News RGPD...

News RGPD

  • Cellebrite DI Ltd. dévoile sa solution SaaS Endpoint Inspector
    par Marc Jacob le 26 mars 2024 à 19h13

    Cellebrite DI Ltd. dévoile sa solution SaaS Endpoint Inspector. Ce modèle de livraison amélioré de notre produit Endpoint Inspector leader sur le marché offre aux entreprises clientes et aux fournisseurs de services d'eDiscovery des capacités d'investigation numérique nouvelle génération qui permettent la collecte et l'analyse rationalisées de données provenant de divers appareils distants, le tout dans un cadre unifié, sécurisé et basé sur le consentement. Grâce à la suite évolutive de solutions SaaS de Cellebrite intégrée à la plateforme Case-to-Closure, les organisations peuvent désormais déployer rapidement une collecte de données à distance de manière transparente et ciblée pour une acquisition plus rapide des informations clés, réduisant ainsi le temps d'accès aux données qui passe de plusieurs jours à quelques minutes. Cela inclut la possibilité pour les examinateurs de récupérer la messagerie Cloud en coopération avec les dépositaires. La solution vient compléter l'offre SaaS Endpoint Mobile Now de Cellebrite basée sur l'utilisation qui permet la collecte de données mobiles dans le secteur privé. Principal fournisseur pour les professionnels de l'eDiscovery, la solution SaaS Endpoint Inspector offre aux organisations une plateforme centralisée pour une visibilité en temps réel des statuts de collecte. Cette efficacité élimine le besoin d'outils multiples ou de suivi manuel dans des feuilles de calcul, tandis que les mises à jour automatiques permettant d'obtenir les nouvelles versions logicielles des appareils atténuent les risques liés aux mises à niveau fréquentes des appareils. Cellebrite s'engage à être à la pointe de l'industrie non seulement en matière d'innovation technologique, mais aussi en matière de pratiques éthiques. La solution SaaS Endpoint Inspector fonctionne exclusivement dans un cadre basé sur le consentement, ce qui permet de garantir que toutes les activités sont transparentes et autorisées par les propriétaires d'appareils. Cette approche est fondamentale pour nos valeurs et est intégrée dans chaque aspect de notre solution.

  • N-able Builds on the Ecoverse Vision by adding Rewst and HaloPSA Integrations
    par Marc Jacob le 26 mars 2024 à 17h36

    N-able, Inc. has shared its Ecoverse vision to harmonize and transform the management of modern IT, allowing MSPs to be more efficient, resilient, and drive more opportunities through an open, unified ecosystem. N-able has been embarking on this journey for some time, with recent examples including the expanded integration capabilities for endpoint detection and response (EDR) and Apple management capabilities across its RMM platforms, Microsoft 365 protection within Cove, and more. As a step towards further realizing its Ecoverse vision, N-able has announced integrations with Rewst and HaloPSA. With Rewst, the integration is helping MSPs automate complex workflows across multiple products and environments; and with HaloPSA, partners can streamline data and alert management. With modern IT getting more complex, IT professionals need a collection of disparate tools to manage and secure businesses. This technology sprawl comes with complexity and inefficiency. N-able's Ecoverse is an open ecosystem designed to harmonize the chaos of modern IT by seamlessly connecting disparate tools – for cloud and on premises resources. This allows them to work better together and support seamless workflow automation, with integrated intelligence and insights. Using this approach, the Ecoverse vision will deliver unified management, cyber security and data protection capabilities across physical devices, user identities, and cloud resources and data. N-able's Ecoverse is built with the keen focus to make you more efficient and to keep you resilient in this ever-evolving threat landscape and ultimately unlock opportunities for you to optimize and grow your business. Integrations with Rewst and HaloPSA enhance the Ecoverse vision, helping MSPs work seamlessly, reducing the chaos that comes with managing multiple environments. Rewst integrations allow MSPs to: Automate end-to-end workflows across multiple products, which can significantly streamline operations, increase consistency, and free up technicians for higher value work. Shorten time to value with 100+ pre-built automations, including a new user onboarding workflow that ties together PSAs, domain management, licensing, and other tools to reduce manual efforts. Connect applications together without having to write and maintain scripts or use APIs, expanding relevance in the larger MSP tool ecosystem. "When it comes to their tools, MSPs value freedom of choice, but not at the expense of interoperability. That's why Rewst has taken an open, vendor-agnostic approach from day one, and why we're excited to be part of N-able's Ecoverse," said Aharon Chernin, CEO of Rewst. "Using Rewst, MSPs can combine API actions from N-central and more than other 50 tools to automate full processes, allowing them to save time and scale more efficiently." HaloPSA integrations are designed to: Provide AI-assisted ticket resolution, leading to significant time savings. Streamline the workflow between RMM and PSAs, increasing efficiency even when manual decision-making is involved. Allow for better management and auditing of tickets within HaloPSA for alerts, which aids in resource management. "This integration is set to be the most comprehensive integration of Halo with an RMM that is available," said Tim Barton-Wines, Executive at Halo Service Solutions. "It stands out on three key aspects: providing access to RMM fields previously out of reach for Halo, an event-trigger from N-central that updates Halo, and a real-time event integration and synchronization, moving beyond the traditional interval-based sync." "We know that demands on MSPs are not getting easier, in fact, the IT landscape is getting more complex—from sophisticated networks, managing multiple environments, the ever-changing threat landscape, to growing labor shortages," said Mike Adler, Chief Technology and Product Officer at N-able. "By understanding the challenges MSPs face, we built our Ecoverse vision to simplify an MSP's day—we want them to have better peace of mind that their customers are safe and happy, so when they 'leave the office' for a family gathering or to watch their favorite sports team play— they can actually do it. It's all about that life/work balance. We are excited to announce N-able's integrations with Rewst and HaloPSA. This is just the beginning of our Ecoverse journey to build a leading MSP open ecosystem." The integrations with HaloPSA and Rewst are currently available for N-central, with plans to include additional products in the future. Forward-Looking Statements This content may contain forward-looking statements regarding future product plans and development efforts. N-able considers various features and functionality prior to any final generally available release. Information regarding future features and functionality is not and should not be interpreted as a commitment from N-able that it will deliver any specific feature or functionality in the future or, if it delivers such feature or functionality, any time frame when that feature or functionality will be delivered. All information is based upon current product interests, and product plans and priorities can change at any time. N-able undertakes no obligation to update any forward-looking statements regarding future product plans and development efforts if product plans or priorities change.

  • Les boulets de la data : seul 1% d’utilisateurs provoque presque toutes les fuites
    par Nirina R. le 26 mars 2024 à 17h34

    Un rapport de Proofpoint révèle que seulement 1% des utilisateurs génèrent 88% des fuites de données. Une enquête déployée à travers 12 pays et embrassant 17 secteurs a permis de constater une réalité inattendue : seulement 1% des utilisateurs causent 88% des fuites de données en entreprise. Ces chiffres, à première vue déconcertants, montrent clairement une inclinaison vers la négligence plutôt que la malveillance intentionnelle. Malgré d'importants investissements dans la prévention et la protection des données, une réalité se dessine. 85% des entreprises reconnaissent avoir subi des pertes de données l'année dernière. Le rapport de Proofpoint, un chef de file en cybersécurité, expose une réalité inquiétante. Plus de 90% des organisations touchées endurent des interruptions d'activité, des pertes de revenus, et des dommages à leur réputation. La négligence mène souvent aux fuites de données sensibles La négligence est identifiée comme le facteur principal des fuites. Ryan Kalember, de Proofpoint, souligne : « Les utilisateurs négligents, compromis et malveillants sont et continueront d'être responsables de la grande majorité des incidents ». Cette affirmation souligne une réalité incontournable : les entreprises doivent s'adapter. En effet, dans un paysage technologique qui évolue constamment, même les outils de GenAI se transforment en canaux d'accès aux données sensibles. À côté, les actions malveillantes, bien que moins fréquentes, s'avèrent coûteuses. L'exemple de la cyberattaque contre France Travail, touchant plus de 40 millions d'usagers, illustre la gravité potentielle des conséquences financières et réputationnelles. Stratégies de prévention et cadre réglementaire La prévention des fuites de données ne repose pas uniquement sur la technologie mais aussi sur une approche réglementaire rigoureuse. La négligence des utilisateurs est identifiée comme la principale cause des incidents. Ces politiques de prévention de la perte de données (DLP) couvrent les courriels. Elles incluent également le web et la synchronisation des fichiers dans le cloud. Ces mesures prennent toute leur importance quand on sait que, à un moment donné, un tiers des employés a envoyé des courriels à de mauvais destinataires. De ce fait, ils exposent leur entreprise à des risques. Ces erreurs peuvent entraîner des sanctions sévères sous le RGPD. Ces comportements à risque nécessitent une vigilance constante. Par conséquent, il est impératif d'adapter continuellement les stratégies de sécurité des données. Ceci vise à garantir l'intégrité et la confidentialité des informations critiques. Cet article Les boulets de la data : seul 1% d’utilisateurs provoque presque toutes les fuites a été publié sur LEBIGDATA.FR.

  • AI and automation have helped organizations respond to security incidents up to 99% faster than last year, according to new study from ReliaQuest
    par ReliaQuest le 26 mars 2024 à 17h26

    The majority of cyber-attacks against organizations are perpetrated via social engineering of employees, and criminals are using new methods including AI to supercharge their techniques. This is according to the ReliaQuest Annual Threat Report, which contains in-depth analysis of key security incidents and research from the past year, offering insights into the threats that organizations face. Some 71% of all attacks trick employees via the use of phishing, and of particular concern is a sharp rise in QR code phishing, which increased 51% last year compared to the previous eight months. Employees are also being duped into downloading fake updates – often to their web browser. Drive-by compromise has been traditionally defined as the automatic download of a malicious file from a compromised website without user interaction. However, in most cases reviewed during the reporting period, user action was involved—facilitating initial access in nearly 30% of incidents. The use of AI to accelerate these attacks is gaining significant attention among major cybercriminal forums with growing interest in weaponizing this technology. ReliaQuest has found dedicated AI and machine-learning sections of these sites, which detail criminal alternatives to mainstream chatbots, such as FraudGPT and WormGPT, and hint at the development of simple malware and distributed denial of service (DDoS) queries using these options. AI systems can now replicate a voice using a sample, and video-call deepfakes are aiding threat actors. Additionally, ReliaQuest has noted that a growing number of threat actors are automating various stages of their attacks, or the entire attack chain – particularly the Citrix Bleed exploitation. However, while AI-powered automation is being leveraged by attackers, it has also delivered a step change in defensive capabilities among organizations. AI-enabled automated workflows have allowed ReliaQuest customers to respond to threats within minutes rather than days. For example, while ReliaQuest customers utilizing traditional approaches saw a Mean Time to Respond (MTTR) of an average of 2.3 days, organizations who opted to leverage some level of AI and automation saw a reduction to 58 minutes: a 99% decrease from 2022. Even more encouraging, customers who fully leveraged AI and automation are seeing reductions of MTTR down to 7 minutes or less. Financial theft stood out as the primary objective of criminals in 2023, driving 88% of customer incidents. Extortion activity increased by 74%, with a record 4,819 compromised entities named on data-leak websites from ransomware groups, with LockBit alone accounting for 1,000-plus entities. ReliaQuest noted a significant threat from suspected nation state actors using so-called 'living off the land' (LotL) techniques. In such incidents threat actors seek to hide their activity via defense-evasion techniques, such as log clearing and infiltrating PowerShell. In an intrusion ReliaQuest observed in April 2023, a Chinese state-sponsored threat group primarily focused on using LotL commands to blend into a company's environment. The group's discreet LotL activity allowed access for more than a month. Michael McPherson, ReliaQuest's Senior Vice President of Technical Operations said: "As the threat continues to evolve, defenders must stay agile, using AI and automation to keep pace with the latest attack techniques. Time is the enemy in cybersecurity. To proactively protect against these risks, companies should maximize visibility across their networks and beyond the endpoint, fully leverage AI and automation to better understand and use their own data, and equip their teams with the latest threat intelligence, as outlined in our recommendations. With this approach, in the next year we expect customers who fully leverage our AI and automation capabilities to contain threats within 5 minutes or less." The ReliaQuest Annual Threat Report contains detailed remediation advice, including specific sections on stopping Business Email Compromise (BEC) attempts, ransomware attacks, as well as social engineering and multifactor authentication (MFA) abuse. There are also sections on preventing malware-free activity, as well as staying on top of the latest tactics, techniques and procedures (TTPs).

  • CVE-2024-2934 | SourceCodester Todo List in Kanban Board 1.0 delete-todo.php list SQL Injection
    par vuldb.com le 26 mars 2024 à 16h27

    In SourceCodester Todo List in Kanban Board 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /endpoint/delete-todo.php. Durch Manipulieren des Arguments list mit unbekannten Daten kann eine SQL Injection-Schwachstelle ausgenutzt werden. Bereitgestellt wird das Advisory unter github.com. Die Verwundbarkeit wird als CVE-2024-2934 geführt. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Desweiteren ist ein Exploit verfügbar.

