High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — adobe_commerce |
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but the attack complexity is high. | 2024-04-10 | 9 | CVE-2024-20758 psirt@adobe.com |
| adobe — adobe_commerce |
Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality and integrity are considered high due to having admin impact. | 2024-04-10 | 8.1 | CVE-2024-20759 psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-20795 psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-20797 psirt@adobe.com |
| adobe — illustrator |
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-30271 psirt@adobe.com |
| adobe — illustrator |
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-30272 psirt@adobe.com |
| adobe — illustrator |
Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 7.8 | CVE-2024-30273 psirt@adobe.com |
| adobe — media_encoder |
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 7.8 | CVE-2024-20772 psirt@adobe.com |
| andy_moyle — church_admin |
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5. | 2024-04-07 | 9.9 | CVE-2024-31280 audit@patchstack.com |
| binary-husky — gpt_academic |
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version. | 2024-04-08 | 9.8 | CVE-2024-31224 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| bitdefender — gravityzone_control_center_(on_premises) |
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | 2024-04-09 | 8.1 | CVE-2024-2223 cve-requests@bitdefender.com |
| bitdefender — gravityzone_control_center_(on_premises) |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | 2024-04-09 | 8.1 | CVE-2024-2224 cve-requests@bitdefender.com |
| britner — gutenberg_blocks_by_kadence_blocks_-_page_builder_features |
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the ‘kadence_import_get_new_connection_data’ AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-04-09 | 8.5 | CVE-2023-6964 security@wordfence.com security@wordfence.com |
| campcodes — church_management_system |
A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259904. | 2024-04-10 | 7.3 | CVE-2024-3534 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — church_management_system |
A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259905 was assigned to this vulnerability. | 2024-04-10 | 7.3 | CVE-2024-3535 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| cbutlerjr — wp-members_membership_plugin |
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. This vulnerability was partially patched in version 3.4.9.2, and was fully patched in 3.4.9.3. | 2024-04-09 | 7.2 | CVE-2024-1852 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| codeisawesome — aikit |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through 4.14.1. | 2024-04-09 | 8.5 | CVE-2024-31370 audit@patchstack.com |
| contao — contao |
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages. | 2024-04-09 | 8.3 | CVE-2024-28235 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| conveythis — language_translate_widget_for_wordpress_conveythis |
The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 7.2 | CVE-2023-6811 security@wordfence.com security@wordfence.com |
| croixhaug — appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin |
The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-2341 security@wordfence.com security@wordfence.com |
| croixhaug — appointment_booking_calendar_-_simply_schedule_appointments_booking_plugin |
The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-2342 security@wordfence.com security@wordfence.com |
| customily — customily_product_personalizer |
The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. We unfortunately could not get in touch with the vendor through various means to disclose this issue. | 2024-04-09 | 7.2 | CVE-2024-1774 security@wordfence.com security@wordfence.com |
| cym1102 — nginxwebui |
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability. | 2024-04-13 | 7.3 | CVE-2024-3738 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| datafeedrcom — woocommerce_cloak_affiliate_links |
The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘permalink_settings_save’ function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin’s affiliate links. | 2024-04-09 | 7.5 | CVE-2024-1308 security@wordfence.com security@wordfence.com security@wordfence.com |
| dattateccom — envÂalosimple:_email_marketing_y_newsletters |
The EnvÃaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-04-09 | 8.8 | CVE-2024-2125 security@wordfence.com security@wordfence.com |
| dell — alienware_command_center_(awcc) |
Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise. | 2024-04-10 | 7.4 | CVE-2024-22450 security_alert@emc.com |
| devitemsllc — ht_mega_-_absolute_addons_for_elementor |
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.6 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-04-09 | 8.8 | CVE-2024-1974 security@wordfence.com security@wordfence.com security@wordfence.com |
| diracgrid — dirac |
DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process (e.g., when using `dirac-proxy-init`), it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy. This vulnerability only exists for a short period of time (sub-millsecond) during the generation process. Version 8.0.41 contains a patch for the issue. As a workaround, setting the `X509_USER_PROXY` environment variable to a path that is inside a directory that is only readable to the current user avoids the potential risk. After the file has been written, it can be safely copied to the standard location (`/tmp/x509up_uNNNN`). | 2024-04-09 | 8.1 | CVE-2024-29905 security-advisories@github.com security-advisories@github.com |
| eclipse_foundation — kura |
In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs. This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1] | 2024-04-09 | 7.5 | CVE-2024-3046 emo@eclipse.org |
| elextensions — elex_woocommerce_dynamic_pricing_and_discounts |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | 2024-04-07 | 7.1 | CVE-2024-31255 audit@patchstack.com |
| esphome — esphome |
ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue. | 2024-04-11 | 8.1 | CVE-2024-29019 security-advisories@github.com security-advisories@github.com |
| fastify — fastify-secure-session |
