_stores | IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. | 2024-05-07 | 6.2 | CVE-2023-40694 psirt@us.ibm.com psirt@us.ibm.com |
| jackdewey -- link_library | The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-05-08 | 6.4 | CVE-2024-4281 security@wordfence.com security@wordfence.com |
| johan_van_der_wijk -- content_blocks_(custom_post_widget) | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.0. | 2024-05-08 | 6.5 | CVE-2024-34566 audit@patchstack.com |
| joomunited -- wp_latest_posts | The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-05-08 | 5.4 | CVE-2024-4135 security@wordfence.com security@wordfence.com |
| katie_seaborn -- zotpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.9. | 2024-05-08 | 6.5 | CVE-2024-34569 audit@patchstack.com |
| leevio -- happy_addons_for_elementor | Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. | 2024-05-08 | 4.3 | CVE-2024-24833 audit@patchstack.com |
| logichunt_inc. -- counter_up | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through 2.2.1. | 2024-05-08 | 6.5 | CVE-2024-34564 audit@patchstack.com |
| matthiask -- html-sanitizer | html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2. | 2024-05-06 | 6.1 | CVE-2024-34078 security-advisories@github.com security-advisories@github.com |
| michael_nelson -- print_my_blog | Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2. | 2024-05-06 | 5.3 | CVE-2024-33907 audit@patchstack.com |
| moveaddons -- move_addons_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.0. | 2024-05-08 | 6.5 | CVE-2024-34562 audit@patchstack.com |
| multi-column_tag_map -- multi-column_tag_map | Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26. | 2024-05-08 | 6.5 | CVE-2023-41651 audit@patchstack.com |
| n/a -- dedecms | A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4585 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- dedecms | A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/shops_delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263308. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4586 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- dedecms | A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263309 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4587 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- dedecms | A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263310 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4588 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- dedecms | A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/mytag_edit.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263311. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4589 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- dedecms | A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263312. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4590 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- dedecms | A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4591 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- dedecms | A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4592 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- dedecms | A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4593 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- dedecms | A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-07 | 4.3 | CVE-2024-4594 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a -- semcms | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability. | 2024-05-07 | 6.3 | CVE-2024-4595 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| nobita -- raindrops | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nobita allows Stored XSS.This issue affects raindrops: from n/a through 1.600. | 2024-05-08 | 6.5 | CVE-2024-34414 audit@patchstack.com |
| noor_alam -- magical_addons_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34. | 2024-05-08 | 6.5 | CVE-2024-34547 audit@patchstack.com |
| octopus_deploy -- octopus_server | In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. | 2024-05-08 | 4.1 | CVE-2024-4456 security@octopus.com |
| oisf -- suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false. | 2024-05-07 | 5.3 | CVE-2024-32664 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| oisf -- suricata | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19. | 2024-05-07 | 5.3 | CVE-2024-32867 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| ollybach -- wppizza | Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. | 2024-05-06 | 6.5 | CVE-2024-33576 audit@patchstack.com |
| open-xchange_gmbh -- ox_app_suite | E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known. | 2024-05-06 | 6.5 | CVE-2024-23186 security@open-xchange.com security@open-xchange.com security@open-xchange.com |
| open-xchange_gmbh -- ox_app_suite | Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known. | 2024-05-06 | 6.5 | CVE-2024-23187 security@open-xchange.com security@open-xchange.com security@open-xchange.com |
| open-xchange_gmbh -- ox_app_suite | Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known. | 2024-05-06 | 6.5 | CVE-2024-23188 security@open-xchange.com security@open-xchange.com security@open-xchange.com |
| open-xchange_gmbh -- ox_app_suite | E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known. | 2024-05-06 | 5.3 | CVE-2024-23193 security@open-xchange.com security@open-xchange.com security@open-xchange.com |
| openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. | 2024-05-07 | 6.5 | CVE-2024-27217 scy@openharmony.io |
| openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. | 2024-05-07 | 6.5 | CVE-2024-3759 scy@openharmony.io |
| openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. | 2024-05-07 | 5.2 | CVE-2024-23808 scy@openharmony.io |
| openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. | 2024-05-07 | 6.5 | CVE-2024-3758 scy@openharmony.io |
| opentext -- netiq_identity_console | An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address. | 2024-05-07 | 5.8 | CVE-2023-7240 security@opentext.com |
| pallets -- jinja | Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4. | 2024-05-06 | 5.4 | CVE-2024-34064 security-advisories@github.com security-advisories@github.com |
| panasonic_holdings_corporation -- kw_watcher | A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory. | 2024-05-08 | 4.4 | CVE-2024-4162 product-security@gg.jp.panasonic.com |