  • Bitcoin: The Entropy Engine
    par Sydney Bright le 26 mars 2024 à 16h02

    Introduction Names can be both liberating and confining. When mankind gives something a name, we mark it with a label that helps us discuss our shared environment and experience. At the same time, a label can obscure something in preconceived notions. Labels can make it more difficult for us collectively to understand what something is. In 2008, a pseudonymous inventor named Satoshi Nakamoto released a white paper titled “Bitcoin: A Peer-to-Peer Electronic Cash System”1. The paper outlines a novel distributed network system, called Bitcoin, that acts as an immutable digital ledger. There are many ways to describe what the fundamental innovation here really was. For the context of this article, perhaps it is best to describe the innovation as the creation of a computer system that controls a database, which can only be added to or modified depending on the quantity of physical energy (in the form of electricity) supplied to it. Unlike standard computer systems, where linguistic logic coded by a programmer dictates the state of 0s and 1s, this machine changes when it is fed energy from the Earth. Integrating physical energy into the operations of the computer network was a pivotal moment for the possibility of creating digitally native money. Nick Szabo, in his work “Shelling Out: The Origins of Money,” provides an anthropological interpretation of how the use of money developed2. In trade, two potentially untrusting parties must find a way to trust one another. To do so, we can rely upon tokens of record that are governed by the laws of nature, which we all can trust. A commodity can be a helpful medium of exchange when it is scarce and hard to reproduce to the degree that people understand the extreme amount of energy and effort it would take to counterfeit one. Scarcity is how homo-sapiens detect the energy required to obtain a given object, giving it trust and validity as a unit of record. The greater the energy, the more desired and valuable it is in our endeavors to cooperate and trust one another. From this point of view, Bitcoin fits this description perfectly, it requires energy to produce and therefore is an immutable record that can be used as powerful money. However, as this distributed system evolves, it has become evident that the Bitcoin network does more than simply produce a digital, yet scarce, asset called bitcoin that can be used as money. For this reason, it may be helpful to momentarily give Bitcoin another name to reanalyze the broader function of this machine. For now, let us call it an entropy engine instead. Entropy Entropy is a complicated word that can be articulated in many ways. To begin, consider the equation:S = kB x lnΩ S, meaning entropy, equals Boltzmann constant (k) times the natural log of the number of particles (Ω) contained within a system3. Entropy can be described as the quantity of available states a system can have. If there is a big container with many molecules, it will have many more possible configurations than a smaller container with fewer molecules. The more particles the container has, the more variations there are in how the molecules can be arranged. According to the second law of thermodynamics, total entropy in an isolated system cannot decrease, but can only increase. Therefore, because entropy always increases, all the molecules eventually find the most likely arrangement, which is them all being spread out equally. This is known as thermodynamic equilibrium, and the universe tends towards this. The continuous increase in entropy is a law of nature. Due to entropy’s relationship with possible states, it is also related to randomness. Additionally, it is associated with heat loss. The second law of thermodynamics indicates that when one kind of energy is converted to another type of energy, there will inevitably be some heat loss. The conversion is never 100% efficient. Rub your hands together very quickly, and you will notice that the friction creates heat. This is you contributing to the increase in entropy of the universe. This new computer system is an entropy engine because it produces both randomness and heat. To add new transactions to the blockchain, a computer running the software must make many guesses until it finds a hash value with a certain number of leading zeroes. The quicker the machine can produce more random guesses, the more likely the machine is to be rewarded with bitcoin. The more randomness the machine can create, the better it functions and the more heat it produces. This machine involves all things entropy. The users of the machine also benefit from the entropy machine more if they can harness more entropy. The mathematics of entropy is foundational to the science of cryptography. Another way of interpreting the equation above, in terms of informational entropy, is that the more particles in a container represent the amount of information needed to understand the state of the system3. Put another way, the more possible states and complexity a system has, the more information one would need to gain an understanding of it. Consequently, more entropy represents more inherent uncertainty or surprise an event might have3. The entropy engine relies upon public-private key cryptography. A system user will have a public key where they receive bitcoin. At the same time, only they can send their bitcoin because they have the private key, which cannot be derived from the public key. The safe ownership of bitcoin relies upon an individual keeping their private key secret. Cryptographic schemes rely upon the assumption of highly random private keys3. In other words, the more randomness used to form a private key, the more secure one can protect their property on the network. Both the maintainers and users of the network utilize entropy for their benefit. Life is in Pursuit of Entropy Not only is this system an entropy engine from a technical point of view, but it can also be viewed as a driver of entropy from a societal point of view. The flow of human civilization can be reconciled with the observation that biological life facilitates the increase of entropy. Imagine a bathtub drain: once the drain plug is pulled, the water within the tub wants to flow down into the drain. Think of this as the universe’s tendency towards higher entropy. An orderly and sustained vortex will form at the drain to facilitate this transition expediently. Order develops to absorb and dissipate the energy, speeding up the process of generating more entropy more efficiently. Order, life, and all the complexity on Earth form to expedite the increase of entropy further as the sun transfers energy to the Earth. Plants grow to absorb sunlight and store the energy within themselves, and animals eat those plants to process the energy further, etc. Now consider the tell-tale sign of someone alive: their body is warm. Our body processes energy and dissipates some continuously as heat. Life forms in pursuit of entropy.Our society moves forward when we learn to find more efficient ways to harness and dissipate energy on Earth. A classic discovery we take pride in was our ability to release the energy stored in wood into fire, producing heat. We then learned to release stored energy within coal and then oil; eventually, we harnessed energy from wind and sunlight and finally upgraded to releasing the energy of atoms themselves. We absorb energy (in the form of wood, coal, oil, sunlight, wind, etc.) only to dissipate it for our gain. In the meantime, our society prospers and experiences excellent technological leaps forward as we learn to harness more advanced forms of energy. As we use the energy, heat loss occurs, and entropy increases. We act as the vortex: order that expedites the process. Humanity’s fundamental drive is to find and release pockets of stored energy. Interestingly, the entropy engine seems to provide an extra nudge, pushing humanity in this direction to a greater degree. Consider an undeveloped village with no electric infrastructure but near a river where a dam could be built. An ambitious entrepreneur may be interested in making a dam, but the capital expense is high. Additionally, it is not as if the nearby village will immediately purchase all modern electrical luxuries once the dam is built. At most, perhaps each home will gladly buy a lightbulb so their child can study school work after sundown. Though life-changing for the community, the revenue from one lightbulb a night per home is not enough to justify the capital expenditure of the dam. Before the invention of an entropy engine, many areas of the world would be without electricity for similar kinds of reasons. Now, an entropy engine operator is willing to purchase all unused electricity from the dam because cheap electricity leads to profit. The new customer provides a constant and complete excess inventory purchase of electricity for the dam. Suddenly, building a dam becomes economically viable. Before Satoshi’s invention, there were energy sources on Earth that humans did not yet have the financial means to harness. Suddenly, the pockets of energy become viable by inventing an entropy engine, and our harnessing of them multiplies. Not only does the business model of an entropy engine operator make previously unaffordable energy infrastructure affordable, but it also helps incentivize the development of renewable energy over the usage of less desirable fossil fuels. Energy grids require flexibility due to the electricity demand. The supply of electrons sent to a city needs to equal the demand for electricity at that time. Of course, a city’s demand for electricity will fluctuate throughout the day and year. An electrical grid needs to be able to dial up and down energy production in response. Currently, there are not enough batteries to store energy when it is not required. This challenges the development of renewable energy infrastructure, especially wind and solar, because nature decides when energy is produced, irrespective of the city’s electrical needs. If energy is not used, it is curtailed and wasted. If not enough is being produced, the city is without power. One reason fossil fuels are so helpful for grid stabilization is that production can be easily changed immediately depending on electricity demand. Of course, this problem could be mitigated if enough renewables were developed that could constantly produce more energy than peak demand. However, this would leave the energy providers without a customer for their excess electricity most of the time, making it financially unviable. Entropy engine operators can then incentivize renewable energy development by acting as a flexible load response that provides shock-absorbing services while increasing profitability in exchange for cheap electrical costs during times of excess supply4. Whatever electricity is not sent to the city is purchased by the entropy engine operators, making the capital investment in renewable infrastructure more economically viable. The same goes for nuclear energy, as these systems also struggle to conduct demand response on their own4. Therefore, research has shown that entropy engine operators provide additional revenue sources to incentivize renewable energy production and a greener grid4,5. Entropy: The Cause of War, and Now PeaceHuman civilization’s relationship with entropy and the entropy engine does not simply confine itself to how we are driven to harness, release, and use energy from a societal standpoint. It can also be looked at from a socio-political point of view. In a thesis titled Softwar: A Novel Theory of Power Projection and the National Strategic Significance of Bitcoin by Major Jason P. Lowery of the United States Space Force, a description of how energy organizes around the laws of entropy is used to explain the pattern of human behavior around warfare6. Power projection theory describes how life formed, per the second law of thermodynamics, by using energy (referred to as power) to sequester other energy (referred to as resources) away from the environment to be used for more personal gain. It is another way of describing how order was formed to facilitate the increase in entropy. This can be observed not only in the first prokaryotic cells that formed in the hydrothermal vents that exist in the fissures of the seafloor but also in the way animals behave in the wild. Major Lowry uses the illustration of wolves snarling their fangs at a would-be thief of their recently acquired game to broadcast that the cost of stealing the resources would be higher than the benefit gained from the food. Here, the wolf is projecting power to keep its resources. Following such reasoning, pack animals such as wolves must create power hierarchies within their communities so that the most powerful wolf, most capable of efficient power projection, is fed and allowed to reproduce so that the pack can have the most power projection capabilities possible to protect their resources. To do so, wolves must physically fight amongst themselves in a competition of dominance. This is an unfortunate requirement, as two wolves will fight until one wolf has their fangs on the jugular of the other to prove superiority6. Therefore, the physicality required to create power hierarchies can prove dangerous and fratricidal. Other animals, such as deer, solve this issue with the development of antlers which allows them to use their antlers as power projection weapons against other species but leads to safe competition within their species as the antlers simply tangle as they butt heads without the risk of mortal wounds. In this way, the deer developed a biological method of managing internal power hierarchies using physical power with a decreased risk of fratricide. Major Lowry puts forth the idea that human beings, through language and storytelling, developed a form of abstract power projection in an attempt to organize resources without physical violence6. However, the universe tends toward increasing entropy, and physical energy is used to manage resource energy. Nature does not recognize the management of resources through any other means aside from physical energy. Therefore, human beings are stuck in a problematic cycle where we attempt to organize our societies and resources through abstract power projection, only to have them collapse under the weight of their hollow foundation through physical power projection. To our understandable discontent and frustration, war, civil war, and revolutions are constantly occurring as nature’s only proper mechanism of organizing resources. Though a bleak outlook on how humans must manage themselves, Major Lowry provides hope that the technological innovation of an entropy engine solves this crucial flaw in how our societies organize. The entropy engine is a means of managing resources using physical power. In other words, it acts as a technological antler allowing human beings to organize themselves following the laws of nature without the need for kinetic violence and fratricide. Rather than mutually assured destruction through nuclear warfare, the entropy engine promotes mutually assured protection as we all use the machine to protect our resources and each other simultaneously.ConclusionThe operation of this distributed entropy engine relies upon the competitive production of entropy. Its users can secure their property most when using machines that produce the most entropy. It economically incentivizes, subsidizes, and makes possible the harnessing of previously untapped energy resources of the Earth. It also potentially reduces our need to fight wars in pursuit of resource acquisition because it allows us to compete over resources via other, more peaceful means. This entropy engine, Bitcoin, is accelerating human beings in fulfilling their cosmic purpose of facilitating energy flow in the universe. All while making society more resource-abundant, peaceful, and cooperative. If the second law of thermodynamics is inevitable, what does that make Bitcoin?References1. Nakamoto S. Bitcoin: A Peer-to-Peer Electronic Cash System. Accessed November 16, 2021. www.bitcoin.org2. Szabo N. Shelling Out: The Origins of Money. Satoshi Nakamoto Institute. Published 2002. Accessed April 19, 2023. https://nakamotoinstitute.org/shelling-out/3. Zolfaghari B, Bibak K, Koshiba T. The Odyssey of Entropy: Cryptography. Entropy. 2022;24(2). doi:10.3390/e240202664. Prescott S, Rudd MA, Ignacio Ibañez J, Freier A. Bitcoin’sBitcoin’s Carbon Footprint Revisited: Proof of Work Mining for Renewable Energy Expansion. Challenges 2023, Vol 14, Page 35. 2023;14(3):35. doi:10.3390/CHALLE140300355. Rhodes JD, Deetjen T, Smith C. Impacts of Large, Flexible Data Center Operations on the Future of ERCOT. Published online 2021.6. Lowry J. Softwar: A Novel Theory on Power Projection and the National Strategic Significance of Bitcoin: Lowery, Jason Paul: 9798371524188: Amazon.Com: Books. Massachusetts Institute of Technology; 2023.This is a guest post by Sydney Bright. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

  • [FIC 2024] Que reste-t-il de "personnelles" à nos données ?
    par Alice Vitard le 26 mars 2024 à 15h32

    C'est la Commission nationale de l'informatique et des libertés (Cnil) qui le dit : "Le RGPD : la meilleure prévention contre les risques...

  • Vulnerability Summary for the Week of March 18, 2024
    par CISA le 26 mars 2024 à 13h56