@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. Thus theoretically the web instance is still accessing the data from a server-side session, but technically that session is generated solely from a user provided cookie (which is assumed to be non-craftable because it is encrypted with a secret key not known to the user). The issue exists in the session removal process. In the delete function of the code, when the session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could keep using it forever. Version 7.3.0 contains a patch for the issue. As a workaround, one may include a “last update” field in the session, and treat “old sessions” as expired. | 2024-04-10 | 7.4 | CVE-2024-31999 security-advisories@github.com security-advisories@github.com |
| flipped-aurora — gin-vue-admin |
gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the `plugName` parameter. They can create specific folders such as `api`, `config`, `global`, `model`, `router`, `service`, and `main.go` function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter. The main reason for the existence of this vulnerability is the controllability of the PlugName field within the struct. Pseudoversion 0.0.0-20240409100909-b1b7427c6ea6, corresponding to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b, contains a patch for the issue. As a workaround, one may manually use a filtering method available in the GitHub Security Advisory to rectify the directory traversal problem. | 2024-04-09 | 7.7 | CVE-2024-31457 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| fortinet — forticlientlinux |
An improper control of generation of code (‘code injection’) in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website | 2024-04-09 | 9.6 | CVE-2023-45590 psirt@fortinet.com |
| fortinet — forticlientmac |
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | 2024-04-10 | 8.2 | CVE-2024-31492 psirt@fortinet.com |
| fortinet — fortios |
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack | 2024-04-09 | 7.5 | CVE-2023-41677 psirt@fortinet.com |
| fortinet — fortisandbox |
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | 2024-04-09 | 8.8 | CVE-2024-21755 psirt@fortinet.com |
| fortinet — fortisandbox |
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests.. | 2024-04-09 | 8.8 | CVE-2024-21756 psirt@fortinet.com |
| fortinet — fortisandbox |
A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 2024-04-09 | 8.1 | CVE-2024-23671 psirt@fortinet.com |
| funnelkit — funnelkit_checkout |
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | 2024-04-11 | 7.5 | CVE-2023-51672 audit@patchstack.com |
| gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. | 2024-04-12 | 8.7 | CVE-2024-2279 cve@gitlab.com cve@gitlab.com |
| gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims. | 2024-04-12 | 8.7 | CVE-2024-3092 cve@gitlab.com cve@gitlab.com |
| gowebsmarty — wp_encryption_-_one_click_free_ssl_certificate_&_ssl_/_https_redirect_to_force_https,_security+ |
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys | 2024-04-09 | 7.5 | CVE-2023-7046 security@wordfence.com security@wordfence.com |
| honeywell — c300 |
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-04-11 | 7.5 | CVE-2023-5392 psirt@honeywell.com |
| honeywell — experion_server |
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-04-11 | 7.4 | CVE-2023-5393 psirt@honeywell.com |
| honeywell — experion_server |
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. | 2024-04-11 | 7.4 | CVE-2023-5394 psirt@honeywell.com |
| ibm — security_verify_access_appliance |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | 2024-04-10 | 7.5 | CVE-2024-31871 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — security_verify_access_appliance |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | 2024-04-10 | 7.5 | CVE-2024-31872 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — security_verify_access_appliance |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. | 2024-04-10 | 7.5 | CVE-2024-31873 psirt@us.ibm.com psirt@us.ibm.com |
| infotheme — wp_poll_maker |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. | 2024-04-10 | 7.7 | CVE-2024-31240 audit@patchstack.com |
| iosix — io-1020_micro_eld |
IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code. | 2024-04-12 | 9.6 | CVE-2024-28878 ics-cert@hq.dhs.gov |
| iosix — io-1020_micro_eld |
IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. | 2024-04-12 | 7.4 | CVE-2024-30210 ics-cert@hq.dhs.gov |
| iosix — io-1020_micro_eld |
IO-1020 Micro ELD web server uses a default password for authentication. | 2024-04-12 | 7.4 | CVE-2024-31069 ics-cert@hq.dhs.gov |
| irontec — sngrep |
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of ‘Call-ID’ and ‘X-Call-ID’ SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages. | 2024-04-10 | 9 | CVE-2024-3119 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a |
| irontec — sngrep |
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying ‘Content-Length’ and ‘Warning’ headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages. | 2024-04-10 | 9 | CVE-2024-3120 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a 41c37e40-543d-43a2-b660-2fee83ea851a |
| j.n._breetvelt_a.k.a._opajaap — wp_photo_album_plus |
Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. | 2024-04-07 | 9.9 | CVE-2024-31286 audit@patchstack.com |
| jokr — network_summary |
The Network Summary plugin for WordPress is vulnerable to SQL Injection via the ‘category’ parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 9.8 | CVE-2024-2804 security@wordfence.com security@wordfence.com |
| jordy_meow — ai_engine:_chatgpt_chatbot |
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. | 2024-04-12 | 10 | CVE-2023-51409 audit@patchstack.com |
| jtsternberg — cmb2 |
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Please note that the plugin is a developer toolkit. For the vulnerability to become exploitable, the presence of a metabox activation in your code (via functions.php for example) is required. | 2024-04-09 | 7.5 | CVE-2024-1792 security@wordfence.com security@wordfence.com |
| juniper_networks — junos_os |