| pootlepress -- pootle_pagebuilder_-_wordpress_page_builder | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pootlepress Pootle Pagebuilder - WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder - WordPress Page builder: from n/a through 5.7.1. | 2024-05-08 | 6.5 | CVE-2024-34573 audit@patchstack.com |
| posimyth -- the_plus_addons_for_elementor_page_builder_lite | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2. | 2024-05-06 | 6.5 | CVE-2024-34373 audit@patchstack.com |
| propertyhive -- propertyhive | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10. | 2024-05-06 | 6.5 | CVE-2024-34381 audit@patchstack.com |
| qualcomm,_inc. -- snapdragon | Memory corruption when multiple listeners are being registered with the same file descriptor. | 2024-05-06 | 6.7 | CVE-2023-43521 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption when the bandpass filter order received from AHAL is not within the expected range. | 2024-05-06 | 6.7 | CVE-2023-43524 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption while copying the sound model data from user to kernel buffer during sound model register. | 2024-05-06 | 6.7 | CVE-2023-43525 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption while querying module parameters from Listen Sound model client in kernel from user space. | 2024-05-06 | 6.7 | CVE-2023-43526 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Information disclosure while parsing dts header atom in Video. | 2024-05-06 | 6.8 | CVE-2023-43527 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. | 2024-05-06 | 6.1 | CVE-2023-43528 product-security@qualcomm.com |
| qualcomm,_inc. -- snapdragon | Memory corruption in HLOS while checking for the storage type. | 2024-05-06 | 5.9 | CVE-2023-43530 product-security@qualcomm.com |
| quantumcloud -- conversational_forms_for_chatbot | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0. | 2024-05-06 | 5.9 | CVE-2024-34380 audit@patchstack.com |
| quomodosoft -- elementsready_addons_for_elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0. | 2024-05-06 | 6.5 | CVE-2024-34374 audit@patchstack.com |
| rara_theme -- restaurant_and_cafe | Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1. | 2024-05-06 | 4.3 | CVE-2024-34379 audit@patchstack.com |
| realmag777 -- wolf | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2. | 2024-05-08 | 5.9 | CVE-2024-34558 audit@patchstack.com |
| red_hat -- red_hat_enterprise_linux_6 | A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it. | 2024-05-08 | 6.2 | CVE-2024-4418 secalert@redhat.com secalert@redhat.com |
| robosoft -- robo_gallery | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. | 2024-05-06 | 5.3 | CVE-2024-34382 audit@patchstack.com |
| ruijie -- rg-uac | A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 4.7 | CVE-2024-4508 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ruijie -- rg-uac | A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 4.7 | CVE-2024-4509 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ruijie -- rg-uac | A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_mac_addr leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263114 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 4.7 | CVE-2024-4510 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| ruijie -- rg-uac | A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 4.7 | CVE-2024-4507 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| samsung_mobile -- galaxy_store | Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | 2024-05-07 | 5.1 | CVE-2024-20870 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption. | 2024-05-07 | 6 | CVE-2024-20861 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. | 2024-05-07 | 6 | CVE-2024-20862 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. | 2024-05-07 | 6.7 | CVE-2024-20863 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images. | 2024-05-07 | 6.6 | CVE-2024-20865 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege. | 2024-05-07 | 5.5 | CVE-2024-20859 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources. | 2024-05-07 | 5.5 | CVE-2024-20864 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step. | 2024-05-07 | 5.7 | CVE-2024-20866 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. | 2024-05-07 | 5.5 | CVE-2024-20867 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. | 2024-05-07 | 5.5 | CVE-2024-20869 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control TEE. | 2024-05-07 | 4.4 | CVE-2024-20821 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario. | 2024-05-07 | 4.3 | CVE-2024-20856 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. | 2024-05-07 | 4 | CVE-2024-20857 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. | 2024-05-07 | 4 | CVE-2024-20858 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission. | 2024-05-07 | 4 | CVE-2024-20860 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions. | 2024-05-07 | 4.4 | CVE-2024-20868 mobile.security@samsung.com |
| samsung_mobile -- samsung_mobile_devices | Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection. | 2024-05-07 | 4.9 | CVE-2024-20871 mobile.security@samsung.com |
| samsung_mobile -- talkbackse | Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE. | 2024-05-07 | 6.2 | CVE-2024-20872 mobile.security@samsung.com |
| shanghai_sunfull_automation -- bacnet_server_hmi1002-arm | A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263115. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-05-06 | 6.3 | CVE-2024-4511 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| slicewp -- slicewp | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10. | 2024-05-06 | 5.9 | CVE-2024-34413 audit@patchstack.com |
| socomec -- net_vision | An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value. | 2024-05-07 | 6.7 | CVE-2024-4601 cve-coordination@incibe.es |
| supsystic -- digital_publications_by_supsystic | Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | 2024-05-06 | 5.3 | CVE-2024-33910 audit@patchstack.com |
| the_seo_guys_at_seopress -- seopress | Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1. | 2024-05-06 | 5.3 | CVE-2024-34383 audit@patchstack.com |
| theme_freesia -- edge | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9. | 2024-05-06 | 6.5 | CVE-2024-34376 audit@patchstack.com |
| themegrill -- himalayas | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0. | 2024-05-08 | 6.5 | CVE-2024-34571 audit@patchstack.com |