      High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info N/A -- N/A   Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component. 2024-03-19 8.8 CVE-2024-24042 cve@mitre.org cve@mitre.org N/A -- N/A   danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. 2024-03-18 7.4 CVE-2024-29154 cve@mitre.org aam -- advanced_access_manager   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. 2024-03-19 7.1 CVE-2024-29127 audit@patchstack.com abast -- scan_visio_edocument_suite_web_viewer   A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter. 2024-03-21 9.8 CVE-2024-29732 cve-coordination@incibe.es acryldata -- datahub-helm   datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of time, personal access tokens were possibly created with a default secret key. Since the secret key is a static, publicly available value, someone could inspect the algorithm used to generate personal access tokens and generate their own for an instance. Deploying with Metadata Service Authentication enabled would have been difficult during window of releases. If someone circumvented the helm settings and manually set Metadata Service Authentication to be enabled using environment variables directly, this would skip over the autogeneration logic for the Kubernetes Secrets and DataHub GMS would default to the signing key specified statically in the application.yml. Most deployments probably did not attempt to circumvent the helm settings to enable Metadata Service Authentication during this time, so impact is most likely limited. Any deployments with Metadata Service Authentication enabled should ensure that their secret values are properly randomized. Version 0.2.182 contains a patch for this issue. As a workaround, one may reset the token signing key to be a random value, which will invalidate active personal access tokens. 2024-03-20 9.1 CVE-2024-29037 security-advisories@github.com security-advisories@github.com adobe -- animate   Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20761 psirt@adobe.com adobe -- bridge   Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20752 psirt@adobe.com adobe -- bridge   Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20755 psirt@adobe.com adobe -- bridge   Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20756 psirt@adobe.com adobe -- coldfusion   ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction. 2024-03-18 8.2 CVE-2024-20767 psirt@adobe.com adobe -- lightroom_desktop   Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.5 CVE-2024-20754 psirt@adobe.com adobe -- premiere_pro   Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20745 psirt@adobe.com adobe -- premiere_pro   Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 7.8 CVE-2024-20746 psirt@adobe.com amssplus -- amss++   Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2584 cve-coordination@incibe.es amssplus -- amss++   File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. 2024-03-18 9.9 CVE-2024-2599 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2585 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2586 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2587 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2588 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2589 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2590 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2591 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. 2024-03-18 8.2 CVE-2024-2592 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2593 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2594 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2595 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2596 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2597 cve-coordination@incibe.es amssplus -- amss++   Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-03-18 7.1 CVE-2024-2598 cve-coordination@incibe.es apollographql -- router   The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. Router version 1.40.2 has a fix for the vulnerability. Those who are unable to upgrade may be able to implement mitigations at proxies or load balancers positioned in front of their Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size. 2024-03-21 7.5 CVE-2024-28101 security-advisories@github.com security-advisories@github.com argoproj -- argo_cd   Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This is a critical security vulnerability that allows attackers to bypass the brute force login protection mechanism. Not only can they crash the service affecting all users, but they can also make unlimited login attempts, increasing the risk of account compromise. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue. 2024-03-18 9.8 CVE-2024-21652 security-advisories@github.com argoproj -- argo_cd   Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. The vulnerability is rooted in the application's code, where an array is being modified while it is being iterated over. This is a classic programming error but becomes critically unsafe when executed in a multi-threaded environment. When two threads interact with the same array simultaneously, the application crashes. This is a Denial of Service (DoS) vulnerability. Any attacker can crash the application continuously, making it impossible for legitimate users to access the service. The issue is exacerbated because it does not require authentication, widening the pool of potential attackers. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue. 2024-03-18 7.5 CVE-2024-21661 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com argoproj -- argo_cd   Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined with other vulnerabilities to attack the default admin account. This flaw undermines a patch for CVE-2020-8827 intended to protect against brute-force attacks. The application's brute force protection relies on a cache mechanism that tracks login attempts for each user. This cache is limited to a `defaultMaxCacheSize` of 1000 entries. An attacker can overflow this cache by bombarding it with login attempts for different users, thereby pushing out the admin account's failed attempts and effectively resetting the rate limit for that account. This is a severe vulnerability that enables attackers to perform brute force attacks at an accelerated rate, especially targeting the default admin account. Users should upgrade to version 2.8.13, 2.9.9, or 2.10.4 to receive a patch. 2024-03-18 7.5 CVE-2024-21662 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com astropy -- astropy   Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue. 2024-03-18 8.4 CVE-2023-41334 security-advisories@github.com security-advisories@github.com security-advisories@github.com cegid -- meta4_hr   An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application. 2024-03-19 9 CVE-2024-2636 cve-coordination@incibe.es cegid -- meta4_hr   A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP GET '/sitetest/english/dumpenv.jsp'. 2024-03-19 7.5 CVE-2024-2632 cve-coordination@incibe.es cegid -- meta4_hr   The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they do not offer product functionality 2024-03-19 7.3 CVE-2024-2635 cve-coordination@incibe.es checkmk_gmbh -- checkmk   Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. 2024-03-22 8.2 CVE-2024-0638 security@checkmk.com checkmk_gmbh -- checkmk   Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. 2024-03-22 8.8 CVE-2024-28824 security@checkmk.com chirp_systems -- chirp_access   Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access. 2024-03-20 9.1 CVE-2024-2197 ics-cert@hq.dhs.gov ciges -- cigesv2   SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. 2024-03-22 9.8 CVE-2024-2722 cve-coordination@incibe.es ciges -- cigesv2   SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. 2024-03-22 9.8 CVE-2024-2723 cve-coordination@incibe.es ciges -- cigesv2   SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. 2024-03-22 9.8 CVE-2024-2724 cve-coordination@incibe.es ciges -- cigesv2   Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application. 2024-03-22 7.5 CVE-2024-2725 cve-coordination@incibe.es cilium -- cilium   Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue. 2024-03-18 7.2 CVE-2024-28248 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com cimatti_consulting -- contact_forms_by_cimatti   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0. 2024-03-19 7.1 CVE-2024-29117 audit@patchstack.com codekraft -- antispam_for_contact_form_7   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codekraft AntiSpam for Contact Form 7 allows Reflected XSS.This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.0. 2024-03-17 7.1 CVE-2024-27961 audit@patchstack.com coder -- coder   Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user's email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider. Coder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting. 2024-03-21 8.2 CVE-2024-27918 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com dassault_syst-mes -- solidworks_desktop   Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. 2024-03-22 7.8 CVE-2024-1848 3DS.Information-Security@3ds.com dell -- poweredge_platform   Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory. 2024-03-19 7.2 CVE-2024-22453 security_alert@emc.com delta_electronics -- diaenergie   SQL injection vulnerability exists in GetDIAE_unListParameters. 2024-03-21 8.8 CVE-2024-23494 ics-cert@hq.dhs.gov delta_electronics -- diaenergie   SQL injection vulnerability exists in GetDIAE_slogListParameters. 2024-03-21 8.8 CVE-2024-23975 ics-cert@hq.dhs.gov delta_electronics -- diaenergie   Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten. 2024-03-21 8.1 CVE-2024-25567 ics-cert@hq.dhs.gov delta_electronics -- diaenergie   SQL injection vulnerability exists in the script DIAE_tagHandler.ashx. 2024-03-21 8.8 CVE-2024-25937 ics-cert@hq.dhs.gov delta_electronics -- diaenergie   Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. 2024-03-21 8.8 CVE-2024-28029 ics-cert@hq.dhs.gov delta_electronics -- diaenergie   SQL injection vulnerability exists in GetDIAE_astListParameters. 2024-03-21 8.8 CVE-2024-28040 ics-cert@hq.dhs.gov delta_electronics -- diaenergie   It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. 2024-03-21 8.1 CVE-2024-28171 ics-cert@hq.dhs.gov delta_electronics -- diaenergie   SQL injection vulnerability exists in the script Handler_CFG.ashx. 2024-03-21 8.8 CVE-2024-28891 ics-cert@hq.dhs.gov denoland -- deno   Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node child_process IPC relies on the JS side to pass the raw IPC file descriptor to `op_node_ipc_pipe()`, which returns a `IpcJsonStreamResource` ID associated with the file descriptor. On closing the resource, the raw file descriptor is closed together. Use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors. This allow standard input (fd 0) to be closed and re-opened for a different resource, which allows a silent permission prompt bypass. This is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable. There is a working exploit that achieves arbitrary code execution by bypassing prompts from zero permissions, additionally abusing the fact that Cache API lacks filesystem permission checks. The attack can be conducted silently as stderr can also be closed, suppressing all prompt outputs. Version 1.39.1 fixes the bug. 2024-03-21 8.2 CVE-2024-27933 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com denoland -- deno   Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable for both `*const c_void` and `ExternalPointer` implementations. Version 1.40.3 fixes this issue. 2024-03-21 8.4 CVE-2024-27934 security-advisories@github.com denoland -- deno   Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41 of the deno_runtime library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to the program are based on the contents that contain the ANSI escape sequences. Any Deno program can spoof the content of the interactive permission prompt by inserting a broken ANSI code, which allows a malicious Deno program to display the wrong file path or program name to the user. Version 1.41 of the deno_runtime library contains a patch for the issue. 2024-03-21 8.8 CVE-2024-27936 security-advisories@github.com security-advisories@github.com security-advisories@github.com denoland -- deno   Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance optimization to limit allocations during these asynchronous read operations. This can lead to data intended for one session being received by another session, potentially resulting in data corruption and unexpected behavior. This affects all users of Deno that use the node.js compatibility layer for network communication or other streams, including packages that may require node.js libraries indirectly. Version 1.36.3 contains a patch for this issue. 2024-03-21 7.2 CVE-2024-27935 security-advisories@github.com security-advisories@github.com security-advisories@github.com dev_institute -- restrict_user_access_-_membership_plugin_with_force   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEV Institute Restrict User Access - Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access - Membership Plugin with Force: from n/a through 2.5. 2024-03-19 7.1 CVE-2024-29138 audit@patchstack.com django-wiki -- django-wiki   django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users. 2024-03-18 7.5 CVE-2024-28865 security-advisories@github.com security-advisories@github.com dnesscarkey -- wp_armour_-_honeypot_anti_spam   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dnesscarkey WP Armour - Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour - Honeypot Anti Spam: from n/a through 2.1.13. 2024-03-19 7.1 CVE-2024-29091 audit@patchstack.com elliot_sowersby,_relywp -- coupon_affiliates   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates allows Reflected XSS.This issue affects Coupon Affiliates: from n/a through 5.12.7. 2024-03-19 7.1 CVE-2024-29125 audit@patchstack.com eprosima -- fast_dds   eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue. 2024-03-20 9.6 CVE-2024-28231 security-advisories@github.com security-advisories@github.com evergreen_content_poster -- evergreen_content_poster   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster allows Reflected XSS.This issue affects Evergreen Content Poster: from n/a through 1.4.1. 2024-03-19 7.1 CVE-2024-29099 audit@patchstack.com firassaidi -- woocommerce_license_manager   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firassaidi WooCommerce License Manager allows Reflected XSS.This issue affects WooCommerce License Manager: from n/a through 5.3.1. 2024-03-19 7.1 CVE-2024-29121 audit@patchstack.com firebirdsql -- firebird   Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available. 2024-03-20 7.5 CVE-2023-41038 security-advisories@github.com security-advisories@github.com florian_'fkrauthan'_krauthan -- wp_mpdf   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1. 2024-03-21 7.1 CVE-2024-27962 audit@patchstack.com franklin_fueling_system -- evo_550   Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system. 2024-03-19 7.5 CVE-2024-2442 ics-cert@hq.dhs.gov frappe -- frappe   Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available. 2024-03-21 8.1 CVE-2024-27105 security-advisories@github.com frappe -- frappe   Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available. 2024-03-21 7.5 CVE-2024-24813 security-advisories@github.com freescout-helpdesk -- freescout   FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the `App_Key` of the application. This limitation makes the Attack Complexity to be High. If an attacker gets hold of the `App_Key`, the attacker can compromise the Complete server on which the application is deployed. Version 1.8.128 contains a patch for this issue. 2024-03-22 9 CVE-2024-29185 security-advisories@github.com freescout-helpdesk -- freescout   FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious scripts that will be executed when other users access the affected page. In this case, the Support Agent User can inject malicious scripts into their signature, which will then be executed when viewed by the Administrator. The application protects users against XSS attacks by enforcing a CSP policy, the CSP Policy is: `script-src 'self' 'nonce-abcd' `. The CSP policy only allows the inclusion of JS files that are present on the application server and doesn't allow any inline script or script other than nonce-abcd. The CSP policy was bypassed by uploading a JS file to the server by a POST request to /conversation/upload endpoint. After this, a working XSS payload was crafted by including the uploaded JS file link as the src of the script. This bypassed the CSP policy and XSS attacks became possible. The impact of this vulnerability is severe as it allows an attacker to compromise the FreeScout Application. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. Alternatively, the attacker can elevate the privileges of a low-privileged user to Administrator, further compromising the security of the application. Attackers can steal sensitive information such as login credentials, session tokens, personal identifiable information (PII), and financial data. The vulnerability can also lead to defacement of the Application. Version 1.8.128 contains a patch for this issue. 2024-03-22 8 CVE-2024-29184 security-advisories@github.com friendsofsymfony1 -- symfony1   Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue. 2024-03-22 9.8 CVE-2024-28861 security-advisories@github.com security-advisories@github.com fujian_kelixin_communication -- command_and_dispatch_platform   A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/get_extension_yl.php. The manipulation of the argument imei leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257065 was assigned to this vulnerability. 2024-03-17 7.3 CVE-2024-2566 cna@vuldb.com cna@vuldb.com cna@vuldb.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters. 2024-03-20 7.2 CVE-2023-41877 security-advisories@github.com security-advisories@github.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Coverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal. This vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges. Versions 2.23.4 and 2.24.1 contain a fix for this issue. 2024-03-20 7.2 CVE-2023-51444 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com gesundheit_bewegt_gmbh -- zippy   Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9. 2024-03-21 8.8 CVE-2024-27964 audit@patchstack.com getgrav -- grav   Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue. 2024-03-21 8.8 CVE-2024-27921 security-advisories@github.com security-advisories@github.com getgrav -- grav   Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue. 2024-03-21 8.8 CVE-2024-27923 security-advisories@github.com security-advisories@github.com getgrav -- grav   Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue. 2024-03-21 8.8 CVE-2024-28116 security-advisories@github.com security-advisories@github.com getgrav -- grav   Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Upgrading to patched version 1.7.45 can mitigate this issue. 2024-03-21 8.8 CVE-2024-28117 security-advisories@github.com security-advisories@github.com getgrav -- grav   Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue. 2024-03-21 8.8 CVE-2024-28118 security-advisories@github.com security-advisories@github.com getgrav -- grav   Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue. 2024-03-21 8.8 CVE-2024-28119 security-advisories@github.com security-advisories@github.com security-advisories@github.com github -- enterprise_server   An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. 2024-03-20 8 CVE-2024-2469 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com github -- github_enterprise_server   A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. 2024-03-20 9.1 CVE-2024-2443 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com glpi-project -- glpi   GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13. 2024-03-18 7.7 CVE-2024-27096 security-advisories@github.com security-advisories@github.com security-advisories@github.com hasthemes -- extensions_for_cf7   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6. 2024-03-19 7.1 CVE-2024-29102 audit@patchstack.com hasthemes -- ht_easy_ga4_(_google_analytics_4_)   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7. 2024-03-19 7.1 CVE-2024-29094 audit@patchstack.com i_thirteen_web_solution -- email_subscription_popup   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20. 2024-03-17 7.1 CVE-2024-27960 audit@patchstack.com ibm -- cloud_pak_for_automation   IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354. 2024-03-21 7 CVE-2023-35899 psirt@us.ibm.com psirt@us.ibm.com iconicwp -- woothumbs_for_woocommerce_by_iconic   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs for WooCommerce by Iconic: from n/a through 5.5.3. 2024-03-19 7.1 CVE-2024-29116 audit@patchstack.com israelb1 -- management_app_for_woocommerce_-_order_notifications,_order_management,_lead_management,_uptime_monitoring   The Management App for WooCommerce - Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvello_upload_csv_file function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. 2024-03-20 8.8 CVE-2024-1205 security@wordfence.com security@wordfence.com security@wordfence.com jens-maus -- raspberrymatic   RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch. 2024-03-18 10 CVE-2024-24578 security-advisories@github.com jhpyle -- docassemble   Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch. 2024-03-21 7.5 CVE-2024-27292 security-advisories@github.com security-advisories@github.com jose_mortellaro -- specific_content_for_mobile_-_customize_the_mobile_version_without_redirections   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Mortellaro Specific Content For Mobile - Customize the mobile version without redirections allows Reflected XSS.This issue affects Specific Content For Mobile - Customize the mobile version without redirections: from n/a through 0.1.9.5. 2024-03-19 7.1 CVE-2024-29126 audit@patchstack.com jupyterhub -- jupyter-server-proxy   Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to the Jupyter server endpoint. This vulnerability can allow unauthenticated remote access to any websocket endpoint set up to be accessible via Jupyter Server Proxy. In many cases, this leads to remote unauthenticated arbitrary code execution, due to how affected instances use websockets. The websocket endpoints exposed by `jupyter_server` itself is not affected. Projects that do not rely on websockets are also not affected. Versions 3.2.3 and 4.1.1 contain a fix for this issue. 2024-03-20 9 CVE-2024-28179 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com jupyterhub -- oauthenticator   OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a JupyterHub. The restriction is intented to be to Google accounts part of one or more Google organization verified to control specified domain(s). Prior to version 16.3.0, the actual restriction has been to Google accounts with emails ending with the domain. Such accounts could have been created by anyone which at one time was able to read an email associated with the domain. This was described by Dylan Ayrey (@dxa4481) in this [blog post] from 15th December 2023). OAuthenticator 16.3.0 contains a patch for this issue. As a workaround, restrict who can login another way, such as `allowed_users` or `allowed_google_groups`. 2024-03-20 7.5 CVE-2024-29033 security-advisories@github.com security-advisories@github.com security-advisories@github.com kiloview -- ndi   Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . 2024-03-21 9.8 CVE-2024-2161 vulnerability@ncsc.ch vulnerability@ncsc.ch vulnerability@ncsc.ch vulnerability@ncsc.ch vulnerability@ncsc.ch vulnerability@ncsc.ch kiloview -- ndi   An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . 2024-03-21 8.8 CVE-2024-2162 vulnerability@ncsc.ch vulnerability@ncsc.ch vulnerability@ncsc.ch vulnerability@ncsc.ch vulnerability@ncsc.ch vulnerability@ncsc.ch ldapaccountmanager -- lam   LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users. 2024-03-18 7.9 CVE-2024-23333 security-advisories@github.com security-advisories@github.com maciej_bis -- permalink_manager_lite   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3. 2024-03-19 7.1 CVE-2024-29092 audit@patchstack.com mark_tilly -- mycurator_content_curation   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Reflected XSS.This issue affects MyCurator Content Curation: from n/a through 3.76. 2024-03-19 7.1 CVE-2024-29139 audit@patchstack.com mediavine -- create_by_mediavine   The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-03-20 9.8 CVE-2024-1711 security@wordfence.com security@wordfence.com meshery -- meshery   Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue. 2024-03-21 7.5 CVE-2024-29031 security-advisories@github.com security-advisories@github.com security-advisories@github.com metagauss -- eventprime   Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. 2024-03-23 8.2 CVE-2024-24832 audit@patchstack.com metagauss -- registrationmagic   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9. 2024-03-19 7.1 CVE-2024-29113 audit@patchstack.com microsoft -- microsoft_.net_framework_4.8   .NET Framework Information Disclosure Vulnerability 2024-03-23 7.5 CVE-2024-29059 secure@microsoft.com microsoft -- xbox_gaming_services   Xbox Gaming Services Elevation of Privilege Vulnerability 2024-03-21 8.8 CVE-2024-28916 secure@microsoft.com mndpsingh287 -- file_manager   The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5. 2024-03-21 8.8 CVE-2024-1538 security@wordfence.com security@wordfence.com mobsf -- mobile-security-framework-mobsf   Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue. 2024-03-22 7.5 CVE-2024-29190 security-advisories@github.com security-advisories@github.com security-advisories@github.com n/a -- golang-fips/openssl   A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them. 2024-03-21 7.5 CVE-2024-1394 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com n/a -- libdwarf   A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results. 2024-03-18 7.5 CVE-2024-2002 secalert@redhat.com secalert@redhat.com secalert@redhat.com n/a -- podman   A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. 2024-03-18 8.6 CVE-2024-1753 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com n/a -- spring_security   In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. 2024-03-18 8.2 CVE-2024-22257 security@vmware.com n/a -- tourfic   Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15. 2024-03-19 9.9 CVE-2024-29135 audit@patchstack.com n/a -- unixodbc   An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. 2024-03-18 7.1 CVE-2024-1013 secalert@redhat.com secalert@redhat.com secalert@redhat.com n/a -- xnio   A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). 2024-03-22 7.5 CVE-2023-5685 secalert@redhat.com secalert@redhat.com netentsec -- ns-asg_application_security_gateway   A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /admin/singlelogin.php. The manipulation of the argument loginId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257285 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 7.3 CVE-2024-2647 cna@vuldb.com cna@vuldb.com cna@vuldb.com ninjateam -- database_for_contact_form_7   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam Database for Contact Form 7 allows Stored XSS.This issue affects Database for Contact Form 7: from n/a through 3.0.6. 2024-03-19 7.1 CVE-2024-29103 audit@patchstack.com olive_themes -- olive_one_click_demo_import   Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. 2024-03-20 8.2 CVE-2024-2702 audit@patchstack.com openeuler -- aops_ceres   Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through 1.4.1. 2024-03-23 7.3 CVE-2021-33633 securities@openeuler.org securities@openeuler.org securities@openeuler.org opentext -- arcsight_platform   A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited. 2024-03-20 9.8 CVE-2024-1811 security@opentext.com opentext -- pvcs_version_manager   Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. 2024-03-21 9.8 CVE-2024-1147 security@opentext.com opentext -- pvcs_version_manager   Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. 2024-03-21 9.8 CVE-2024-1148 security@opentext.com optimole -- super_page_cache_for_cloudflare   Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5. 2024-03-21 7.1 CVE-2024-27968 audit@patchstack.com owncast -- owncast   Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue. 2024-03-20 8.2 CVE-2024-29026 security-advisories@github.com security-advisories@github.com security-advisories@github.com panabit -- panalog   A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-21 7.3 CVE-2024-2014 cna@vuldb.com cna@vuldb.com cna@vuldb.com pandora_fms -- pandora_fms   Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through <776. 2024-03-19 7.5 CVE-2023-44091 security@pandorafms.com pandora_fms -- pandora_fms   Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through <776. 2024-03-19 7.6 CVE-2023-44092 security@pandorafms.com parse-community -- parse_server   Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server. 2024-03-19 9 CVE-2024-29027 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com pauple -- table_&_contact_form_7_database_-_tablesome   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pauple Table & Contact Form 7 Database - Tablesome allows Reflected XSS.This issue affects Table & Contact Form 7 Database - Tablesome: from n/a through 1.0.27. 2024-03-19 7.1 CVE-2024-29110 audit@patchstack.com pie_register -- pie_register   Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. 2024-03-17 10 CVE-2024-27957 audit@patchstack.com post_smtp -- post_smtp   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6. 2024-03-19 7.1 CVE-2024-29128 audit@patchstack.com progress_software -- loadmaster   An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. 2024-03-22 8.4 CVE-2024-2448 security@progress.com security@progress.com progress_software -- loadmaster   A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. 2024-03-22 7.5 CVE-2024-2449 security@progress.com security@progress.com progress_software_corporation -- telerik_report_server   In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. 2024-03-20 9.9 CVE-2024-1800 security@progress.com security@progress.com progress_software_corporation -- telerik_reporting   In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. 2024-03-20 8.5 CVE-2024-1856 security@progress.com security@progress.com progress_software_corporation -- telerik_reporting   In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. 2024-03-20 7.7 CVE-2024-1801 security@progress.com security@progress.com python_software_foundation -- cpython   An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. 