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095. | 2024-04-12 | 7.5 | CVE-2024-21598 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below). This issue affects: Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2; Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO. | 2024-04-12 | 7.5 | CVE-2024-30382 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3. | 2024-04-12 | 7.5 | CVE-2024-30392 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | 2024-04-12 | 7.5 | CVE-2024-30394 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2, 23.2R2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. This is a related but separate issue than the one described in JSA75739 | 2024-04-12 | 7.5 | CVE-2024-30395 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command: root@srx> show system processes extensive | match pkid xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS All versions prior to 20.4R3-S10; 21.2 versions prior to 21.2R3-S7; 21.4 versions prior to 21.4R3-S5; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S3; 22.3 versions prior to 22.3R3-S1; 22.4 versions prior to 22.4R3; 23.2 versions prior to 23.2R1-S2, 23.2R2. | 2024-04-12 | 7.5 | CVE-2024-30397 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS: 21.2 before 21.2R3-S7, 21.4 before 21.4R3-S6, 22.1 before 22.1R3-S5, 22.2 before 22.2R3-S3, 22.3 before 22.3R3-S2, 22.4 before 22.4R3, 23.2 before 23.2R1-S2, 23.2R2. | 2024-04-12 | 7.5 | CVE-2024-30398 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. | 2024-04-12 | 7.5 | CVE-2024-30405 sirt@juniper.net sirt@juniper.net |
| juniper_networks — paragon_active_assurance |
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The “netrounds-probe-login” daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0. | 2024-04-12 | 8.4 | CVE-2024-30381 sirt@juniper.net sirt@juniper.net |
| juniper_networks_inc. — crpd |
The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected. This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1. | 2024-04-12 | 8.1 | CVE-2024-30407 sirt@juniper.net sirt@juniper.net sirt@juniper.net |
| levelfourstorefront — shopping_cart_&_ecommerce_store |
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the ‘productid’ attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-12 | 8.8 | CVE-2024-3211 security@wordfence.com security@wordfence.com |
| lg — webos |
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 – 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA | 2024-04-09 | 9.1 | CVE-2023-6318 cve-requests@bitdefender.com |
| lg — webos |
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. * webOS 4.9.7 – 5.30.40 running on LG43UM7000PLA * webOS 5.5.0 – 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA | 2024-04-09 | 9.1 | CVE-2023-6319 cve-requests@bitdefender.com |
| lg — webos |
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 – 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB | 2024-04-09 | 9.1 | CVE-2023-6320 cve-requests@bitdefender.com |
| lg — webos |
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 – 5.30.40 running on LG43UM7000PLA webOS 5.5.0 – 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA | 2024-04-09 | 7.2 | CVE-2023-6317 cve-requests@bitdefender.com |
| link_whisper — link_whisper_free |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8. | 2024-04-11 | 7.1 | CVE-2024-27992 audit@patchstack.com |
| linkwhspr — link_whisper_free |
The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the ‘mfn-page-items’ post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-09 | 8.8 | CVE-2024-2693 security@wordfence.com security@wordfence.com |
| makeplane — plane |
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests. | 2024-04-10 | 9.1 | CVE-2024-31461 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| mervb1 — easy_property_listings |
The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-1893 security@wordfence.com security@wordfence.com security@wordfence.com |
| metagauss — registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_login | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator | 2024-04-09 | 8.8 | CVE-2024-1991 security@wordfence.com security@wordfence.com security@wordfence.com |
| metagauss — registrationmagic_-_custom_registration_forms_user_registration_payment,_and_user_login |
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2024-1990 security@wordfence.com security@wordfence.com security@wordfence.com |
| microsoft — azure_ai_search |
Azure AI Search Information Disclosure Vulnerability | 2024-04-09 | 7.3 | CVE-2024-29063 secure@microsoft.com |
| microsoft — azure_cyclecloud_8.6.0 |
Azure CycleCloud Elevation of Privilege Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29993 secure@microsoft.com |
| microsoft — azure_kubernetes_service |
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | 2024-04-09 | 9 | CVE-2024-29990 secure@microsoft.com |
| microsoft — azure_monitor |
Azure Monitor Agent Elevation of Privilege Vulnerability | 2024-04-09 | 8.4 | CVE-2024-29989 secure@microsoft.com |
| microsoft — microsoft_365_apps_for_enterprise |
Microsoft Excel Remote Code Execution Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26257 secure@microsoft.com |
| microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-21323 secure@microsoft.com |
| microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29053 secure@microsoft.com |
| microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-21322 secure@microsoft.com |
| microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | 2024-04-09 | 7.2 | CVE-2024-21324 secure@microsoft.com |
| microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | 2024-04-09 | 7.2 | CVE-2024-29054 secure@microsoft.com |
| microsoft — microsoft_defender_for_iot |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | 2024-04-09 | 7.2 | CVE-2024-29055 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28908 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28910 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28911 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28913 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28915 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28929 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28930 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28935 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28939 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29044 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29047 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29048 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29982 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29983 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(cu_25) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 7.5 | CVE-2024-29045 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28927 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28937 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28940 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28941 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28943 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28944 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28945 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29046 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29984 secure@microsoft.com |