| themehunk -- advance_wordpress_search_plugin | Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. | 2024-05-08 | 6.5 | CVE-2022-40218 audit@patchstack.com |
| themeprix -- fancy_elementor_flipbox | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePrix Fancy Elementor Flipbox fancy-elementor-flipbox allows Stored XSS.This issue affects Fancy Elementor Flipbox: from n/a through 2.4.2. | 2024-05-08 | 6.5 | CVE-2024-34572 audit@patchstack.com |
| themeqx -- letterpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through 4.15.12. | 2024-05-06 | 5.3 | CVE-2024-34368 audit@patchstack.com |
| themeqx -- letterpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1. | 2024-05-08 | 5.9 | CVE-2024-34568 audit@patchstack.com |
| themesgrove -- widgetkit | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8. | 2024-05-08 | 6.5 | CVE-2024-34548 audit@patchstack.com |
| themesgrove -- widgetkit | Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0. | 2024-05-06 | 5.3 | CVE-2024-33908 audit@patchstack.com |
| tilda_publishing -- tilda_publishing | Missing Authorization vulnerability in Tilda Publishing.This issue affects Tilda Publishing: from n/a through 0.3.23. | 2024-05-07 | 6.3 | CVE-2023-31234 audit@patchstack.com |
| tyche_softwares -- print_invoice_&_delivery_notes_for_woocommerce | Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3. | 2024-05-08 | 4.3 | CVE-2024-4233 audit@patchstack.com audit@patchstack.com audit@patchstack.com |
| vitessio -- vitess | Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7. | 2024-05-08 | 4.9 | CVE-2024-32886 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| vmware -- vmware_avi_load_balancer | VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext. | 2024-05-08 | 6.5 | CVE-2024-22266 security@vmware.com |
| wpmet -- metform_elementor_contact_form_builder | Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3. | 2024-05-06 | 4.3 | CVE-2024-33570 audit@patchstack.com |
| wppool -- sheets_to_wp_table_live_sync | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0. | 2024-05-06 | 5.9 | CVE-2024-34375 audit@patchstack.com |
| wpsoul -- table_maker | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1. | 2024-05-08 | 5.9 | CVE-2024-34574 audit@patchstack.com |
| xpro -- xpro_elementor_addons | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.3. | 2024-05-08 | 5.9 | CVE-2024-34570 audit@patchstack.com |
| N/A -- N/A | An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled. | 2024-05-06 | 5.3 | CVE-2024-34093 cve@mitre.org cve@mitre.org |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| Ncampcodes -- complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4527 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4513 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4514 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119. | 2024-05-06 | 3.5 | CVE-2024-4515 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120. | 2024-05-06 | 3.5 | CVE-2024-4516 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4517 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4518 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123. | 2024-05-06 | 3.5 | CVE-2024-4519 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124. | 2024-05-06 | 3.5 | CVE-2024-4521 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4522 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4523 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127. | 2024-05-06 | 3.5 | CVE-2024-4524 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128. | 2024-05-06 | 3.5 | CVE-2024-4525 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability. | 2024-05-06 | 3.5 | CVE-2024-4526 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263490 is the identifier assigned to this vulnerability. | 2024-05-08 | 3.5 | CVE-2024-4646 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491. | 2024-05-08 | 3.5 | CVE-2024-4647 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492. | 2024-05-08 | 3.5 | CVE-2024-4648 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability. | 2024-05-08 | 3.5 | CVE-2024-4649 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability. | 2024-05-08 | 3.5 | CVE-2024-4650 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495. | 2024-05-08 | 3.5 | CVE-2024-4651 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes -- complete_web-based_school_management_system | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496. | 2024-05-08 | 3.5 | CVE-2024-4652 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| dell -- data_manager_appliance_software_(dmas) | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | 2024-05-08 | 2.2 | CVE-2024-22460 security_alert@emc.com |
| dell -- update_manager_plugin | Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | 2024-05-08 | 3.5 | CVE-2024-28971 security_alert@emc.com |
| n/a -- kimai | A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability. | 2024-05-07 | 3.7 | CVE-2024-4596 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. | 2024-05-07 | 3.3 | CVE-2024-31078 scy@openharmony.io |
| openharmony -- openharmony | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. | 2024-05-07 | 3.3 | CVE-2024-3757 scy@openharmony.io |
| samsung_mobile -- samsung_mobile_devices | Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while. | 2024-05-07 | 2.4 | CVE-2024-20855 mobile.security@samsung.com |
| sourcecodester -- prison_management_system | A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116. | 2024-05-06 | 3.5 | CVE-2024-4512 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester -- prison_management_system | A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263488. | 2024-05-08 | 3.5 | CVE-2024-4644 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester -- prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability. | 2024-05-08 | 3.5 | CVE-2024-4645 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester -- prison_management_system | A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263131. | 2024-05-06 | 2.4 | CVE-2024-4528 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| xpdf -- xpdf | In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. | 2024-05-06 | 2.9 | CVE-2024-4568 xpdf@xpdfreader.com |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache_software_foundation -- apache_inlong | Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 | 2024-05-08 | not yet calculated | CVE-2024-26579 security@apache.org security@apache.org |