2024-03-19 7.8 CVE-2023-6597 cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org rubengc -- gamipress_-_the_#1_gamification_plugin_to_reward_points_achievements_badges_&_ranks_in_wordpress   The GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-03-20 8.8 CVE-2024-1799 security@wordfence.com security@wordfence.com ruijie -- rg-nbs2009g-p   A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 7.3 CVE-2024-2642 cna@vuldb.com cna@vuldb.com cna@vuldb.com sailpoint -- identityiq   This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227. 2024-03-22 10 CVE-2024-2227 psirt@sailpoint.com sailpoint -- identityiq   This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. 2024-03-22 7.1 CVE-2024-2228 psirt@sailpoint.com schneider_electric -- easergy_t200_(modbus)_models:_t200i_t200e_t200p_t200s_t200h   CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. 2024-03-18 9.8 CVE-2024-2051 cybersecurity@se.com schneider_electric -- easergy_t200_(modbus)_models:_t200i_t200e_t200p_t200s_t200h   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product. 2024-03-18 8.2 CVE-2024-2050 cybersecurity@se.com schneider_electric -- easergy_t200_(modbus)_models:_t200i_t200e_t200p_t200s_t200h   CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location. 2024-03-18 7.5 CVE-2024-2052 cybersecurity@se.com schneider_electric -- ecostruxure_power_design_-_ecodial   CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. 2024-03-18 7.8 CVE-2024-2229 cybersecurity@se.com scott_paterson -- contact_form_7_-_paypal_&_stripe_add-on   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 - PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 - PayPal & Stripe Add-on: from n/a through 2.0. 2024-03-19 7.1 CVE-2024-29130 audit@patchstack.com sentrifugo -- sentrifugo   SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29870 cve-coordination@incibe.es sentrifugo -- sentrifugo   SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29871 cve-coordination@incibe.es sentrifugo -- sentrifugo   SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29872 cve-coordination@incibe.es sentrifugo -- sentrifugo   SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29873 cve-coordination@incibe.es sentrifugo -- sentrifugo   SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29874 cve-coordination@incibe.es sentrifugo -- sentrifugo   SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29875 cve-coordination@incibe.es sentrifugo -- sentrifugo   SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. 2024-03-21 9.8 CVE-2024-29876 cve-coordination@incibe.es sentrifugo -- sentrifugo   Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-03-21 7.1 CVE-2024-29877 cve-coordination@incibe.es sentrifugo -- sentrifugo   Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-03-21 7.1 CVE-2024-29878 cve-coordination@incibe.es sentrifugo -- sentrifugo   Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. 2024-03-21 7.1 CVE-2024-29879 cve-coordination@incibe.es social_media_share_buttons_by_sygnoos -- social_media_share_buttons   Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. 2024-03-20 8.2 CVE-2024-2721 audit@patchstack.com sourcecodester -- employee_task_management_system   A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin-manage-user.php. The manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257072. 2024-03-18 7.3 CVE-2024-2569 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit-task.php. The manipulation leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257073 was assigned to this vulnerability. 2024-03-18 7.3 CVE-2024-2570 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage-admin.php. The manipulation leads to execution after redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257074 is the identifier assigned to this vulnerability. 2024-03-18 7.3 CVE-2024-2571 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257075. 2024-03-18 7.3 CVE-2024-2572 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file /task-info.php. The manipulation leads to execution after redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257076. 2024-03-18 7.3 CVE-2024-2573 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The manipulation of the argument task_id leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257077 was assigned to this vulnerability. 2024-03-18 7.3 CVE-2024-2574 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257078 is the identifier assigned to this vulnerability. 2024-03-18 7.3 CVE-2024-2575 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument admin_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257079. 2024-03-18 7.3 CVE-2024-2576 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080. 2024-03-18 7.3 CVE-2024-2577 cna@vuldb.com cna@vuldb.com cna@vuldb.com stacklok -- minder   Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue. 2024-03-21 7.1 CVE-2024-27916 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com svenl77 -- buddypress_woocommerce_my_account_integration_create_woocommerce_member_pages   The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-03-23 8.8 CVE-2024-2025 security@wordfence.com security@wordfence.com tenable -- nessus_agent   As a part of Tenable's vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. 2024-03-18 7.8 CVE-2024-2390 vulnreport@tenable.com tenda -- ac10   A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability. 2024-03-18 8.8 CVE-2024-2581 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as critical. Affected by this issue is the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceMac leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257462 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2711 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u   A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49. Affected is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2703 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u   A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49. Affected by this vulnerability is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2704 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u   A vulnerability, which was classified as critical, has been found in Tenda AC10U 1.0/15.03.06.49. Affected by this issue is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2705 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u   A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49. This affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257457 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2706 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u   A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257459. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2708 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u   A vulnerability was found in Tenda AC10U 15.03.06.49. It has been classified as critical. Affected is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257460. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2709 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u   A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257461 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 8.8 CVE-2024-2710 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u   A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Affected by this issue is the function formSetCfm of the file goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-21 8.8 CVE-2024-2763 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac10u   A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-21 8.8 CVE-2024-2764 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15 A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2813 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15 A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2814 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15 A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2815 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2805 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2806 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2807 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2808 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2809 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2810 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 8.8 CVE-2024-2811 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac18   A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 8.8 CVE-2024-2546 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac18   A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 8.8 CVE-2024-2547 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac18   A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 8.8 CVE-2024-2558 cna@vuldb.com cna@vuldb.com cna@vuldb.com themefic -- tourfic   Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic: from n/a through 2.11.17. 2024-03-19 8.5 CVE-2024-29136 audit@patchstack.com themefic -- tourfic   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7. 2024-03-19 7.1 CVE-2024-29137 audit@patchstack.com themeisle -- visualizer   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5. 2024-03-17 7.1 CVE-2024-27958 audit@patchstack.com tomphttp -- bare-server-node   TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may vary depending on the specific usage of the package but it can potentially affect any system where this package is in use. The problem has been patched in version 2.0.2. As of time of publication, no specific workaround strategies have been disclosed. 2024-03-21 9.8 CVE-2024-27922 security-advisories@github.com typps -- calendarista_basic_edition   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2. 2024-03-21 7.1 CVE-2024-27993 audit@patchstack.com ukrsolution -- barcode_scanner_with_inventory_&_order_manager   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. 2024-03-19 7.1 CVE-2024-27998 audit@patchstack.com unitronics_ -- unistream_unilogic   CWE-287: Improper Authentication may allow Authentication Bypass 2024-03-18 10 CVE-2024-27767 cna@cyber.gov.il unitronics_ -- unistream_unilogic   Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE 2024-03-18 9.8 CVE-2024-27768 cna@cyber.gov.il cna@cyber.gov.il unitronics_ -- unistream_unilogic   Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices 2024-03-18 8.8 CVE-2024-27769 cna@cyber.gov.il cna@cyber.gov.il unitronics_ -- unistream_unilogic   Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-23: Relative Path Traversal 2024-03-18 8.8 CVE-2024-27770 cna@cyber.gov.il cna@cyber.gov.il unitronics_ -- unistream_unilogic   Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE 2024-03-18 8.8 CVE-2024-27771 cna@cyber.gov.il cna@cyber.gov.il unitronics_ -- unistream_unilogic   Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE 2024-03-18 8.8 CVE-2024-27772 cna@cyber.gov.il cna@cyber.gov.il unitronics_ -- unistream_unilogic   Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE 2024-03-18 8.8 CVE-2024-27773 cna@cyber.gov.il cna@cyber.gov.il unitronics_ -- unistream_unilogic   Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware 2024-03-18 7.5 CVE-2024-27774 cna@cyber.gov.il cna@cyber.gov.il valvepress -- automatic   Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. 2024-03-21 9.9 CVE-2024-27956 audit@patchstack.com wasmi-labs -- wasmi   Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn't affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1. 2024-03-21 7.3 CVE-2024-28123 security-advisories@github.com security-advisories@github.com security-advisories@github.com webberzone -- better_search_-_relevant_search_results_for_wordpress   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebberZone Better Search - Relevant search results for WordPress allows Stored XSS.This issue affects Better Search - Relevant search results for WordPress: from n/a through 3.3.0. 2024-03-19 7.1 CVE-2024-29142 audit@patchstack.com webpack -- webpack-dev-middleware   Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack. Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer's machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing. 2024-03-21 7.4 CVE-2024-29180 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com wpexpertsio -- wc_shop_sync_-_integrate_square_and_woocommerce_for_seamless_shop_management   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync - Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync - Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9. 2024-03-17 7.1 CVE-2024-27959 audit@patchstack.com wplit_pty_ltd -- oxyextras   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4. 2024-03-19 7.1 CVE-2024-29129 audit@patchstack.com wpvncom -- ux_flat   The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 7.4 CVE-2024-2459 security@wordfence.com security@wordfence.com xpodas -- octopod   Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1.  NOTE: The vendor was contacted and it was learned that the product is not supported. 2024-03-21 9.8 CVE-2024-1202 iletisim@usom.gov.tr yannick_lefebvre -- link_library   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6. 2024-03-19 7.1 CVE-2024-29123 audit@patchstack.com yith -- yith_woocommerce_product_add-ons   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0. 2024-03-21 7.1 CVE-2024-27994 audit@patchstack.com zitadel -- zitadel   ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15. An attacker could create a malicious link, where he injected code which would be rendered as part of the login screen. While it was possible to inject HTML including JavaScript, the execution of such scripts would be prevented by the Content Security Policy. Versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15 contain a patch for this issue. No known workarounds are available. 2024-03-18 8.1 CVE-2024-28855 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com Back to top   Medium Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 3uu -- shariff_wrapper   The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'secondarycolor' and 'maincolor'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2023-6500 security@wordfence.com security@wordfence.com 3uu -- shariff_wrapper   The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'info_text'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks the information icon. 2024-03-21 6.4 CVE-2024-0966 security@wordfence.com security@wordfence.com security@wordfence.com 3uu -- shariff_wrapper   The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'align'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2024-1450 security@wordfence.com security@wordfence.com security@wordfence.com N/A -- N/A   Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file. 2024-03-19 5.5 CVE-2024-24043 cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server. 2024-03-21 5.9 CVE-2024-28756 cve@mitre.org cve@mitre.org aam -- advanced_access_manager   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. 2024-03-19 5.9 CVE-2024-29124 audit@patchstack.com aankit -- easy_maintenance_mode   The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by the plugin. 2024-03-20 5.3 CVE-2024-1477 security@wordfence.com security@wordfence.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-20760 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-20768 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26028 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26030 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26031 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction. 2024-03-18 5.4 CVE-2024-26032 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26033 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26034 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26035 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26038 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26040 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26041 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26042 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26043 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26044 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26045 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26052 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26056 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26059 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26061 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26062 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information, potentially bypassing security measures. Exploitation of this issue does not require user interaction. 2024-03-18 5.3 CVE-2024-26063 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction. 2024-03-18 5.4 CVE-2024-26064 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26065 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26067 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26069 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26073 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable script. 2024-03-18 5.4 CVE-2024-26080 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26094 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26096 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26101 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26102 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26103 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26104 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26105 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26106 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26107 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. 2024-03-18 5.4 CVE-2024-26118 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. 2024-03-18 5.3 CVE-2024-26119 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26120 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26124 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 5.4 CVE-2024-26125 psirt@adobe.com adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 4.8 CVE-2024-26050 psirt@adobe.com adobe -- animate   Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20762 psirt@adobe.com adobe -- animate   Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20763 psirt@adobe.com adobe -- animate   Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20764 psirt@adobe.com adobe -- bridge   Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-03-18 5.5 CVE-2024-20757 psirt@adobe.com advantech -- webaccess/scada   There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. 2024-03-21 6.4 CVE-2024-2453 ics-cert@hq.dhs.gov anshuln90 -- animated_headline   The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2304 security@wordfence.com security@wordfence.com axis_communications_ab -- axis_os   Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 2024-03-19 6.5 CVE-2024-0054 product-security@axis.com axis_communications_ab -- axis_os   Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 2024-03-19 6.5 CVE-2024-0055 product-security@axis.com bdtask -- wholesale_inventory_management_system   A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 4.3 CVE-2024-2639 cna@vuldb.com cna@vuldb.com cna@vuldb.com bdthemes -- element_pack_elementor_addons   Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. 2024-03-23 4.3 CVE-2024-24840 audit@patchstack.com benjamin_rojas -- wp_editor   Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7. 2024-03-17 5.3 CVE-2024-25591 audit@patchstack.com bmc -- control-m   Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. 2024-03-18 6.4 CVE-2024-1604 cvd@cert.pl cvd@cert.pl cvd@cert.pl bmc -- control-m   BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. 2024-03-18 6.6 CVE-2024-1605 cvd@cert.pl cvd@cert.pl cvd@cert.pl bmc -- control-m   Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200. 2024-03-18 4.6 CVE-2024-1606 cvd@cert.pl cvd@cert.pl cvd@cert.pl brefphp -- bref   Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the `Riverline/multipart-parser` library. The library, in the `StreamedPart::parseHeaderContent` function, performs slow multi-byte string operations on the header value. Precisely, the `mb_convert_encoding` function is used with the first (`$string`) and third (`$from_encoding`) parameters read from the header value. An attacker could send specifically crafted requests which would force the server into performing long operations with a consequent long billed duration. The attack has the following requirements and limitations: The Lambda should use the Event-Driven Function runtime and the `RequestHandlerInterface` handler and should implement at least an endpoint accepting POST requests; the attacker can send requests up to 6MB long (this is enough to cause a billed duration between 400ms and 500ms with the default 1024MB RAM Lambda image of Bref); and if the Lambda uses a PHP runtime <= php-82, the impact is higher as the billed duration in the default 1024MB RAM Lambda image of Bref could be brought to more than 900ms for each request. Notice that the vulnerability applies only to headers read from the request body as the request header has a limitation which allows a total maximum size of ~10KB. Version 2.1.17 contains a fix for this issue. 2024-03-22 5.3 CVE-2024-29186 security-advisories@github.com security-advisories@github.com calameo -- wp_calameo   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calameo WP Calameo allows Stored XSS.This issue affects WP Calameo: from n/a through 2.1.7. 2024-03-19 6.5 CVE-2024-29098 audit@patchstack.com campcodes -- complete_online_beauty_parlor_management_system   A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257602 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2766 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_beauty_parlor_management_system   A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257603. 2024-03-21 6.3 CVE-2024-2767 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_beauty_parlor_management_system   A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257604. 2024-03-21 6.3 CVE-2024-2768 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_beauty_parlor_management_system   A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257605 was assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2769 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_beauty_parlor_management_system   A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-us.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257606 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2770 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_beauty_parlor_management_system   A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257608. 2024-03-21 6.3 CVE-2024-2774 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_beauty_parlor_management_system   A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257610 is the identifier assigned to this vulnerability. 2024-03-22 6.3 CVE-2024-2776 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_beauty_parlor_management_system   A vulnerability has been found in Campcodes Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257611. 2024-03-22 6.3 CVE-2024-2777 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_dj_booking_system   A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2712 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_dj_booking_system   A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257466 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2713 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_dj_booking_system   A vulnerability has been found in Campcodes Complete Online DJ Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257467. 2024-03-20 6.3 CVE-2024-2714 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/vacancy/controller.php. The manipulation of the argument id/CATEGORY leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257368. 2024-03-20 6.3 CVE-2024-2668 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/employee/controller.php of the component GET Parameter Handler. The manipulation of the argument EMPLOYEEID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257369 was assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2669 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/vacancy/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257370 is the identifier assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2670 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user/index.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257371. 2024-03-20 6.3 CVE-2024-2671 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257372. 2024-03-20 6.3 CVE-2024-2672 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability classified as critical has been found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257373 was assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2673 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability classified as critical was found in Campcodes Online Job Finder System 1.0. This vulnerability affects unknown code of the file /admin/employee/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257374 is the identifier assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2674 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /admin/company/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257375. 2024-03-20 6.3 CVE-2024-2675 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257376. 2024-03-20 6.3 CVE-2024-2676 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/controller.php. The manipulation of the argument CATEGORYID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257377 was assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2677 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257378 is the identifier assigned to this vulnerability. 2024-03-20 6.3 CVE-2024-2678 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387. 2024-03-20 6.3 CVE-2024-2687 cna@vuldb.com cna@vuldb.com cna@vuldb.com cegid -- meta4_hr   A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sitetest/english/dumpenv.jsp' is vulnerable to XSS attack by 'lang' query, i.e. '/sitetest/english/dumpenv.jsp?snoop=yes〈=%27%3Cimg%20src/onerror=alert(1)%3E&params'. 2024-03-19 6.1 CVE-2024-2633 cve-coordination@incibe.es cegid -- meta4_hr   A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sse_generico/generico_login.jsp' is vulnerable to XSS attack via 'lang' query, i.e. '/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f&params='. 2024-03-19 6.1 CVE-2024-2634 cve-coordination@incibe.es ciges -- cigesv2   Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration. 2024-03-22 6.1 CVE-2024-2726 cve-coordination@incibe.es ciges -- cigesv2   HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. 2024-03-22 6.1 CVE-2024-2727 cve-coordination@incibe.es ciges -- cigesv2   Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. 2024-03-22 4.1 CVE-2024-2728 cve-coordination@incibe.es cilium -- cilium   Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue. 2024-03-18 6.1 CVE-2024-28249 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com cilium -- cilium   Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.14.8 and 1.15.2 in in native routing mode (`routingMode=native`) and in Cilium 1.14.4 in tunneling mode (`routingMode=tunnel`). Not that in tunneling mode, `encryption.wireguard.encapsulate` must be set to `true`. There is no known workaround for this issue. 2024-03-18 6.1 CVE-2024-28250 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com colorlibplugins -- coming_soon_&_maintenance_mode_by_colorlib   The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin. 2024-03-20 5.3 CVE-2024-1473 security@wordfence.com security@wordfence.com cozmoslabs,_sareiodata -- passwordless_login   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2. 2024-03-19 6.5 CVE-2024-29143 audit@patchstack.com creativethemeshq -- blocksy_companion   The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-22 6.5 CVE-2024-2392 security@wordfence.com security@wordfence.com crisp -- crisp   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44. 2024-03-21 6.5 CVE-2024-27963 audit@patchstack.com data443 -- tracking_code_manager   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16. 2024-03-21 5.9 CVE-2024-2579 audit@patchstack.com dazzlersoft -- coming_soon_under_construction_&_maintenance_mode_by_dazzler   The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode. 2024-03-20 5.3 CVE-2024-1181 security@wordfence.com security@wordfence.com delabon -- live_sales_notification_for_woocommerce_-_woomotiv   The Live Sales Notification for Woocommerce - Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajax_cancel_review' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-20 4.3 CVE-2024-1325 security@wordfence.com security@wordfence.com security@wordfence.com dell -- poweredge_platform   Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. 2024-03-19 4.4 CVE-2024-25942 security_alert@emc.com delta_electronics -- diaenergie   Improper neutralization of input within the affected product could lead to cross-site scripting. 2024-03-21 4.6 CVE-2024-28045 ics-cert@hq.dhs.gov denoland -- deno   Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue 2024-03-21 4.6 CVE-2024-27932 security-advisories@github.com security-advisories@github.com security-advisories@github.com devklan -- alma_blog   Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials. 2024-03-19 6.5 CVE-2024-1144 cve-coordination@incibe.es devklan -- alma_blog   User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response. 2024-03-19 5.3 CVE-2024-1145 cve-coordination@incibe.es devklan -- alma_blog   Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'. 2024-03-19 5.8 CVE-2024-1146 cve-coordination@incibe.es diygod -- rsshub   RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version 1.0.0-master.d8ca915. No known workarounds are available. 2024-03-21 6.1 CVE-2024-27926 security-advisories@github.com security-advisories@github.com diygod -- rsshub   RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request. 2024-03-21 6.5 CVE-2024-27927 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com espocrm -- espocrm   EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2. 2024-03-21 5.9 CVE-2024-24818 security-advisories@github.com security-advisories@github.com five_star_plugins -- five_star_restaurant_menu   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14. 2024-03-19 6.5 CVE-2024-29089 audit@patchstack.com folio -- spring_module_core   A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is d374a5f77e6b58e36f0e0e4419be18b95edcd7ff. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257516. 2024-03-21 5.5 CVE-2022-4963 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com foliovision:_making_the_web_work_for_you -- fv_flowplayer_video_player   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. 