| apache_software_foundation -- apache_ofbiz | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. | 2024-05-08 | not yet calculated | CVE-2024-32113 security@apache.org security@apache.org security@apache.org security@apache.org |
| bentley -- view | Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18960. | 2024-05-07 | not yet calculated | CVE-2022-43651 zdi-disclosures@trendmicro.com |
| bentley -- view | Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18981. | 2024-05-07 | not yet calculated | CVE-2022-43652 zdi-disclosures@trendmicro.com |
| bentley -- view | Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084. | 2024-05-07 | not yet calculated | CVE-2022-43653 zdi-disclosures@trendmicro.com |
| bentley -- view | Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18491. | 2024-05-07 | not yet calculated | CVE-2022-43655 zdi-disclosures@trendmicro.com |
| bentley -- view | Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18492. | 2024-05-07 | not yet calculated | CVE-2022-43656 zdi-disclosures@trendmicro.com |
| bmc -- track-it! | BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527. | 2024-05-07 | not yet calculated | CVE-2021-35001 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| bmc -- track-it! | BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122. | 2024-05-07 | not yet calculated | CVE-2021-35002 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| d-link -- dap-2622 | D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20076. | 2024-05-07 | not yet calculated | CVE-2023-35748 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| d-link -- dap-2622 | D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077. | 2024-05-07 | not yet calculated | CVE-2023-35749 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| d-link -- dap-2622 | D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20085. | 2024-05-07 | not yet calculated | CVE-2023-35757 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| d-link -- dap-2622 | D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104. | 2024-05-07 | not yet calculated | CVE-2023-37325 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14355. | 2024-05-07 | not yet calculated | CVE-2021-34954 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14356. | 2024-05-07 | not yet calculated | CVE-2021-34955 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14357. | 2024-05-07 | not yet calculated | CVE-2021-34956 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358. | 2024-05-07 | not yet calculated | CVE-2021-34957 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359. | 2024-05-07 | not yet calculated | CVE-2021-34958 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14360. | 2024-05-07 | not yet calculated | CVE-2021-34959 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362. | 2024-05-07 | not yet calculated | CVE-2021-34960 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363. | 2024-05-07 | not yet calculated | CVE-2021-34961 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364. | 2024-05-07 | not yet calculated | CVE-2021-34962 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365. | 2024-05-07 | not yet calculated | CVE-2021-34963 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366. | 2024-05-07 | not yet calculated | CVE-2021-34964 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361. | 2024-05-07 | not yet calculated | CVE-2021-34965 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367. | 2024-05-07 | not yet calculated | CVE-2021-34966 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368. | 2024-05-07 | not yet calculated | CVE-2021-34967 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_editor | Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370. | 2024-05-07 | not yet calculated | CVE-2021-34968 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Square annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14272. | 2024-05-07 | not yet calculated | CVE-2021-34948 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14273. | 2024-05-07 | not yet calculated | CVE-2021-34949 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14396. | 2024-05-07 | not yet calculated | CVE-2021-34950 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14395. | 2024-05-07 | not yet calculated | CVE-2021-34951 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14729. | 2024-05-07 | not yet calculated | CVE-2021-34952 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14658. | 2024-05-07 | not yet calculated | CVE-2021-34953 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14622. | 2024-05-07 | not yet calculated | CVE-2021-34969 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the print method. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14849. | 2024-05-07 | not yet calculated | CVE-2021-34970 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812. | 2024-05-07 | not yet calculated | CVE-2021-34971 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14975. | 2024-05-07 | not yet calculated | CVE-2021-34972 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14968. | 2024-05-07 | not yet calculated | CVE-2021-34973 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15167. | 2024-05-07 | not yet calculated | CVE-2021-34974 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218. | 2024-05-07 | not yet calculated | CVE-2021-34975 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| foxit -- pdf_reader | Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14659. | 2024-05-07 | not yet calculated | CVE-2021-34976 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| go_standard_library -- net | A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | 2024-05-08 | not yet calculated | CVE-2024-24788 security@golang.org security@golang.org security@golang.org security@golang.org |
| go_toolchain -- cmd/go | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. | 2024-05-08 | not yet calculated | CVE-2024-24787 security@golang.org security@golang.org security@golang.org security@golang.org |
| google -- android | In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0022 security@android.com security@android.com |
| google -- android | In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0024 security@android.com security@android.com |
| google -- android | In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0025 security@android.com security@android.com |
| google -- android | In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0026 security@android.com security@android.com |