2024-03-19 6.5 CVE-2024-29122 audit@patchstack.com franciscop -- translate   Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue. 2024-03-22 5.3 CVE-2024-29042 security-advisories@github.com security-advisories@github.com security-advisories@github.com fujian_kelixin_communication -- command_and_dispatch_platform   A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation of the argument uuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257197 was assigned to this vulnerability. 2024-03-19 6.3 CVE-2024-2620 cna@vuldb.com cna@vuldb.com cna@vuldb.com fujian_kelixin_communication -- command_and_dispatch_platform   A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability. 2024-03-19 6.3 CVE-2024-2621 cna@vuldb.com cna@vuldb.com cna@vuldb.com fujian_kelixin_communication -- command_and_dispatch_platform   A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/enterprise_uuid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257199. 2024-03-19 6.3 CVE-2024-2622 cna@vuldb.com cna@vuldb.com cna@vuldb.com funnelkit -- automation_by_autonami   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2. 2024-03-21 6.5 CVE-2024-2580 audit@patchstack.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue. 2024-03-20 6 CVE-2024-23634 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information. Versions 2.23.3 and 2.24.0 contain a patch for this issue. 2024-03-20 4.8 CVE-2023-51445 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue. 2024-03-20 4.8 CVE-2024-23640 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue. 2024-03-20 4.8 CVE-2024-23642 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator's browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue. 2024-03-20 4.8 CVE-2024-23643 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue. 2024-03-20 4.8 CVE-2024-23818 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. 2024-03-20 4.8 CVE-2024-23819 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com geoserver -- geoserver   GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. 2024-03-20 4.8 CVE-2024-23821 security-advisories@github.com security-advisories@github.com security-advisories@github.com github -- enterprise_server   An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program.  2024-03-21 6.3 CVE-2024-1908 product-cna@github.com product-cna@github.com product-cna@github.com product-cna@github.com github_ -- enterprise_server   A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.  2024-03-21 4.3 CVE-2024-2748 product-cna@github.com glpi-project -- glpi   GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13. 2024-03-18 6.4 CVE-2024-27098 security-advisories@github.com security-advisories@github.com security-advisories@github.com glpi-project -- glpi   GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13. 2024-03-18 6.5 CVE-2024-27930 security-advisories@github.com security-advisories@github.com security-advisories@github.com glpi-project -- glpi   GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13. 2024-03-18 6.5 CVE-2024-27937 security-advisories@github.com security-advisories@github.com security-advisories@github.com glpi-project -- glpi   GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13. 2024-03-18 5.3 CVE-2024-27914 security-advisories@github.com security-advisories@github.com security-advisories@github.com glpi-project -- glpi   GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13. 2024-03-18 4.5 CVE-2024-27104 security-advisories@github.com security-advisories@github.com security-advisories@github.com godaddy -- page_builder_gutenberg_blocks_-_coblocks   The Page Builder Gutenberg Blocks - CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-1049 security@wordfence.com security@wordfence.com gpriday -- page_builder_by_siteorigin   The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-2202 security@wordfence.com security@wordfence.com security@wordfence.com heyewei -- jfinalcms   A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257071. 2024-03-17 4.7 CVE-2024-2568 cna@vuldb.com cna@vuldb.com cna@vuldb.com ibm -- infosphere_information_server   IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. 2024-03-21 6.5 CVE-2024-22352 psirt@us.ibm.com psirt@us.ibm.com ibm -- mq   IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066. 2024-03-20 5.3 CVE-2023-45177 psirt@us.ibm.com psirt@us.ibm.com ibm -- security_verify_directory   IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. 2024-03-22 5.3 CVE-2022-32751 psirt@us.ibm.com psirt@us.ibm.com ibm -- security_verify_directory   IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444. 2024-03-22 4.5 CVE-2022-32753 psirt@us.ibm.com psirt@us.ibm.com ibm -- security_verify_directory   IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445. 2024-03-22 4.8 CVE-2022-32754 psirt@us.ibm.com psirt@us.ibm.com ibm -- security_verify_governance   IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. 2024-03-20 5.9 CVE-2023-35888 psirt@us.ibm.com psirt@us.ibm.com ibm -- storage_protect_plus_server   The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. 2024-03-21 6.2 CVE-2024-27277 psirt@us.ibm.com psirt@us.ibm.com ibm -- storage_protect_plus_server   IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538. 2024-03-21 4.3 CVE-2023-47715 psirt@us.ibm.com psirt@us.ibm.com inc2734 -- smart_custom_fields   The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above, to retrieve post content that is password protected and/or private. 2024-03-20 4.3 CVE-2024-1995 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com infosatech -- revivepress_-_keep_your_old_content_evergreen   The RevivePress - Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them. 2024-03-20 4.3 CVE-2024-1844 security@wordfence.com security@wordfence.com security@wordfence.com isaacs -- node-tar   node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders. 2024-03-21 6.5 CVE-2024-28863 security-advisories@github.com security-advisories@github.com jan-peter_lambeck_&_3uu -- shariff_wrapper   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10. 2024-03-19 6.5 CVE-2024-29109 audit@patchstack.com jean-david_daviet -- download_media   Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2. 2024-03-21 4.3 CVE-2024-27190 audit@patchstack.com jegtheme -- jeg_elementor_kit   The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2024-1326 security@wordfence.com security@wordfence.com security@wordfence.com jegtheme -- jeg_elementor_kit   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2. 2024-03-19 6.5 CVE-2024-29101 audit@patchstack.com jetbrains -- teamcity   In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process 2024-03-21 4.2 CVE-2024-29880 cve@jetbrains.com jhpyle -- docassemble   Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch. 2024-03-21 6.1 CVE-2024-27290 security-advisories@github.com security-advisories@github.com jhpyle -- docassemble   Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch. 2024-03-21 6.1 CVE-2024-27291 security-advisories@github.com security-advisories@github.com jp2112 -- standout_color_boxes_and_buttons   The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2474 security@wordfence.com security@wordfence.com kilbot -- woocommerce_pos   The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id 2024-03-20 4.3 CVE-2024-2384 security@wordfence.com security@wordfence.com kishor-23 -- food_waste_management_system   A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 5.3 CVE-2024-2557 cna@vuldb.com cna@vuldb.com cna@vuldb.com lakernote -- easyadmin   A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257715. 2024-03-22 6.3 CVE-2024-2825 cna@vuldb.com cna@vuldb.com cna@vuldb.com lakernote -- easyadmin   A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716. 2024-03-22 6.3 CVE-2024-2826 cna@vuldb.com cna@vuldb.com cna@vuldb.com lakernote -- easyadmin   A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257717 was assigned to this vulnerability. 2024-03-22 6.3 CVE-2024-2827 cna@vuldb.com cna@vuldb.com cna@vuldb.com lakernote -- easyadmin   A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 23165d8cb569048c531150f194fea39f8800b8d5. It is recommended to apply a patch to fix this issue. VDB-257718 is the identifier assigned to this vulnerability. 2024-03-22 6.3 CVE-2024-2828 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com latchset -- jwcrypto   JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. 2024-03-21 6.8 CVE-2024-28102 security-advisories@github.com security-advisories@github.com leap13 -- premium_addons_for_elementor   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16. 2024-03-19 6.5 CVE-2024-29106 audit@patchstack.com leevio -- happy_addons_for_elementor   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. 2024-03-19 6.5 CVE-2024-29108 audit@patchstack.com liquidpoll -- liquidpoll_-_polls,_surveys,_nps_and_feedback_reviews   The LiquidPoll - Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private. 2024-03-22 4.3 CVE-2024-2080 security@wordfence.com security@wordfence.com magenet -- website_article_monetization_by_magenet   The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.1 CVE-2024-1379 security@wordfence.com security@wordfence.com magesh-k21 -- online-college-event-hall-reservation-system   A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256971. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 6.3 CVE-2024-2534 cna@vuldb.com cna@vuldb.com cna@vuldb.com matt_manning -- mjm_clinic   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic.This issue affects MJM Clinic: from n/a through 1.1.22. 2024-03-19 6.5 CVE-2024-29096 audit@patchstack.com matt_manning -- mjm_clinic   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic allows Stored XSS.This issue affects MJM Clinic: from n/a through 1.1.22. 2024-03-19 5.9 CVE-2024-29140 audit@patchstack.com matthias-wandel -- jhead   A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711. 2024-03-22 6.3 CVE-2024-2824 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com mbis -- permalink_manager_pro   The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts. 2024-03-20 5.4 CVE-2024-2538 security@wordfence.com security@wordfence.com security@wordfence.com melapress -- wp_2fa   Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. 2024-03-21 5.3 CVE-2022-44595 audit@patchstack.com microsoft -- microsoft_edge_(chromium-based)   Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2024-03-22 4.7 CVE-2024-26247 secure@microsoft.com microsoft -- microsoft_edge_(chromium-based)   Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-03-22 4.3 CVE-2024-29057 secure@microsoft.com microsoft -- microsoft_edge_for_android   Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability 2024-03-21 4.3 CVE-2024-26196 secure@microsoft.com moby -- moby   Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well. When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs. Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly. In addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver. When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself. As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved. Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected. Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers. Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address. Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace. 2024-03-20 5.9 CVE-2024-29018 security-advisories@github.com security-advisories@github.com moveaddons -- move_addons_for_elementor   The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-2131 security@wordfence.com security@wordfence.com n-media -- frontend_file_manager   Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. 2024-03-17 5.3 CVE-2024-25903 audit@patchstack.com n/a -- 74cms   A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060. 2024-03-17 6.3 CVE-2024-2561 cna@vuldb.com cna@vuldb.com cna@vuldb.com n/a -- black   Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. 2024-03-19 5.3 CVE-2024-21503 report@snyk.io report@snyk.io report@snyk.io n/a -- dedecms   A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2820 cna@vuldb.com cna@vuldb.com cna@vuldb.com n/a -- dedecms   A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2821 cna@vuldb.com cna@vuldb.com cna@vuldb.com n/a -- dedecms   A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2822 cna@vuldb.com cna@vuldb.com cna@vuldb.com n/a -- dedecms   A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2823 cna@vuldb.com cna@vuldb.com cna@vuldb.com n/a -- gnutls   A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. 2024-03-21 5.3 CVE-2024-28834 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com n/a -- gnutls   A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. 2024-03-21 5 CVE-2024-28835 secalert@redhat.com secalert@redhat.com secalert@redhat.com n/a -- iperf   A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service. 2024-03-18 5.3 CVE-2023-7250 secalert@redhat.com secalert@redhat.com n/a -- libvirt   A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. 2024-03-21 6.2 CVE-2024-2494 secalert@redhat.com secalert@redhat.com secalert@redhat.com n/a -- libvirt   A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. 2024-03-18 5 CVE-2024-2496 secalert@redhat.com secalert@redhat.com n/a -- livewire/livewire   Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it. 2024-03-19 6.1 CVE-2024-21504 report@snyk.io report@snyk.io report@snyk.io report@snyk.io n/a -- osbuild-composer   A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. 2024-03-19 6.1 CVE-2024-2307 secalert@redhat.com secalert@redhat.com n/a -- zhicms   A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255269 was assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2015 cna@vuldb.com cna@vuldb.com cna@vuldb.com n/a -- zhicms   A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability. 2024-03-21 6.3 CVE-2024-2016 cna@vuldb.com cna@vuldb.com cna@vuldb.com nasirahmed -- advanced_form_integration_-_connect_woocommerce_and_contact_form_7_to_google_sheets_and_other_platforms   The Advanced Form Integration - Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the 'integration_id' parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries and subsequently inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-03-20 6.1 CVE-2024-2387 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com netentsec -- ns-asg_application_security_gateway   A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/addfirewall.php. The manipulation of the argument FireWallTableArray leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 6.3 CVE-2024-2644 cna@vuldb.com cna@vuldb.com cna@vuldb.com netentsec -- ns-asg_application_security_gateway   A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257284. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 6.3 CVE-2024-2646 cna@vuldb.com cna@vuldb.com cna@vuldb.com netentsec -- ns-asg_application_security_gateway   A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257287. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 6.3 CVE-2024-2649 cna@vuldb.com cna@vuldb.com cna@vuldb.com netentsec -- ns-asg_application_security_gateway   A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257283. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 4.3 CVE-2024-2645 cna@vuldb.com cna@vuldb.com cna@vuldb.com netentsec -- ns-asg_application_security_gateway   A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257286 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 4.3 CVE-2024-2648 cna@vuldb.com cna@vuldb.com cna@vuldb.com octoprint -- octoprint   OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the "Test" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers. 2024-03-18 4 CVE-2024-28237 security-advisories@github.com security-advisories@github.com openbmb -- xagent   A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-255265 was assigned to this vulnerability. 2024-03-21 5.3 CVE-2024-2007 cna@vuldb.com cna@vuldb.com cna@vuldb.com opentext -- service_management_automation_x_(smax)   Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11; and Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. 2024-03-19 6.5 CVE-2023-32259 security@opentext.com opentext -- service_management_automation_x_(smax)   Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; Asset Management X (AMX) versions: 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; and Hybrid Cloud Management X (HCMX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05. 2024-03-19 6.5 CVE-2023-32260 security@opentext.com openzeppelin -- openzeppelin-contracts   OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6. 2024-03-21 6.5 CVE-2024-27094 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com osamaesh -- wp_visitor_statistics_(real_time_traffic)   Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4. 2024-03-17 5.3 CVE-2024-24867 audit@patchstack.com pandaxgo -- pandax   A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/role_menu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257061 was assigned to this vulnerability. 2024-03-17 6.3 CVE-2024-2562 cna@vuldb.com cna@vuldb.com cna@vuldb.com pandaxgo -- pandax   A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257063. 2024-03-17 6.3 CVE-2024-2564 cna@vuldb.com cna@vuldb.com cna@vuldb.com pandaxgo -- pandax   A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257064. 2024-03-17 6.3 CVE-2024-2565 cna@vuldb.com cna@vuldb.com cna@vuldb.com pandaxgo -- pandax   A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability. 2024-03-17 5.4 CVE-2024-2563 cna@vuldb.com cna@vuldb.com cna@vuldb.com pandora_fms -- pandora_fms   : Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776. 2024-03-19 6.7 CVE-2023-41793 security@pandorafms.com pandora_fms -- pandora_fms   Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700 through <776. 2024-03-19 6.8 CVE-2023-44090 security@pandorafms.com paul_ryley -- site_reviews   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Ryley Site Reviews allows Stored XSS.This issue affects Site Reviews: from n/a through 6.11.6. 2024-03-19 5.9 CVE-2024-29095 audit@patchstack.com pdf_embedder -- pdf_embedder   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. 2024-03-19 6.5 CVE-2024-29141 audit@patchstack.com pepro_dev._group -- peprodev_ultimate_invoice   Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7. 2024-03-17 5.3 CVE-2024-25933 audit@patchstack.com pickplugins -- user_profile   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins User profile allows Stored XSS.This issue affects User profile: from n/a through 2.0.20. 2024-03-19 6.3 CVE-2024-29097 audit@patchstack.com progress_software -- moveit_transfer   In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. 2024-03-20 4.3 CVE-2024-2291 security@progress.com security@progress.com python_software_foundation -- cpython   An issue was found in the CPython `zipfile` module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. 2024-03-19 6.2 CVE-2024-0450 cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org cna@python.org qiskit -- qiskit-ibm-runtime   Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue. 2024-03-20 5.3 CVE-2024-29032 security-advisories@github.com security-advisories@github.com security-advisories@github.com railmedia -- order_tip_for_woocommerce   The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees. 2024-03-20 5.3 CVE-2024-1119 security@wordfence.com security@wordfence.com security@wordfence.com realmag777 -- bear   Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4. 2024-03-23 4.3 CVE-2024-24835 audit@patchstack.com remyb92 -- translate_wordpress_and_go_multilingual_-_weglot   The Translate WordPress and go Multilingual - Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2124 security@wordfence.com security@wordfence.com security@wordfence.com repute_infosystems -- armember_-_membership_plugin_content_restriction_member_levels_user_profile_&_user_signup   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember - Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember - Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: from n/a through 4.0.23. 2024-03-21 5.9 CVE-2024-27995 audit@patchstack.com rewardsfuel -- contests_by_rewards_fuel   The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'update_rewards_fuel_api_key' parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-1787 security@wordfence.com security@wordfence.com rewardsfuel -- contests_by_rewards_fuel   The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajax_handler() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site's user with the edit_posts capability into performing an action such as clicking on a link. 2024-03-20 5.4 CVE-2024-1785 security@wordfence.com security@wordfence.com rubengc -- gamipress_-_button   The GamiPress - Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2460 security@wordfence.com security@wordfence.com ruijie -- rg-nbs2009g-p   A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-19 5.3 CVE-2024-2641 cna@vuldb.com cna@vuldb.com cna@vuldb.com saleor -- storefront   Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`. 2024-03-20 4.3 CVE-2024-29036 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com save_as_pdf_plugin_by_pdfcrowd -- word_replacer_pro   Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0. 2024-03-20 6.5 CVE-2023-52229 audit@patchstack.com scrollsequence -- scrollsequence   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scrollsequence allows Stored XSS.This issue affects Scrollsequence: from n/a through 1.5.4. 2024-03-19 6.5 CVE-2024-29118 audit@patchstack.com sjaved -- easy_social_feed_-_social_photos_gallery_-_post_feed_-_like_box   The Easy Social Feed - Social Photos Gallery - Post Feed - Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efb_likebox' shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-21 6.4 CVE-2024-1278 security@wordfence.com security@wordfence.com sjaved -- easy_social_feed_-_social_photos_gallery_-_post_feed_-_like_box   The Easy Social Feed - Social Photos Gallery - Post Feed - Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and efbl_save_facebook_access_token functions. This makes it possible for unauthenticated attackers to connect their facebook and instagram pages to the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-21 5.4 CVE-2024-1213 security@wordfence.com security@wordfence.com sjaved -- easy_social_feed_-_social_photos_gallery_-_post_feed_-_like_box   The Easy Social Feed - Social Photos Gallery - Post Feed - Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for unauthenticated attackers to disconnect a site's facebook or instagram page/group connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-21 4.3 CVE-2024-1214 security@wordfence.com security@wordfence.com sonatype -- iq_server   Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue. 2024-03-21 5.4 CVE-2024-1142 103e4ec9-0a87-450b-af77-479448ddef11 sourcecodester -- complete_e-commerce_site   A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544. 2024-03-21 4.7 CVE-2024-2754 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability. 2024-03-17 6.3 CVE-2024-2554 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257054 is the identifier assigned to this vulnerability. 2024-03-17 6.3 CVE-2024-2555 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- employee_task_management_system   A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055. 2024-03-17 6.3 CVE-2024-2556 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- file_manager_app   A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability. 2024-03-18 6.3 CVE-2024-2604 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- online_discussion_forum_site   A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file /uupdate.php. The manipulation of the argument ima leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257388. 2024-03-20 6.3 CVE-2024-2690 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- simple_file_manager   A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability. 2024-03-23 6.3 CVE-2024-2849 cna@vuldb.com cna@vuldb.com cna@vuldb.com spring -- spring   Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An application is not vulnerable when a Public Client uses PKCE for the Authorization Code Grant. 2024-03-20 6.1 CVE-2024-22258 security@vmware.com supercleanse -- pretty_links_-_affiliate_links_link_branding_link_tracking_&_marketing_plugin   The Pretty Links - Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-03-23 4.3 CVE-2024-2326 security@wordfence.com security@wordfence.com survey_maker_team -- survey_maker   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5. 2024-03-19 5.9 CVE-2024-27996 audit@patchstack.com tenda -- ac10u   A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257458 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-20 6.3 CVE-2024-2707 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 6.3 CVE-2024-2812 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2816 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac15   A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-22 4.3 CVE-2024-2817 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac18   A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 4.3 CVE-2024-2559 cna@vuldb.com cna@vuldb.com cna@vuldb.com tenda -- ac18   A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 4.3 CVE-2024-2560 cna@vuldb.com cna@vuldb.com cna@vuldb.com themefic -- tourfic   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic allows Stored XSS.This issue affects Tourfic: from n/a through 2.11.8. 2024-03-19 6.5 CVE-2024-29134 audit@patchstack.com themegrill -- colormag   The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-22 6.4 CVE-2024-2500 security@wordfence.com security@wordfence.com security@wordfence.com themelocation -- custom_woocommerce_checkout_fields_editor   The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-1697 security@wordfence.com security@wordfence.com security@wordfence.com themeum -- tutor_lms_-_elearning_and_online_course_solution   The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. 2024-03-21 5.4 CVE-2024-1502 security@wordfence.com security@wordfence.com themeum -- tutor_lms_-_elearning_and_online_course_solution   The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erase_tutor_data() function. This makes it possible for unauthenticated attackers to deactivate the plugin and erase all data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This requires the "Erase upon uninstallation" option to be enabled. 2024-03-21 4.3 CVE-2024-1503 security@wordfence.com security@wordfence.com timersys -- wp_popups   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5. 2024-03-19 5.9 CVE-2024-29105 audit@patchstack.com tobias_conrad -- builder_for_woocommerce_reviews_shortcodes_-_reviewshort   Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes - ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes - ReviewShort: from n/a through 1.01.3. 2024-03-19 4.3 CVE-2024-29093 audit@patchstack.com visualcomposer -- visual_composer_website_builder   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.6.0. 2024-03-19 5.9 CVE-2024-27997 audit@patchstack.com w3_eden_inc -- download_manager   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through 3.2.84. 2024-03-19 6.5 CVE-2024-29114 audit@patchstack.com webtoffee -- woocommerce_pdf_invoices_packing_slips_delivery_notes_and_shipping_labels   The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing. 2024-03-22 6.1 CVE-2024-0957 security@wordfence.com security@wordfence.com webvitaly -- sitekit   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webvitaly Sitekit allows Stored XSS.This issue affects Sitekit: from n/a through 1.6. 2024-03-19 6.5 CVE-2024-29111 audit@patchstack.com wp_marketing_robot -- woocommerce_google_feed_manager   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0. 2024-03-19 5.9 CVE-2024-29112 audit@patchstack.com wpbits -- wpbits_addons_for_elementor_page_builder   The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2129 security@wordfence.com security@wordfence.com wpcoder -- wp_coder   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5. 2024-03-21 5.9 CVE-2024-2578 audit@patchstack.com wpdevteam -- embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos_audios_maps_&_embed_any_documents_in_gutenberg_&_elemento   The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 5.4 CVE-2024-2688 security@wordfence.com security@wordfence.com wpdevteam -- embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos_audios_maps_&_embed_any_documents_in_gutenberg_&_elementor   The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-23 6.4 CVE-2024-2468 security@wordfence.com security@wordfence.com wpdevteam -- essential_blocks_-_page_builder_gutenberg_blocks-patterns_&_templates   The Essential Blocks - Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.5.2 due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-03-20 6.4 CVE-2024-2255 security@wordfence.com security@wordfence.com security@wordfence.com wpfunnels_team -- wpfunnels   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6. 2024-03-21 5.9 CVE-2024-27965 audit@patchstack.com wpvibes -- elementor_addon_elements   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.12.10. 2024-03-19 6.5 CVE-2024-29107 audit@patchstack.com zaytech -- smart_online_order_for_clover   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. 2024-03-19 6.5 CVE-2024-29115 audit@patchstack.com zimma_ltd. -- ticket_tailor   Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through 1.10. 2024-03-19 6.5 CVE-2024-29104 audit@patchstack.com zulip -- zulip   Zulip is an open-source team collaboration. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a private stream, Zulip would successfully move the message, -- but active users who did not have access to the private stream, but whose client had already received the message, would continue to see the message in the public stream until they reloaded their client. Additionally, Zulip did not remove view permissions on the message from recently-active users, allowing the message to show up in the "All messages" view or in search results, but not in "Inbox" or "Recent conversations" views. While the bug has been present since moving messages between streams was first introduced in version 3.0, this option became much more common starting in Zulip 8.0, when the default option in the picker for moving the very last message in a conversation was changed. This issue is fixed in Zulip Server 8.3. No known workarounds are available. 2024-03-20 6.5 CVE-2024-27286 security-advisories@github.com security-advisories@github.com Back to top   Low Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- adobe_experience_manager   Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. 2024-03-18 3.4 CVE-2024-26051 psirt@adobe.com campcodes -- complete_online_dj_booking_system   A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/user-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257468. 2024-03-20 3.5 CVE-2024-2715 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_dj_booking_system   A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument email leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257469 was assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2716 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_dj_booking_system   A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257470 is the identifier assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2717 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_dj_booking_system   A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257471. 2024-03-20 3.5 CVE-2024-2718 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_dj_booking_system   A vulnerability classified as problematic has been found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257472. 2024-03-20 3.5 CVE-2024-2719 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- complete_online_dj_booking_system   A vulnerability classified as problematic was found in Campcodes Complete Online DJ Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257473 was assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2720 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vacancy/index.php. The manipulation of the argument view leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257379. 2024-03-20 3.5 CVE-2024-2679 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257380. 2024-03-20 3.5 CVE-2024-2680 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/employee/index.php. The manipulation of the argument view leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257381 was assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2681 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability classified as problematic has been found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/employee/controller.php. The manipulation of the argument EMPLOYEEID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257382 is the identifier assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2682 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability classified as problematic was found in Campcodes Online Job Finder System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/company/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257383. 2024-03-20 3.5 CVE-2024-2683 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability, which was classified as problematic, has been found in Campcodes Online Job Finder System 1.0. Affected by this issue is some unknown functionality of the file /admin/category/index.php. The manipulation of the argument view leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257384. 2024-03-20 3.5 CVE-2024-2684 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability, which was classified as problematic, was found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/applicants/index.php. The manipulation of the argument view leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257385 was assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2685 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_job_finder_system   A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257386 is the identifier assigned to this vulnerability. 2024-03-20 3.5 CVE-2024-2686 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_marriage_registration_system   A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257607. 2024-03-21 3.5 CVE-2024-2773 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_marriage_registration_system   A vulnerability, which was classified as problematic, has been found in Campcodes Online Marriage Registration System 1.0. This issue affects some unknown processing of the file /user/user-profile.php. The manipulation of the argument lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257609 was assigned to this vulnerability. 2024-03-21 3.5 CVE-2024-2775 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_marriage_registration_system   A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257612. 2024-03-22 3.5 CVE-2024-2778 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_marriage_registration_system   A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257613 was assigned to this vulnerability. 2024-03-22 3.5 CVE-2024-2779 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_marriage_registration_system   A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257614 is the identifier assigned to this vulnerability. 2024-03-22 3.5 CVE-2024-2780 cna@vuldb.com cna@vuldb.com cna@vuldb.com campcodes -- online_shopping_system   A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752. 2024-03-23 3.5 CVE-2024-2832 cna@vuldb.com cna@vuldb.com cna@vuldb.com checkmk_gmbh -- checkmk   Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. 2024-03-22 3.8 CVE-2024-1742 security@checkmk.com clickhouse -- clickhouse   ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn't have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not. 2024-03-18 2.4 CVE-2024-22412 security-advisories@github.com security-advisories@github.com security-advisories@github.com ibm -- security_verify_directory   IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507. 2024-03-22 2.7 CVE-2022-32756 psirt@us.ibm.com psirt@us.ibm.com ilicmiljan -- secure-props   SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as `\n`. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). The patch for the issue has been released. Users are advised to update to version 1.2.2. As a workaround, one may use the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic. This workaround is safe but may involve double encoding since `TagAwareCipher` uses `NullEncoder` by default. 2024-03-18 2.6 CVE-2024-28864 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com kaspersky -- kaspersky_password_manager_for_windows   Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials. 2024-03-22 2.2 CVE-2023-23349 vulnerability@kaspersky.com magesh-k21 -- online-college-event-hall-reservation-system   A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-03-17 3.5 CVE-2024-2535 cna@vuldb.com cna@vuldb.com cna@vuldb.com sourcecodester -- product_review_rating_system   A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257052. 2024-03-17 3.5 CVE-2024-2553 cna@vuldb.com cna@vuldb.com cna@vuldb.com umbraco -- umbraco-cms   Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins. 2024-03-20 3.7 CVE-2024-28868 security-advisories@github.com security-advisories@github.com Back to top   Severity Not Yet Assigned Primary Vendor -- Product Description Published CVSS Score Source & Patch Info N/A -- N/A   In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag. 2024-03-18 not yet calculated CVE-2018-25099 cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account. 2024-03-21 not yet calculated CVE-2020-26942 cve@mitre.org N/A -- N/A   The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. 2024-03-18 not yet calculated CVE-2021-47154 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. 2024-03-18 not yet calculated CVE-2021-47155 cve@mitre.org cve@mitre.org N/A -- N/A   The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. 2024-03-18 not yet calculated CVE-2021-47156 cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. 2024-03-18 not yet calculated CVE-2021-47157 cve@mitre.org cve@mitre.org N/A -- N/A   Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later. 2024-03-18 not yet calculated CVE-2022-47036 cve@mitre.org N/A -- N/A   Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. 2024-03-18 not yet calculated CVE-2022-47037 cve@mitre.org N/A -- N/A   SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php. 2024-03-21 not yet calculated CVE-2023-38825 cve@mitre.org cve@mitre.org N/A -- N/A   An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp. 2024-03-19 not yet calculated CVE-2023-40275 cve@mitre.org cve@mitre.org N/A -- N/A   An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp. 2024-03-19 not yet calculated CVE-2023-40276 cve@mitre.org cve@mitre.org N/A -- N/A   An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter. 2024-03-19 not yet calculated CVE-2023-40277 cve@mitre.org cve@mitre.org N/A -- N/A   An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message. 2024-03-19 not yet calculated CVE-2023-40278 cve@mitre.org cve@mitre.org N/A -- N/A   An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do. 2024-03-19 not yet calculated CVE-2023-40279 cve@mitre.org cve@mitre.org N/A -- N/A   An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp. 2024-03-19 not yet calculated CVE-2023-40280 cve@mitre.org cve@mitre.org N/A -- N/A   In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.(from a regular user to SYSTEM). 2024-03-22 not yet calculated CVE-2023-41099 cve@mitre.org N/A -- N/A   A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php. 2024-03-21 not yet calculated CVE-2023-48901 cve@mitre.org N/A -- N/A   An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php. 2024-03-21 not yet calculated CVE-2023-48902 cve@mitre.org N/A -- N/A   Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php. 2024-03-21 not yet calculated CVE-2023-48903 cve@mitre.org N/A -- N/A   Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. 2024-03-21 not yet calculated CVE-2023-49978 cve@mitre.org cve@mitre.org N/A -- N/A   A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. 2024-03-21 not yet calculated CVE-2023-49979 cve@mitre.org cve@mitre.org N/A -- N/A   A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. 2024-03-21 not yet calculated CVE-2023-49980 cve@mitre.org cve@mitre.org N/A -- N/A   A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. 2024-03-21 not yet calculated CVE-2023-49981 cve@mitre.org cve@mitre.org N/A -- N/A   Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. 2024-03-21 not yet calculated CVE-2023-49982 cve@mitre.org cve@mitre.org N/A -- N/A   A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. 2024-03-21 not yet calculated CVE-2023-49983 cve@mitre.org cve@mitre.org N/A -- N/A   A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. 2024-03-21 not yet calculated CVE-2023-49984 cve@mitre.org cve@mitre.org N/A -- N/A   A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter. 2024-03-21 not yet calculated CVE-2023-49985 cve@mitre.org cve@mitre.org N/A -- N/A   An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the "computer" POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one. 2024-03-19 not yet calculated CVE-2023-50811 cve@mitre.org N/A -- N/A   erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header. 2024-03-19 not yet calculated CVE-2023-50966 cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. 2024-03-20 not yet calculated CVE-2023-50967 cve@mitre.org cve@mitre.org N/A -- N/A   A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry. 2024-03-18 not yet calculated CVE-2023-52159 cve@mitre.org N/A -- N/A   An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. 2024-03-20 not yet calculated CVE-2024-22077 cve@mitre.org N/A -- N/A   An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. 2024-03-20 not yet calculated CVE-2024-22078 cve@mitre.org N/A -- N/A   An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. 2024-03-20 not yet calculated CVE-2024-22079 cve@mitre.org N/A -- N/A   An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing. 2024-03-20 not yet calculated CVE-2024-22080 cve@mitre.org N/A -- N/A   An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. 2024-03-20 not yet calculated CVE-2024-22081 cve@mitre.org N/A -- N/A   An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system. 2024-03-20 not yet calculated CVE-2024-22082 cve@mitre.org N/A -- N/A   An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. 2024-03-20 not yet calculated CVE-2024-22083 cve@mitre.org N/A -- N/A   An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. 2024-03-20 not yet calculated CVE-2024-22084 cve@mitre.org N/A -- N/A   An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. 2024-03-20 not yet calculated CVE-2024-22085 cve@mitre.org N/A -- N/A   An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. 2024-03-21 not yet calculated CVE-2024-22724 cve@mitre.org cve@mitre.org N/A -- N/A   A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information. 2024-03-20 not yet calculated CVE-2024-23721 cve@mitre.org cve@mitre.org N/A -- N/A   ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. 2024-03-23 not yet calculated CVE-2024-23755 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. 2024-03-21 not yet calculated CVE-2024-24028 cve@mitre.org N/A -- N/A   Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php. 2024-03-20 not yet calculated CVE-2024-24050 cve@mitre.org N/A -- N/A   SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. 2024-03-21 not yet calculated CVE-2024-24110 cve@mitre.org N/A -- N/A   Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command. 2024-03-18 not yet calculated CVE-2024-24230 cve@mitre.org N/A -- N/A   An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret. 2024-03-21 not yet calculated CVE-2024-24272 cve@mitre.org N/A -- N/A   A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and '/members/members-home.pl' endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and 'Patrons Restriction' components. 2024-03-19 not yet calculated CVE-2024-24336 cve@mitre.org N/A -- N/A   An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. 2024-03-21 not yet calculated CVE-2024-24520 cve@mitre.org cve@mitre.org N/A -- N/A   FusionPBX before 5.2.0 does not validate a session. 2024-03-18 not yet calculated CVE-2024-24539 cve@mitre.org cve@mitre.org N/A -- N/A   Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI. 2024-03-23 not yet calculated CVE-2024-24725 cve@mitre.org cve@mitre.org N/A -- N/A   Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. 2024-03-21 not yet calculated CVE-2024-25167 cve@mitre.org N/A -- N/A   SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface. 2024-03-22 not yet calculated CVE-2024-25168 cve@mitre.org N/A -- N/A   SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. 2024-03-21 not yet calculated CVE-2024-25239 cve@mitre.org N/A -- N/A   An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. 2024-03-20 not yet calculated CVE-2024-25294 cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file. 2024-03-21 not yet calculated CVE-2024-25359 cve@mitre.org N/A -- N/A   Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. 2024-03-18 not yet calculated CVE-2024-25654 cve@mitre.org N/A -- N/A   Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP. 2024-03-18 not yet calculated CVE-2024-25655 cve@mitre.org N/A -- N/A   Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and, ultimately, affect the entire product. 2024-03-18 not yet calculated CVE-2024-25656 cve@mitre.org N/A -- N/A   An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. 2024-03-18 not yet calculated CVE-2024-25657 cve@mitre.org N/A -- N/A   Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. 2024-03-22 not yet calculated CVE-2024-25807 cve@mitre.org N/A -- N/A   Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. 2024-03-22 not yet calculated CVE-2024-25808 cve@mitre.org N/A -- N/A   An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. 2024-03-21 not yet calculated CVE-2024-25811 cve@mitre.org N/A -- N/A   An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data. 2024-03-19 not yet calculated CVE-2024-26369 cve@mitre.org cve@mitre.org N/A -- N/A   Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. 2024-03-22 not yet calculated CVE-2024-26557 cve@mitre.org N/A -- N/A   A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. 2024-03-21 not yet calculated CVE-2024-27626 cve@mitre.org N/A -- N/A   An issue in GLPI v.10.0.12 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the title field. 2024-03-15 not yet calculated CVE-2024-27756 cve@mitre.org N/A -- N/A   flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024." 2024-03-18 not yet calculated CVE-2024-27757 cve@mitre.org N/A -- N/A   Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware. 2024-03-18 not yet calculated CVE-2024-28054 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Time Server 1, Time Server 2, Time Server 3, Target, Add Keyword, Add Domain, and Add Allowed Domain. 2024-03-19 not yet calculated CVE-2024-28092 cve@mitre.org N/A -- N/A   There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. 2024-03-19 not yet calculated CVE-2024-28283 cve@mitre.org N/A -- N/A   In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash 2024-03-21 not yet calculated CVE-2024-28286 cve@mitre.org N/A -- N/A   Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php. 2024-03-19 not yet calculated CVE-2024-28303 cve@mitre.org cve@mitre.org N/A -- N/A   gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325 2024-03-15 not yet calculated CVE-2024-28318 cve@mitre.org N/A -- N/A   gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374 2024-03-15 not yet calculated CVE-2024-28319 cve@mitre.org N/A -- N/A   There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges. 2024-03-15 not yet calculated CVE-2024-28353 cve@mitre.org N/A -- N/A   There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges. 2024-03-15 not yet calculated CVE-2024-28354 cve@mitre.org N/A -- N/A   SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method. 2024-03-19 not yet calculated CVE-2024-28389 cve@mitre.org N/A -- N/A   SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. 2024-03-20 not yet calculated CVE-2024-28392 cve@mitre.org cve@mitre.org N/A -- N/A   An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. 2024-03-19 not yet calculated CVE-2024-28394 cve@mitre.org cve@mitre.org N/A -- N/A   SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. 2024-03-20 not yet calculated CVE-2024-28395 cve@mitre.org cve@mitre.org N/A -- N/A   An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. 2024-03-20 not yet calculated CVE-2024-28396 cve@mitre.org cve@mitre.org N/A -- N/A   TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. 2024-03-15 not yet calculated CVE-2024-28401 cve@mitre.org cve@mitre.org N/A -- N/A   TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page. 2024-03-15 not yet calculated CVE-2024-28403 cve@mitre.org cve@mitre.org N/A -- N/A   TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. 2024-03-15 not yet calculated CVE-2024-28404 cve@mitre.org cve@mitre.org N/A -- N/A   File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. 2024-03-22 not yet calculated CVE-2024-28441 cve@mitre.org N/A -- N/A   Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi. 2024-03-19 not yet calculated CVE-2024-28446 cve@mitre.org N/A -- N/A   Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi. 2024-03-19 not yet calculated CVE-2024-28447 cve@mitre.org N/A -- N/A   SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component. 2024-03-21 not yet calculated CVE-2024-28521 cve@mitre.org N/A -- N/A   Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. 2024-03-18 not yet calculated CVE-2024-28537 cve@mitre.org N/A -- N/A   Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. 2024-03-18 not yet calculated CVE-2024-28547 cve@mitre.org N/A -- N/A   Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function. 2024-03-18 not yet calculated CVE-2024-28550 cve@mitre.org N/A -- N/A   SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. 2024-03-22 not yet calculated CVE-2024-28559 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. 2024-03-22 not yet calculated CVE-2024-28560 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format. 2024-03-20 not yet calculated CVE-2024-28562 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format. 2024-03-20 not yet calculated CVE-2024-28563 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format. 2024-03-20 not yet calculated CVE-2024-28564 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format. 2024-03-20 not yet calculated CVE-2024-28565 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format. 2024-03-20 not yet calculated CVE-2024-28566 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format. 2024-03-20 not yet calculated CVE-2024-28567 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format. 2024-03-20 not yet calculated CVE-2024-28568 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format. 2024-03-20 not yet calculated CVE-2024-28569 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28570 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28571 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28572 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28573 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format. 2024-03-20 not yet calculated CVE-2024-28574 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format. 2024-03-20 not yet calculated CVE-2024-28575 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format. 2024-03-20 not yet calculated CVE-2024-28576 cve@mitre.org N/A -- N/A   Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format. 2024-03-20 not yet calculated CVE-2024-28577 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format. 2024-03-20 not yet calculated CVE-2024-28578 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format. 2024-03-20 not yet calculated CVE-2024-28579 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format. 2024-03-20 not yet calculated CVE-2024-28580 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format. 2024-03-20 not yet calculated CVE-2024-28581 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format. 2024-03-20 not yet calculated CVE-2024-28582 cve@mitre.org N/A -- N/A   Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format. 2024-03-20 not yet calculated CVE-2024-28583 cve@mitre.org N/A -- N/A   Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format. 2024-03-20 not yet calculated CVE-2024-28584 cve@mitre.org N/A -- N/A   The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle." 2024-03-22 not yet calculated CVE-2024-28593 cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php. 2024-03-19 not yet calculated CVE-2024-28595 cve@mitre.org N/A -- N/A   Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. 2024-03-21 not yet calculated CVE-2024-28635 cve@mitre.org cve@mitre.org N/A -- N/A   Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint. 2024-03-19 not yet calculated CVE-2024-28715 cve@mitre.org N/A -- N/A   Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter. 2024-03-19 not yet calculated CVE-2024-28734 cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function. 2024-03-20 not yet calculated CVE-2024-28735 cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. 2024-03-21 not yet calculated CVE-2024-29131 security@apache.org N/A -- N/A   Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. 2024-03-18 not yet calculated CVE-2024-29151 cve@mitre.org N/A -- N/A   In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information. 2024-03-18 not yet calculated CVE-2024-29156 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. 2024-03-21 not yet calculated CVE-2024-29243 cve@mitre.org N/A -- N/A   Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi. 2024-03-21 not yet calculated CVE-2024-29244 cve@mitre.org N/A -- N/A   Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. 2024-03-22 not yet calculated CVE-2024-29271 cve@mitre.org cve@mitre.org N/A -- N/A   Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. 2024-03-22 not yet calculated CVE-2024-29272 cve@mitre.org cve@mitre.org N/A -- N/A   There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. 2024-03-22 not yet calculated CVE-2024-29273 cve@mitre.org N/A -- N/A   SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. 2024-03-22 not yet calculated CVE-2024-29275 cve@mitre.org N/A -- N/A   Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2. 2024-03-22 not yet calculated CVE-2024-29338 cve@mitre.org N/A -- N/A   A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. 2024-03-22 not yet calculated CVE-2024-29366 cve@mitre.org cve@mitre.org N/A -- N/A   A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter. 2024-03-21 not yet calculated CVE-2024-29374 cve@mitre.org N/A -- N/A   DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. 2024-03-22 not yet calculated CVE-2024-29385 cve@mitre.org cve@mitre.org N/A -- N/A   There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. 2024-03-20 not yet calculated CVE-2024-29419 cve@mitre.org cve@mitre.org N/A -- N/A   A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. 2024-03-20 not yet calculated CVE-2024-29469 cve@mitre.org N/A -- N/A   OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. 2024-03-20 not yet calculated CVE-2024-29470 cve@mitre.org N/A -- N/A   OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. 2024-03-20 not yet calculated CVE-2024-29471 cve@mitre.org N/A -- N/A   OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. 2024-03-20 not yet calculated CVE-2024-29472 cve@mitre.org N/A -- N/A   OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. 2024-03-20 not yet calculated CVE-2024-29473 cve@mitre.org N/A -- N/A   OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. 2024-03-20 not yet calculated CVE-2024-29474 cve@mitre.org N/A -- N/A   Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. 2024-03-22 not yet calculated CVE-2024-29499 cve@mitre.org N/A -- N/A   In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. 2024-03-21 not yet calculated CVE-2024-29858 cve@mitre.org N/A -- N/A   In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. 2024-03-21 not yet calculated CVE-2024-29859 cve@mitre.org N/A -- N/A   The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state. 2024-03-21 not yet calculated CVE-2024-29862 cve@mitre.org cve@mitre.org N/A -- N/A   Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. 2024-03-21 not yet calculated CVE-2024-29864 cve@mitre.org cve@mitre.org N/A -- N/A   Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. 2024-03-22 not yet calculated CVE-2024-29865 cve@mitre.org N/A -- N/A   Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. 2024-03-21 not yet calculated CVE-2024-29866 cve@mitre.org cve@mitre.org N/A -- N/A   The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series. 2024-03-21 not yet calculated CVE-2024-29916 cve@mitre.org cve@mitre.org cve@mitre.org N/A -- N/A   An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. 2024-03-22 not yet calculated CVE-2024-29943 security@mozilla.org security@mozilla.org N/A -- N/A   An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. 2024-03-22 not yet calculated CVE-2024-29944 security@mozilla.org security@mozilla.org security@mozilla.org a.k.i_software -- pmc.exe   Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. 2024-03-18 not yet calculated CVE-2023-39223 vultures@jpcert.or.jp vultures@jpcert.or.jp a.k.i_software -- pmman.exe_(standard_edition)   Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot. 2024-03-18 not yet calculated CVE-2023-40747 vultures@jpcert.or.jp vultures@jpcert.or.jp a.k.i_software_ -- pmc.exe   Insufficient verification vulnerability exists in Broadcast Mail CGI (pmc.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may execute an arbitrary executable file with the web server's execution privilege. 2024-03-18 not yet calculated CVE-2023-39933 vultures@jpcert.or.jp vultures@jpcert.or.jp a.k.i_software_ -- pmmls.exe   Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server. 2024-03-18 not yet calculated CVE-2023-40160 vultures@jpcert.or.jp vultures@jpcert.or.jp abematv,_inc. -- 'abema'_app_for_android   Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack. 2024-03-18 not yet calculated CVE-2024-28745 vultures@jpcert.or. apache_software_foundation -- apache_commons_configuration   Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. 2024-03-21 not yet calculated CVE-2024-29133 security@apache.org apache_software_foundation -- apache_doris   Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue. 2024-03-21 not yet calculated CVE-2024-26307 security@apache.org apache_software_foundation -- apache_doris   Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue. 2024-03-21 not yet calculated CVE-2024-27438 security@apache.org apache_software_foundation -- apache_hop_engine   Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client. 2024-03-19 not yet calculated CVE-2024-24683 security@apache.org apache_software_foundation -- apache_wicket   An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue. 2024-03-19 not yet calculated CVE-2024-27439 security@apache.org artica_tech -- artica_proxy   The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user. 2024-03-21 not yet calculated CVE-2024-2053 cve@takeonme.org cve@takeonme.org artica_tech -- artica_proxy   The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. 2024-03-21 not yet calculated CVE-2024-2054 cve@takeonme.org cve@takeonme.org atlassian -- confluence_data_center   This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was reported via our Bug Bounty program. 2024-03-19 not yet calculated CVE-2024-21677 security@atlassian.com security@atlassian.com autodesk -- dwg_trueview   A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. 2024-03-18 not yet calculated CVE-2024-23138 psirt@autodesk.com autodesk -- fbx_review   An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code "ABC" files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2024-03-18 not yet calculated CVE-2024-23139 psirt@autodesk.com brother_industries,_ltd -- multiple_printers_and_scanners   Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-03-18 not yet calculated CVE-2024-21824 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp brother_industries,_ltd -- multiple_printers_and_scanners   Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-03-18 not yet calculated CVE-2024-22475 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp cdex_psa -- cdex   Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1. 2024-03-21 not yet calculated CVE-2024-2463 cvd@cert.pl cvd@cert.pl cvd@cert.pl cdex_psa -- cdex   This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1. 2024-03-21 not yet calculated CVE-2024-2464 cvd@cert.pl cvd@cert.pl cvd@cert.pl cdex_psa -- cdex   Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. 2024-03-21 not yet calculated CVE-2024-2465 cvd@cert.pl cvd@cert.pl cvd@cert.pl claris -- filemaker_pro   Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS. 2024-03-19 not yet calculated CVE-2023-42920 product-security@apple.com claris -- filemaker_server   A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests. 2024-03-21 not yet calculated CVE-2023-42954 product-security@apple.com david_artiss -- code_embed   Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6. 2024-03-21 not yet calculated CVE-2023-49837 audit@patchstack.com fujifilm_business_inovation_corp. -- docuprint_p450_d   Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]. 