| google -- android | In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0027 security@android.com security@android.com |
| google -- android | In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0042 security@android.com |
| google -- android | In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-0043 security@android.com security@android.com |
| google -- android | In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23704 security@android.com security@android.com |
| google -- android | In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23705 security@android.com security@android.com |
| google -- android | In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23706 security@android.com security@android.com |
| google -- android | In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23707 security@android.com security@android.com |
| google -- android | In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23708 security@android.com security@android.com |
| google -- android | In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23709 security@android.com security@android.com |
| google -- android | In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23710 security@android.com security@android.com |
| google -- android | In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23712 security@android.com security@android.com |
| google -- android | In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-05-07 | not yet calculated | CVE-2024-23713 security@android.com security@android.com |
| google -- chrome | Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-05-07 | not yet calculated | CVE-2024-4558 chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google -- chrome | Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-05-07 | not yet calculated | CVE-2024-4559 chrome-cve-admin@google.com chrome-cve-admin@google.com |
| heateor -- heateor_social_login_wordpress | Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. | 2024-05-08 | not yet calculated | CVE-2024-32674 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| hp_inc. -- hp_application_enabling_software_driver | A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. | 2024-05-06 | not yet calculated | CVE-2024-1695 hp-security-alert@hp.com |
| integrated_control_technology -- tsec | Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption. | 2024-05-06 | not yet calculated | CVE-2024-29941 56c94bcb-ac34-4d7f-b660-d297a6b7ff82 |
| knowbe4 -- phish_alert_button_(pab)_for_outlook | A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and integrity of the update server. The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application's update requests to a malicious server under their control. Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine. Impact: Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks. Workarounds: Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor. | 2024-05-07 | not yet calculated | CVE-2024-29209 support@hackerone.com |
| knowbe4 -- phish_alert_button_(pab)_for_outlook | A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges. The issue stems from improper permission settings on the application's configuration file, which is stored in a common directory accessible to all users. This file includes critical parameters, such as the update server URL. By default, the application does not enforce adequate access controls on this file, allowing non-privileged users to modify it without administrative consent. An attacker with regular user access can alter the update server URL specified in the configuration file to point to a malicious server. When the application performs its next update check, it will contact the attacker-controlled server. If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. This can result in unauthorized access to sensitive data, installation of additional malware, and a full takeover of the affected system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: KnowBe4 has released a patch that corrects the permission settings on the configuration file to prevent unauthorized modifications. Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4. Workarounds: Manually set the correct permissions on the configuration file to restrict write access to administrators only. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor. | 2024-05-07 | not yet calculated | CVE-2024-29210 support@hackerone.com |
| linux -- kernel | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977. | 2024-05-07 | not yet calculated | CVE-2021-34981 zdi-disclosures@trendmicro.com |
| maxon -- cinema_4d | Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21438. | 2024-05-07 | not yet calculated | CVE-2023-40490 zdi-disclosures@trendmicro.com |
| mediatek,_inc. -- mt2737,_mt6739,_mt6761,_mt6765,_mt6768,_mt6771,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6877,_mt6879,_mt6880,_mt6883,_mt6885,_mt6886,_mt6889,_mt6890,_mt6893,_mt6895,_mt6897,_mt6980,_mt6983,_mt6985,_mt6989,_mt6990,_mt8167,_mt8167s,_mt8168,_mt8173,_mt8175,_mt8185,_mt8188,_mt8195,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8390,_mt8395,_mt8755,_mt8765,_mt8766,_mt8768,_mt8775,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791,_mt8791t,_mt8797,_mt8798 | In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514. | 2024-05-06 | not yet calculated | CVE-2023-32871 security@mediatek.com |
| mediatek,_inc. -- mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390 | In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749. | 2024-05-06 | not yet calculated | CVE-2024-20059 security@mediatek.com |
| mediatek,_inc. -- mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390 | In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754. | 2024-05-06 | not yet calculated | CVE-2024-20060 security@mediatek.com |
| mediatek,_inc. -- mt6580,_mt6761,_mt6762,_mt6768,_mt6781,_mt6789,_mt6833,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6875,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6891,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8678,_mt8755,_mt8775,_mt8792,_mt8796 | In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. | 2024-05-06 | not yet calculated | CVE-2024-20064 security@mediatek.com |
| mediatek,_inc. -- mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6880,_mt6885,_mt6886,_mt6890,_mt6893,_mt6895,_mt6897,_mt6983,_mt6985,_mt6989,_mt8666,_mt8667,_mt8673,_mt8676,_mt8678 | In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185. | 2024-05-06 | not yet calculated | CVE-2024-20056 security@mediatek.com |