2024-03-18 not yet calculated CVE-2024-27974 vultures@jpcert.or.jp vultures@jpcert.or.jp google -- chrome   Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) 2024-03-20 not yet calculated CVE-2024-2625 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com google -- chrome   Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2626 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com google -- chrome   Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2627 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com google -- chrome   Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2628 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com google -- chrome   Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2629 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com google -- chrome   Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 2024-03-20 not yet calculated CVE-2024-2630 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com google -- chrome   Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) 2024-03-20 not yet calculated CVE-2024-2631 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com gradio-app -- gradio-app/gradio   To prevent malicious 3rd party websites from making requests to Gradio applications running locally, this PR tightens the CORS rules around Gradio applications. In particular, it checks to see if the host header is localhost (or one of its aliases) and if so, it requires the origin header (if present) to be localhost (or one of its aliases) as well. 2024-03-21 not yet calculated CVE-2024-1727 security@huntr.dev security@huntr.dev hp_inc -- certain_hp_officejet_pro_printers   Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request. 2024-03-22 not yet calculated CVE-2023-4063 hp-security-alert@hp.com linux -- linux   In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput() and do_exit() Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero() first. This can race with Task B do_exit() and the final mmput() refcount decrement will come from Task A. Task A | Task B ------------------+------------------ mmget_not_zero() | | do_exit() | exit_mm() | mmput() mmput() | exit_mmap() | remove_vma() | fput() | In this case, the work of ____fput() from Task B is queued up in Task A as TWA_RESUME. So in theory, Task A returns to userspace and the cleanup work gets executed. However, Task A instead sleep, waiting for a reply from Task B that never comes (it's dead). This means the binder_deferred_release() is blocked until an unrelated binder event forces Task A to go back to userspace. All the associated death notifications will also be delayed until then. In order to fix this use mmput_async() that will schedule the work in the corresponding mm->async_put_work WQ instead of Task A. 2024-03-18 not yet calculated CVE-2023-52609 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph which is not straightforward. However when frags arrive out of order, nobody unref the last frag, and all frags are leaked. The situation is even worse, as initiating packet capture can lead to a crash[0] when skb has been cloned and shared at the same time. Fix the issue by removing skb_get() before defragmentation. act_ct returns TC_ACT_CONSUMED when defrag failed or in progress. [0]: [ 843.804823] ------------[ cut here ]------------ [ 843.809659] kernel BUG at net/core/skbuff.c:2091! [ 843.814516] invalid opcode: 0000 [#1] PREEMPT SMP [ 843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2 [ 843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022 [ 843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300 [ 843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b <0f> 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89 [ 843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202 [ 843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820 [ 843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00 [ 843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000 [ 843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880 [ 843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900 [ 843.871680] FS: 0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000 [ 843.876242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0 [ 843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 843.894229] PKRU: 55555554 [ 843.898539] Call Trace: [ 843.902772] <IRQ> [ 843.906922] ? __die_body+0x1e/0x60 [ 843.911032] ? die+0x3c/0x60 [ 843.915037] ? do_trap+0xe2/0x110 [ 843.918911] ? pskb_expand_head+0x2ac/0x300 [ 843.922687] ? do_error_trap+0x65/0x80 [ 843.926342] ? pskb_expand_head+0x2ac/0x300 [ 843.929905] ? exc_invalid_op+0x50/0x60 [ 843.933398] ? pskb_expand_head+0x2ac/0x300 [ 843.936835] ? asm_exc_invalid_op+0x1a/0x20 [ 843.940226] ? pskb_expand_head+0x2ac/0x300 [ 843.943580] inet_frag_reasm_prepare+0xd1/0x240 [ 843.946904] ip_defrag+0x5d4/0x870 [ 843.950132] nf_ct_handle_fragments+0xec/0x130 [nf_conntrack] [ 843.953334] tcf_ct_act+0x252/0xd90 [act_ct] [ 843.956473] ? tcf_mirred_act+0x516/0x5a0 [act_mirred] [ 843.959657] tcf_action_exec+0xa1/0x160 [ 843.962823] fl_classify+0x1db/0x1f0 [cls_flower] [ 843.966010] ? skb_clone+0x53/0xc0 [ 843.969173] tcf_classify+0x24d/0x420 [ 843.972333] tc_run+0x8f/0xf0 [ 843.975465] __netif_receive_skb_core+0x67a/0x1080 [ 843.978634] ? dev_gro_receive+0x249/0x730 [ 843.981759] __netif_receive_skb_list_core+0x12d/0x260 [ 843.984869] netif_receive_skb_list_internal+0x1cb/0x2f0 [ 843.987957] ? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core] [ 843.991170] napi_complete_done+0x72/0x1a0 [ 843.994305] mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core] [ 843.997501] __napi_poll+0x25/0x1b0 [ 844.000627] net_rx_action+0x256/0x330 [ 844.003705] __do_softirq+0xb3/0x29b [ 844.006718] irq_exit_rcu+0x9e/0xc0 [ 844.009672] common_interrupt+0x86/0xa0 [ 844.012537] </IRQ> [ 844.015285] <TASK> [ 844.017937] asm_common_interrupt+0x26/0x40 [ 844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20 [ 844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb ---truncated--- 2024-03-18 not yet calculated CVE-2023-52610 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comes with an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetooth combo card. The error he observed is identical to what has been fixed in commit e967229ead0e ("wifi: rtw88: sdio: Check the HISR RX_REQUEST bit in rtw_sdio_rx_isr()") but that commit didn't fix Lukas' problem. Lukas found that disabling or limiting RX aggregation works around the problem for some time (but does not fully fix it). In the following discussion a few key topics have been discussed which have an impact on this problem: - The Amlogic A311D (G12B) SoC has a hardware bug in the SDIO controller which prevents DMA transfers. Instead all transfers need to go through the controller SRAM which limits transfers to 1536 bytes - rtw88 chips don't split incoming (RX) packets, so if a big packet is received this is forwarded to the host in it's original form - rtw88 chips can do RX aggregation, meaning more multiple incoming packets can be pulled by the host from the card with one MMC/SDIO transfer. This Depends on settings in the REG_RXDMA_AGG_PG_TH register (BIT_RXDMA_AGG_PG_TH limits the number of packets that will be aggregated, BIT_DMA_AGG_TO_V1 configures a timeout for aggregation and BIT_EN_PRE_CALC makes the chip honor the limits more effectively) Use multiple consecutive reads in rtw_sdio_read_port() and limit the number of bytes which are copied by the host from the card in one MMC/SDIO transfer. This allows receiving a buffer that's larger than the hosts max_req_size (number of bytes which can be transferred in one MMC/SDIO transfer). As a result of this the skb_over_panic error is gone as the rtw88 driver is now able to receive more than 1536 bytes from the card (either because the incoming packet is larger than that or because multiple packets have been aggregated). In case of an receive errors (-EILSEQ has been observed by Lukas) we need to drain the remaining data from the card's buffer, otherwise the card will return corrupt data for the next rtw_sdio_read_port() call. 2024-03-18 not yet calculated CVE-2023-52611 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem. 2024-03-18 not yet calculated CVE-2023-52612 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment PTR_ERR() returns -ENODEV when thermal-zones are undefined, and we need -ENODEV as the right value for comparison. Otherwise, tz->type is NULL when thermal-zones is undefined, resulting in the following error: [ 12.290030] CPU 1 Unable to handle kernel paging request at virtual address fffffffffffffff1, era == 900000000355f410, ra == 90000000031579b8 [ 12.302877] Oops[#1]: [ 12.305190] CPU: 1 PID: 181 Comm: systemd-udevd Not tainted 6.6.0-rc7+ #5385 [ 12.312304] pc 900000000355f410 ra 90000000031579b8 tp 90000001069e8000 sp 90000001069eba10 [ 12.320739] a0 0000000000000000 a1 fffffffffffffff1 a2 0000000000000014 a3 0000000000000001 [ 12.329173] a4 90000001069eb990 a5 0000000000000001 a6 0000000000001001 a7 900000010003431c [ 12.337606] t0 fffffffffffffff1 t1 54567fd5da9b4fd4 t2 900000010614ec40 t3 00000000000dc901 [ 12.346041] t4 0000000000000000 t5 0000000000000004 t6 900000010614ee20 t7 900000000d00b790 [ 12.354472] t8 00000000000dc901 u0 54567fd5da9b4fd4 s9 900000000402ae10 s0 900000010614ec40 [ 12.362916] s1 90000000039fced0 s2 ffffffffffffffed s3 ffffffffffffffed s4 9000000003acc000 [ 12.362931] s5 0000000000000004 s6 fffffffffffff000 s7 0000000000000490 s8 90000001028b2ec8 [ 12.362938] ra: 90000000031579b8 thermal_add_hwmon_sysfs+0x258/0x300 [ 12.386411] ERA: 900000000355f410 strscpy+0xf0/0x160 [ 12.391626] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 12.397898] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 12.403678] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 12.409859] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 12.415882] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 12.415907] BADV: fffffffffffffff1 [ 12.415911] PRID: 0014a000 (Loongson-64bit, Loongson-2K1000) [ 12.415917] Modules linked in: loongson2_thermal(+) vfat fat uio_pdrv_genirq uio fuse zram zsmalloc [ 12.415950] Process systemd-udevd (pid: 181, threadinfo=00000000358b9718, task=00000000ace72fe3) [ 12.415961] Stack : 0000000000000dc0 54567fd5da9b4fd4 900000000402ae10 9000000002df9358 [ 12.415982] ffffffffffffffed 0000000000000004 9000000107a10aa8 90000001002a3410 [ 12.415999] ffffffffffffffed ffffffffffffffed 9000000107a11268 9000000003157ab0 [ 12.416016] 9000000107a10aa8 ffffff80020fc0c8 90000001002a3410 ffffffffffffffed [ 12.416032] 0000000000000024 ffffff80020cc1e8 900000000402b2a0 9000000003acc000 [ 12.416048] 90000001002a3410 0000000000000000 ffffff80020f4030 90000001002a3410 [ 12.416065] 0000000000000000 9000000002df6808 90000001002a3410 0000000000000000 [ 12.416081] ffffff80020f4030 0000000000000000 90000001002a3410 9000000002df2ba8 [ 12.416097] 00000000000000b4 90000001002a34f4 90000001002a3410 0000000000000002 [ 12.416114] ffffff80020f4030 fffffffffffffff0 90000001002a3410 9000000002df2f30 [ 12.416131] ... [ 12.416138] Call Trace: [ 12.416142] [<900000000355f410>] strscpy+0xf0/0x160 [ 12.416167] [<90000000031579b8>] thermal_add_hwmon_sysfs+0x258/0x300 [ 12.416183] [<9000000003157ab0>] devm_thermal_add_hwmon_sysfs+0x50/0xe0 [ 12.416200] [<ffffff80020cc1e8>] loongson2_thermal_probe+0x128/0x200 [loongson2_thermal] [ 12.416232] [<9000000002df6808>] platform_probe+0x68/0x140 [ 12.416249] [<9000000002df2ba8>] really_probe+0xc8/0x3c0 [ 12.416269] [<9000000002df2f30>] __driver_probe_device+0x90/0x180 [ 12.416286] [<9000000002df3058>] driver_probe_device+0x38/0x160 [ 12.416302] [<9000000002df33a8>] __driver_attach+0xa8/0x200 [ 12.416314] [<9000000002deffec>] bus_for_each_dev+0x8c/0x120 [ 12.416330] [<9000000002df198c>] bus_add_driver+0x10c/0x2a0 [ 12.416346] [<9000000002df46b4>] driver_register+0x74/0x160 [ 12.416358] [<90000000022201a4>] do_one_initcall+0x84/0x220 [ 12.416372] [<90000000022f3ab8>] do_init_module+0x58/0x2c0 [ ---truncated--- 2024-03-18 not yet calculated CVE-2023-52613 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error. 2024-03-18 not yet calculated CVE-2023-52614 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks. Fix this by using a stack buffer when calling copy_to_user. 2024-03-18 not yet calculated CVE-2023-52615 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this issue was ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will be triggered when calculating the Za value for SM2 separately. 2024-03-18 not yet calculated CVE-2023-52616 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove(). Otherwise the last ref would vanish with the trailing put_device(), just before return. At that later point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev pointer. Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent future accidents. Reproducible via the script at https://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com 2024-03-18 not yet calculated CVE-2023-52617 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "dev_search_path" can technically be as large as PATH_MAX, there was a risk of truncation when copying it and a second string into "full_path" since it was also PATH_MAX sized. The W=1 builds were reporting this warning: drivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra': drivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] 616 | snprintf(full_path, PATH_MAX, "%s/%s", | ^~ In function 'rnbd_srv_get_full_path', inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096 616 | snprintf(full_path, PATH_MAX, "%s/%s", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 617 | dev_search_path, dev_name); | ~~~~~~~~~~~~~~~~~~~~~~~~~~ To fix this, unconditionally check for truncation (as was already done for the case where "%SESSNAME%" was present). 2024-03-18 not yet calculated CVE-2023-52618 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 = BASE addr of zone1 = BASE + zone_size addr of zone2 = BASE + zone_size*2 ... The address of zone1/3/5/7 will be mapped to non-alignment va. Eventually crashes will occur when accessing these va. So, use ALIGN_DOWN() to make sure the zone size is even to avoid this bug. 2024-03-18 not yet calculated CVE-2023-52619 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. 2024-03-21 not yet calculated CVE-2023-52620 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with mutex_lock() and mutex_unlock() accordingly as these functions should only be called with mc_lock per their declarations. [1] BUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work write to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0: mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline] ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725 addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949 addrconf_notify+0x310/0x980 notifier_call_chain kernel/notifier.c:93 [inline] raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461 __dev_notify_flags+0x205/0x3d0 dev_change_flags+0xab/0xd0 net/core/dev.c:8685 do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916 rtnl_group_changelink net/core/rtnetlink.c:3458 [inline] __rtnl_newlink net/core/rtnetlink.c:3717 [inline] rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754 rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910 ... write to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1: mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700 worker_thread+0x525/0x730 kernel/workqueue.c:2781 ... 2024-03-18 not yet calculated CVE-2024-26631 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bio_for_each_folio_all If the bio contains no data, bio_first_folio() calls page_folio() on a NULL pointer and oopses. Move the test that we've reached the end of the bio from bio_next_folio() to bio_first_folio(). [axboe: add unlikely() to error case] 2024-03-18 not yet calculated CVE-2024-26632 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms ---truncated--- 2024-03-18 not yet calculated CVE-2024-26633 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of init_net get "refunded" to init_net when that namespace disappears. The main interface name may get overwritten in the process if it would have conflicted. We need to also discard all conflicting altnames. Recent fixes addressed ensuring that altnames get moved with the main interface, which surfaced this problem. 2024-03-18 not yet calculated CVE-2024-26634 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16) llc_conn_handler() initialises local variables {saddr,daddr}.mac based on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes them to __llc_lookup(). However, the initialisation is done only when skb->protocol is htons(ETH_P_802_2), otherwise, __llc_lookup_established() and __llc_lookup_listener() will read garbage. The missing initialisation existed prior to commit 211ed865108e ("net: delete all instances of special processing for token ring"). It removed the part to kick out the token ring stuff but forgot to close the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv(). Let's remove llc_tr_packet_type and complete the deprecation. [0]: BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90 __llc_lookup_established+0xe9d/0xf90 __llc_lookup net/llc/llc_conn.c:611 [inline] llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 __netif_receive_skb_one_core net/core/dev.c:5527 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641 netif_receive_skb_internal net/core/dev.c:5727 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5786 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x1490 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Local variable daddr created at: llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 2024-03-18 not yet calculated CVE-2024-26635 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others, llc_ui_sendmsg() releases the socket lock before calling sock_alloc_send_skb(). Then it acquires it again, but does not redo all the sanity checks that were performed. This fix: - Uses LL_RESERVED_SPACE() to reserve space. - Check all conditions again after socket lock is held again. - Do not account Ethernet header for mtu limitation. [1] skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0 kernel BUG at net/core/skbuff.c:193 ! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_panic net/core/skbuff.c:189 [inline] pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 lr : skb_panic net/core/skbuff.c:189 [inline] lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 sp : ffff800096f97000 x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000 x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2 x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0 x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001 x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400 x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089 Call trace: skb_panic net/core/skbuff.c:189 [inline] skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 skb_push+0xf0/0x108 net/core/skbuff.c:2451 eth_header+0x44/0x1f8 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3188 [inline] llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33 llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209 llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270 llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x194/0x274 net/socket.c:767 splice_to_socket+0x7cc/0xd58 fs/splice.c:881 do_splice_from fs/splice.c:933 [inline] direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142 splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088 do_splice_direct+0x20c/0x348 fs/splice.c:1194 do_sendfile+0x4bc/0xc70 fs/read_write.c:1254 __do_sys_sendfile64 fs/read_write.c:1322 [inline] __se_sys_sendfile64 fs/read_write.c:1308 [inline] __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000) 2024-03-18 not yet calculated CVE-2024-26636 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing a ath11k to crash when it tried to delete the entries later. Fix this by relying on mac80211 to delete the entries when appropriate and adding them from the vif_add_debugfs handler. 2024-03-18 not yet calculated CVE-2024-26637 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we should always make sure their values is zero by default. [1] BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x12b/0x1e0 net/socket.c:1066 __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700 worker_thread+0xf45/0x1490 kernel/workqueue.c:2781 kthread+0x3ed/0x540 kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Local variable msg created at: __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863 CPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: nbd5-recv recv_work 2024-03-18 not yet calculated CVE-2024-26638 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: mm, kmsan: fix infinite recursion due to RCU critical section Alexander Potapenko writes in [1]: "For every memory access in the code instrumented by KMSAN we call kmsan_get_metadata() to obtain the metadata for the memory being accessed. For virtual memory the metadata pointers are stored in the corresponding `struct page`, therefore we need to call virt_to_page() to get them. According to the comment in arch/x86/include/asm/page.h, virt_to_page(kaddr) returns a valid pointer iff virt_addr_valid(kaddr) is true, so KMSAN needs to call virt_addr_valid() as well. To avoid recursion, kmsan_get_metadata() must not call instrumented code, therefore ./arch/x86/include/asm/kmsan.h forks parts of arch/x86/mm/physaddr.c to check whether a virtual address is valid or not. But the introduction of rcu_read_lock() to pfn_valid() added instrumented RCU API calls to virt_to_page_or_null(), which is called by kmsan_get_metadata(), so there is an infinite recursion now. I do not think it is correct to stop that recursion by doing kmsan_enter_runtime()/kmsan_exit_runtime() in kmsan_get_metadata(): that would prevent instrumented functions called from within the runtime from tracking the shadow values, which might introduce false positives." Fix the issue by switching pfn_valid() to the _sched() variant of rcu_read_lock/unlock(), which does not require calling into RCU. Given the critical section in pfn_valid() is very small, this is a reasonable trade-off (with preemptible RCU). KMSAN further needs to be careful to suppress calls into the scheduler, which would be another source of recursion. This can be done by wrapping the call to pfn_valid() into preempt_disable/enable_no_resched(). The downside is that this sacrifices breaking scheduling guarantees; however, a kernel compiled with KMSAN has already given up any performance guarantees due to being heavily instrumented. Note, KMSAN code already disables tracing via Makefile, and since mmzone.h is included, it is not necessary to use the notrace variant, which is generally preferred in all other cases. 2024-03-18 not yet calculated CVE-2024-26639 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) 2024-03-18 not yet calculated CVE-2024-26640 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 2024-03-18 not yet calculated CVE-2024-26641 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. 2024-03-21 not yet calculated CVE-2024-26642 416baaa9-dc9f-4396-8d5f-8c081fb06d67 linux -- linux   In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on transaction abort"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too. 2024-03-21 not yet calculated CVE-2024-26643 416baaa9-dc9f-4396-8d5f-8c081fb06d67 mikrotik -- routeros-tftp   Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources. 2024-03-19 not yet calculated CVE-2024-2169 cret@cert.org cret@cert.org mozilla -- firefox   NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2023-5388 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org mozilla -- firefox   An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2605 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org mozilla -- firefox   Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. 2024-03-19 not yet calculated CVE-2024-2606 security@mozilla.org security@mozilla.org mozilla -- firefox   Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2607 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org mozilla -- firefox   `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2608 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org mozilla -- firefox   The permission prompt input delay could have expired while the window is not in focus, which made the prompt vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124. 2024-03-19 not yet calculated CVE-2024-2609 security@mozilla.org security@mozilla.org mozilla -- firefox   Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2610 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org mozilla -- firefox   A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2611 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org mozilla -- firefox   If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2612 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org mozilla -- firefox   Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. 2024-03-19 not yet calculated CVE-2024-2613 security@mozilla.org security@mozilla.org mozilla -- firefox   Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2614 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org mozilla -- firefox   Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124. 2024-03-19 not yet calculated CVE-2024-2615 security@mozilla.org security@mozilla.org mozilla -- firefox   To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. 2024-03-19 not yet calculated CVE-2024-2616 security@mozilla.org security@mozilla.org security@mozilla.org security@mozilla.org node.js -- node.js   setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21. 2024-03-19 not yet calculated CVE-2024-22017 support@hackerone.com node.js -- node.js   A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration. 2024-03-19 not yet calculated CVE-2024-22025 support@hackerone.com paddlepaddle -- paddlepaddle/paddle   paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. 2024-03-23 not yet calculated CVE-2024-1603 security@huntr.dev unclebob -- fitnesse   Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters. 2024-03-18 not yet calculated CVE-2024-23604 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp unclebob -- fitnesse   Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition. 2024-03-18 not yet calculated CVE-2024-28039 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp unclebob -- fitnesse   FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. 2024-03-18 not yet calculated CVE-2024-28125 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp unclebob -- fitnesse   Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter. 2024-03-18 not yet calculated CVE-2024-28128 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp unknown -- advanced_social_feeds_widget_&_shortcode   The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-03-18 not yet calculated CVE-2024-0951 contact@wpscan.com unknown -- appointment_booking_calendar   The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. 2024-03-20 not yet calculated CVE-2024-0856 contact@wpscan.com unknown -- backup_bolt   The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. 2024-03-18 not yet calculated CVE-2023-7236 contact@wpscan.com unknown -- buttons_shortcode_and_widget   The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2024-03-18 not yet calculated CVE-2024-0711 contact@wpscan.com unknown -- enjoy_social_feed_plugin_for_wordpress_website   The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example 2024-03-18 not yet calculated CVE-2024-0779 contact@wpscan.com unknown -- enjoy_social_feed_plugin_for_wordpress_website   The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action 2024-03-18 not yet calculated CVE-2024-0780 contact@wpscan.com unknown -- error_log_viewer_by_bestwebsoft   The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization 2024-03-18 not yet calculated CVE-2023-6821 contact@wpscan.com unknown -- fancy_product_designer   The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. 2024-03-18 not yet calculated CVE-2024-0365 contact@wpscan.com unknown -- grid_shortcodes   The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-03-18 not yet calculated CVE-2024-1658 contact@wpscan.com unknown -- innovs_hr   The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. 2024-03-18 not yet calculated CVE-2024-0858 contact@wpscan.com unknown -- jobs_for_wordpress   The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks 2024-03-18 not yet calculated CVE-2024-0820 contact@wpscan.com unknown -- profile_box_shortcode_and_widget   The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-03-19 not yet calculated CVE-2024-1401 contact@wpscan.com unknown -- responsive_pricing_table   The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks 2024-03-18 not yet calculated CVE-2024-1333 contact@wpscan.com unknown -- scalable_vector_graphics_(svg)   The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. 2024-03-18 not yet calculated CVE-2023-7085 contact@wpscan.com unknown -- simple_ajax_chat_   The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. 2024-03-20 not yet calculated CVE-2024-1983 contact@wpscan.com unknown -- system_dashboard   The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks 2024-03-20 not yet calculated CVE-2023-7246 contact@wpscan.com unknown -- tabs_shortcode_and_widget   The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-03-18 not yet calculated CVE-2024-0719 contact@wpscan.com unknown -- team_members   The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. 2024-03-18 not yet calculated CVE-2024-1331 contact@wpscan.com unknown -- travelpayouts:_all_travel_brands_in_one_place   The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. 2024-03-20 not yet calculated CVE-2024-0337 contact@wpscan.com unknown -- widget_for_social_page_feeds   The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-03-18 not yet calculated CVE-2024-0973 contact@wpscan.com xen -- xen   PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the IDs of functions that are otherwise unpopulated. This allows a device to extend the number of outstanding requests. Such phantom functions need an IOMMU context setup, but failure to setup the context is not fatal when the device is assigned. Not failing device assignment when such failure happens can lead to the primary device being assigned to a guest, while some of the phantom functions are assigned to a different domain. 2024-03-20 not yet calculated CVE-2023-46839 security@xen.org xen -- xen   Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. 2024-03-20 not yet calculated CVE-2023-46840 security@xen.org xen -- xen   Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called "shadow stacks", holding little more than return addresses. Shadow stacks aren't writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn't right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing. 2024-03-20 not yet calculated CVE-2023-46841 security@xen.org security@xen.org Back to top