| mediatek,_inc. -- mt6761,_mt6765,_mt6768,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6897,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881. | 2024-05-06 | not yet calculated | CVE-2024-20057 security@mediatek.com |
| mediatek,_inc. -- mt6761,_mt6765,_mt6768,_mt6833,_mt6853,_mt6855,_mt6893,_mt6895,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227. | 2024-05-06 | not yet calculated | CVE-2023-32873 security@mediatek.com |
| mediatek,_inc. -- mt6765,_mt6768,_mt6785,_mt6833,_mt6853,_mt6855,_mt6893,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796,_mt8797,_mt8798 | In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204. | 2024-05-06 | not yet calculated | CVE-2024-20058 security@mediatek.com |
| mediatek,_inc. -- mt6768,_mt6781,_mt6785,_mt6833,_mt6853,_mt6873,_mt6877,_mt6885,_mt6893,_mt8168,_mt8183,_mt8188,_mt8188t,_mt8195,_mt8195z,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8666,_mt8666a,_mt8666b,_mt8667,_mt8673,_mt8675,_mt8675,_mt8676,_mt8678,_mt8765,_mt8766,_mt8766z,_mt8768,_mt8768a,_mt8768b,_mt8768t,_mt8768z,_mt8781,_mt8781,_mt8786,_mt8788,_mt8788t,_mt8788,_mt8788x,_mt8788z,_mt8792,_mt8795t,_mt8796,_mt8798 | In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249. | 2024-05-06 | not yet calculated | CVE-2024-20021 security@mediatek.com |
| mintplex-labs -- mintplex-labs/anything-llm | A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. | 2024-05-07 | not yet calculated | CVE-2024-2913 security@huntr.dev |
| netgear -- cax30s | NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227. | 2024-05-07 | not yet calculated | CVE-2022-43654 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| netgear -- multiple_routers | NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709. | 2024-05-07 | not yet calculated | CVE-2021-34982 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| netgear -- multiple_routers | NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708. | 2024-05-07 | not yet calculated | CVE-2021-34983 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| netgear -- r7800 | NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055. | 2024-05-07 | not yet calculated | CVE-2021-34947 zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com |
| node.js -- node | The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. | 2024-05-07 | not yet calculated | CVE-2024-27982 support@hackerone.com |
| openbsd -- kernel | OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14540. | 2024-05-07 | not yet calculated | CVE-2021-34999 zdi-disclosures@trendmicro.com |
| openbsd -- kernel | OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16112. | 2024-05-07 | not yet calculated | CVE-2021-35000 zdi-disclosures@trendmicro.com |
| the_gnu_c_library -- glibc | nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 2024-05-06 | not yet calculated | CVE-2024-33599 3ff69d7a-14f2-4f67-a097-88dee7810d18 |
| the_gnu_c_library -- glibc | nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 2024-05-06 | not yet calculated | CVE-2024-33600 3ff69d7a-14f2-4f67-a097-88dee7810d18 |
| the_gnu_c_library -- glibc | nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 2024-05-06 | not yet calculated | CVE-2024-33601 3ff69d7a-14f2-4f67-a097-88dee7810d18 |
| the_gnu_c_library -- glibc | nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | 2024-05-06 | not yet calculated | CVE-2024-33602 3ff69d7a-14f2-4f67-a097-88dee7810d18 |
| triangle_microworks -- scada_data_gateway | Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227. | 2024-05-07 | not yet calculated | CVE-2022-0369 zdi-disclosures@trendmicro.com |
| ubiquiti_inc -- unifi_connect_application | An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. | 2024-05-07 | not yet calculated | CVE-2024-29207 support@hackerone.com |
| ubiquiti_inc -- unifi_connect_ev_station | An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Access G2 Reader Pro (Version 1.2.172 and earlier) UniFi Access Reader Pro (Version 2.7.238 and earlier) UniFi Access Intercom (Version 1.0.66 and earlier) UniFi Access Intercom Viewer (Version 1.0.5 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Access G2 Reader Pro Version 1.3.37 or later. Update UniFi Access Reader Pro Version 2.8.19 or later. Update UniFi Access Intercom Version 1.1.32 or later. Update UniFi Access Intercom Viewer Version 1.1.6 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. | 2024-05-07 | not yet calculated | CVE-2024-29206 support@hackerone.com |
| ubiquiti_inc -- update_unifi_connect_ev_station | An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. | 2024-05-07 | not yet calculated | CVE-2024-29208 support@hackerone.com |
| unknown -- crelly_slider | The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-05-06 | not yet calculated | CVE-2024-3752 contact@wpscan.com |
| unknown -- easyevent | The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2024-05-07 | not yet calculated | CVE-2024-3628 contact@wpscan.com |
| unknown -- fancy_product_designer | The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-05-06 | not yet calculated | CVE-2024-0904 contact@wpscan.com |
| unknown -- mf_gig_calendar | The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack | 2024-05-06 | not yet calculated | CVE-2024-3756 contact@wpscan.com |
| unknown -- mf_gig_calendar | The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-05-06 | not yet calculated | CVE-2024-3755 contact@wpscan.com |
| N/A -- N/A | Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field. | 2024-05-06 | not yet calculated | CVE-2023-33548 cve@mitre.org |
| N/A -- N/A | Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. | 2024-05-07 | not yet calculated | CVE-2023-46012 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25507 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25508 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25509 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25510 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25511 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25512 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25513 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. | 2024-05-07 | not yet calculated | CVE-2024-25514 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25515 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25517 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25518 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25519 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25520 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25521 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25522 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25523 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25524 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25525 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25526 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25527 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25528 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25529 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25530 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25531 cve@mitre.org |
| N/A -- N/A | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. | 2024-05-08 | not yet calculated | CVE-2024-25532 cve@mitre.org |
| N/A -- N/A | Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. | 2024-05-08 | not yet calculated | CVE-2024-25533 cve@mitre.org |
| N/A -- N/A | Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. | 2024-05-06 | not yet calculated | CVE-2024-26312 cve@mitre.org cve@mitre.org |
| N/A -- N/A | Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. | 2024-05-06 | not yet calculated | CVE-2024-28725 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process. | 2024-05-07 | not yet calculated | CVE-2024-29149 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are used for debugging files. Given that the process of gathering debug logs is carried out with root privileges, any file referenced in the symlink is consequently written to the debug archive, thereby granting accessibility to the attacker. | 2024-05-07 | not yet calculated | CVE-2024-29150 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. | 2024-05-06 | not yet calculated | CVE-2024-30973 cve@mitre.org |
| N/A -- N/A | A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. | 2024-05-08 | not yet calculated | CVE-2024-31961 cve@mitre.org |
| N/A -- N/A | SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component. | 2024-05-07 | not yet calculated | CVE-2024-32369 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component. | 2024-05-07 | not yet calculated | CVE-2024-32370 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. | 2024-05-07 | not yet calculated | CVE-2024-32371 cve@mitre.org cve@mitre.org |
| N/A -- N/A | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. | 2024-05-06 | not yet calculated | CVE-2024-33110 cve@mitre.org |
| N/A -- N/A | D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. | 2024-05-06 | not yet calculated | CVE-2024-33111 cve@mitre.org |
| N/A -- N/A | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | 2024-05-06 | not yet calculated | CVE-2024-33112 cve@mitre.org |
| N/A -- N/A | D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | 2024-05-06 | not yet calculated | CVE-2024-33113 cve@mitre.org |
| N/A -- N/A | crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. | 2024-05-06 | not yet calculated | CVE-2024-33117 cve@mitre.org |
| N/A -- N/A | LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. | 2024-05-06 | not yet calculated | CVE-2024-33118 cve@mitre.org |
| N/A -- N/A | Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file. | 2024-05-07 | not yet calculated | CVE-2024-33120 cve@mitre.org cve@mitre.org |
| N/A -- N/A | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. | 2024-05-06 | not yet calculated | CVE-2024-33121 cve@mitre.org |
| N/A -- N/A | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function. | 2024-05-07 | not yet calculated | CVE-2024-33122 cve@mitre.org |
| N/A -- N/A | Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. | 2024-05-07 | not yet calculated | CVE-2024-33124 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. | 2024-05-07 | not yet calculated | CVE-2024-33139 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. | 2024-05-07 | not yet calculated | CVE-2024-33144 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. | 2024-05-07 | not yet calculated | CVE-2024-33146 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. | 2024-05-07 | not yet calculated | CVE-2024-33147 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. | 2024-05-07 | not yet calculated | CVE-2024-33148 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. | 2024-05-07 | not yet calculated | CVE-2024-33149 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. | 2024-05-07 | not yet calculated | CVE-2024-33153 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. | 2024-05-07 | not yet calculated | CVE-2024-33155 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. | 2024-05-07 | not yet calculated | CVE-2024-33161 cve@mitre.org |
| N/A -- N/A | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. | 2024-05-07 | not yet calculated | CVE-2024-33164 cve@mitre.org |
| N/A -- N/A | An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. | 2024-05-06 | not yet calculated | CVE-2024-33294 cve@mitre.org |
| N/A -- N/A | An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | 2024-05-08 | not yet calculated | CVE-2024-33382 cve@mitre.org |
| N/A -- N/A | A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. | 2024-05-06 | not yet calculated | CVE-2024-33403 cve@mitre.org |
| N/A -- N/A | A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | 2024-05-06 | not yet calculated | CVE-2024-33404 cve@mitre.org |
| N/A -- N/A | SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. | 2024-05-06 | not yet calculated | CVE-2024-33405 cve@mitre.org |
| N/A -- N/A | SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | 2024-05-06 | not yet calculated | CVE-2024-33406 cve@mitre.org |
| N/A -- N/A | SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | 2024-05-06 | not yet calculated | CVE-2024-33407 cve@mitre.org |
| N/A -- N/A | A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | 2024-05-06 | not yet calculated | CVE-2024-33408 cve@mitre.org |
| N/A -- N/A | SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. | 2024-05-06 | not yet calculated | CVE-2024-33409 cve@mitre.org |
| N/A -- N/A | SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | 2024-05-06 | not yet calculated | CVE-2024-33410 cve@mitre.org |
| N/A -- N/A | A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. | 2024-05-06 | not yet calculated | CVE-2024-33411 cve@mitre.org |