  • CISA Warns Of Active Exploitation Of Flaws In Fortinet, Ivanti, & Nice Linear
    par Eswar le 26 mars 2024 à 10h12

    A recent security alert warns of three critical vulnerabilities actively exploited in the wild, of which the first is CVE-2023-48788, an SQL injection vulnerability in Fortinet FortiClient EMS. Attackers can use SQL injection vulnerabilities to insert malicious SQL code into a program that depends on a database.  It can give attackers unauthorized access to sensitive information, modify data, or disrupt operations. The second vulnerability (CVE-2021-44529) is a code injection vulnerability present in the Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA). Document Free Webinar : Mitigating Vulnerability & 0-day Threats Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. : The problem of vulnerability fatigue today Difference between CVSS-specific vulnerability vs risk-based vulnerability Evaluating vulnerabilities based on the business impact/risk Automation to reduce alert fatigue and enhance security posture significantly AcuRisQ, that helps you to quantify risk accurately: Book Your spot Code injection vulnerabilities allow attackers to inject malicious code into a legitimate program or application. In the case of CVE-2021-44529, it enables attackers to take control of the EPM CSA server, steal data, or install malware.  The third vulnerability (CVE-2019-7256) is an OS command injection vulnerability found in Nice Linear eMerge E3-Series devices, which allows attackers to execute arbitrary commands on the operating system of the affected device.  It can grant attackers complete control over the device, allowing them to steal data, install malware, or disrupt critical systems, as all three of these vulnerabilities are classified as critical due to the potential severity of an exploit. As per CISA , a recent security alert highlights three critical vulnerabilities actively exploited by malicious actors, posing a significant risk to federal systems and affecting the following software and devices, which many people use: Nice Linear eMerge E3-Series devices (CVE-2019-7256), which may be used for IP telephony or videoconferencing, Fortinet FortiClient EMS (CVE-2023-48788); and Ivanti Endpoint Manager Cloud Service Appliance (EEM CSA, CVE-2021-44529).  Example of SQL Injection The vulnerabilities themselves cover different injection techniques but achieve similar results: attackers can inject malicious code to gain unauthorized access, steal data, install malware, or disrupt system operations.  The vulnerabilities align with the established Binding Operational Directive (BOD) 22-01, which identified known exploited vulnerabilities as a major threat to federal systems.  The BOD mandates Federal Civilian Executive Branch (FCEB) agencies to address such vulnerabilities by designated due dates to safeguard their networks from active exploitation. A security alert underscores the critical importance of promptly addressing vulnerabilities listed in a central catalog, known as vulnerability management, which is essential for maintaining a strong cybersecurity posture.  It involves proactively identifying, classifying, prioritizing, and remediating security weaknesses in systems and applications, while a specific directive (BOD 22-01) mandates vulnerability management for certain agencies, but all organizations are urged to follow suit.  Attackers are actively utilizing critical vulnerabilities in the central catalog and taking various forms, including SQL injection, code injection, and OS command injection vulnerabilities.  In a successful SQL injection attack, for instance, attackers can inject malicious SQL code into a program to steal data or disrupt operations, while code injection vulnerabilities allow attackers to inject malicious code into a target system to achieve similar ends.  OS command injection vulnerabilities grant attackers the ability to execute arbitrary commands on the operating system, potentially giving them full control over the affected device. Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter. The post CISA Warns Of Active Exploitation Of Flaws In Fortinet, Ivanti, & Nice Linear appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

  • CVE-2024-29199 | Nautobot bis 1.6.15/2.1.8 URL Endpoint Information Disclosure (GHSA-m732-wvh2-7cq4)
    par vuldb.com le 26 mars 2024 à 7h32

    Es wurde eine problematische Schwachstelle in Nautobot bis 1.6.15/2.1.8 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Komponente URL Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine Information Disclosure-Schwachstelle ausgenutzt werden. Auf github.com kann das Advisory eingesehen werden. Die Verwundbarkeit wird unter CVE-2024-29199 geführt. Der Angriff kann über das Netzwerk passieren. Es ist soweit kein Exploit verfügbar. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

A lire également