| N/A -- N/A | An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering. | 2024-05-07 | not yet calculated | CVE-2024-33434 cve@mitre.org cve@mitre.org |
| N/A -- N/A | Cross-site scripting (XSS) vulnerability in the search function in MvnRepository MS Basic 2.1.18.3 and earlier. | 2024-05-07 | not yet calculated | CVE-2024-33748 cve@mitre.org cve@mitre.org |
| N/A -- N/A | DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. | 2024-05-06 | not yet calculated | CVE-2024-33749 cve@mitre.org |
| N/A -- N/A | An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. | 2024-05-06 | not yet calculated | CVE-2024-33752 cve@mitre.org |
| N/A -- N/A | Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization. | 2024-05-06 | not yet calculated | CVE-2024-33753 cve@mitre.org |
| N/A -- N/A | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | 2024-05-07 | not yet calculated | CVE-2024-33780 cve@mitre.org |
| N/A -- N/A | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | 2024-05-07 | not yet calculated | CVE-2024-33781 cve@mitre.org |
| N/A -- N/A | MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | 2024-05-07 | not yet calculated | CVE-2024-33782 cve@mitre.org |
| N/A -- N/A | MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. | 2024-05-07 | not yet calculated | CVE-2024-33783 cve@mitre.org |
| N/A -- N/A | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. | 2024-05-06 | not yet calculated | CVE-2024-33788 cve@mitre.org |
| N/A -- N/A | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. | 2024-05-06 | not yet calculated | CVE-2024-33829 cve@mitre.org |
| N/A -- N/A | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. | 2024-05-06 | not yet calculated | CVE-2024-33830 cve@mitre.org |
| N/A -- N/A | An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint. | 2024-05-07 | not yet calculated | CVE-2024-33856 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. | 2024-05-07 | not yet calculated | CVE-2024-33857 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory. | 2024-05-07 | not yet calculated | CVE-2024-33858 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS. | 2024-05-07 | not yet calculated | CVE-2024-33859 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. | 2024-05-07 | not yet calculated | CVE-2024-33860 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release. | 2024-05-06 | not yet calculated | CVE-2024-34092 cve@mitre.org cve@mitre.org |
| N/A -- N/A | libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. | 2024-05-08 | not yet calculated | CVE-2024-34244 cve@mitre.org |
| N/A -- N/A | wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c. | 2024-05-06 | not yet calculated | CVE-2024-34246 cve@mitre.org |
| N/A -- N/A | wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c. | 2024-05-06 | not yet calculated | CVE-2024-34249 cve@mitre.org |
| N/A -- N/A | A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c. | 2024-05-06 | not yet calculated | CVE-2024-34250 cve@mitre.org |
| N/A -- N/A | An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h. | 2024-05-06 | not yet calculated | CVE-2024-34251 cve@mitre.org |
| N/A -- N/A | wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3_compile.c. | 2024-05-06 | not yet calculated | CVE-2024-34252 cve@mitre.org |
| N/A -- N/A | jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function. | 2024-05-08 | not yet calculated | CVE-2024-34255 cve@mitre.org |
| N/A -- N/A | TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. | 2024-05-08 | not yet calculated | CVE-2024-34257 cve@mitre.org |
| N/A -- N/A | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | 2024-05-07 | not yet calculated | CVE-2024-34314 cve@mitre.org |
| N/A -- N/A | CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | 2024-05-07 | not yet calculated | CVE-2024-34315 cve@mitre.org |
| N/A -- N/A | An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. | 2024-05-07 | not yet calculated | CVE-2024-34397 cve@mitre.org cve@mitre.org |
| N/A -- N/A | An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. | 2024-05-06 | not yet calculated | CVE-2024-34470 cve@mitre.org |
| N/A -- N/A | An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading. | 2024-05-06 | not yet calculated | CVE-2024-34471 cve@mitre.org |
| N/A -- N/A | An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. | 2024-05-06 | not yet calculated | CVE-2024-34472 cve@mitre.org |
| N/A -- N/A | The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privileges. | 2024-05-07 | not yet calculated | CVE-2024-34517 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A -- N/A | AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-05-07 | not yet calculated | CVE-2024-34523 cve@mitre.org cve@mitre.org |
| N/A -- N/A | In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. | 2024-05-06 | not yet calculated | CVE-2024-34524 cve@mitre.org cve@mitre.org |
| N/A -- N/A | FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. | 2024-05-06 | not yet calculated | CVE-2024-34525 cve@mitre.org |
| N/A -- N/A | spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. | 2024-05-06 | not yet calculated | CVE-2024-34527 cve@mitre.org cve@mitre.org |
| N/A -- N/A | WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. | 2024-05-06 | not yet calculated | CVE-2024-34528 cve@mitre.org cve@mitre.org |
| N/A -- N/A | Nebari through 2024.4.1 prints the temporary Keycloak root password. | 2024-05-06 | not yet calculated | CVE-2024-34529 cve@mitre.org cve@mitre.org |
| N/A -- N/A | A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. | 2024-05-06 | not yet calculated | CVE-2024-34532 cve@mitre.org |
| N/A -- N/A | A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. | 2024-05-06 | not yet calculated | CVE-2024-34533 cve@mitre.org |
| N/A -- N/A | A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. | 2024-05-06 | not yet calculated | CVE-2024-34534 cve@mitre.org |
| N/A -- N/A | Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. | 2024-05-06 | not yet calculated | CVE-2024-34538 cve@mitre.org |
| N/A -- N/A | On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you're not using Windows or haven't changed the temporary directory location then you aren't affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix "700" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. | 2024-05-07 | not yet calculated | CVE-2024-4030 cna@python.org cna@python.org cna@python.org cna@python.org |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.