| microsoft — microsoft_sql_server_2019_(gdr) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29985 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28906 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28909 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28912 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28914 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28926 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28931 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28932 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28934 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28936 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28938 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28942 secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_for_(cu_12) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29043 secure@microsoft.com |
| microsoft — microsoft_visual_studio_2019_version_16.11_(includes_16.0_-_16.10) |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-28933 secure@microsoft.com |
| microsoft — microsoft_visual_studio_2022_version_17.9 |
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 2024-04-09 | 7.3 | CVE-2024-21409 secure@microsoft.com |
| microsoft — outlook_for_windows |
Outlook for Windows Spoofing Vulnerability | 2024-04-09 | 8.1 | CVE-2024-20670 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-20678 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26179 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-26180 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-26189 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26200 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26205 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26210 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26214 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-26240 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | 2024-04-09 | 8.8 | CVE-2024-26244 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 8 | CVE-2024-28925 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Cryptographic Services Remote Code Execution Vulnerability | 2024-04-09 | 8.4 | CVE-2024-29050 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
SmartScreen Prompt Security Feature Bypass Vulnerability | 2024-04-09 | 8.8 | CVE-2024-29988 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-20693 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft Install Service Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26158 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26175 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.4 | CVE-2024-26194 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26208 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26211 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26218 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
HTTP.sys Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26219 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-04-09 | 7.3 | CVE-2024-26232 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Defender Credential Guard Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26237 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Telephony Server Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26239 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Win32k Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26241 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Telephony Server Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26242 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows SMB Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26245 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Kerberos Elevation of Privilege Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26248 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26254 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.5 | CVE-2024-28896 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28920 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-29061 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.1 | CVE-2024-29062 secure@microsoft.com |
| microsoft — windows_11_version_22h2 |
libarchive Remote Code Execution Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26256 secure@microsoft.com |
| microsoft — windows_server_2012 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.1 | CVE-2024-20688 secure@microsoft.com |
| microsoft — windows_server_2012 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 7.1 | CVE-2024-20689 secure@microsoft.com |
| microsoft — windows_server_2019 |
DHCP Server Service Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26195 secure@microsoft.com |
| microsoft — windows_server_2019 |
DHCP Server Service Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26202 secure@microsoft.com |
| microsoft — windows_server_2019 |
DHCP Server Service Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26212 secure@microsoft.com |
| microsoft — windows_server_2019 |
DHCP Server Service Denial of Service Vulnerability | 2024-04-09 | 7.5 | CVE-2024-26215 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows File Server Resource Management Service Elevation of Privilege Vulnerability | 2024-04-09 | 7.3 | CVE-2024-26216 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26221 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26222 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26223 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26224 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26227 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows Cryptographic Services Security Feature Bypass Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26228 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows CSC Service Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26229 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows Telephony Server Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26230 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26231 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows DNS Server Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-26233 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 2024-04-09 | 7.2 | CVE-2024-29066 secure@microsoft.com |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26213 secure@microsoft.com |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Windows Update Stack Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-26235 secure@microsoft.com |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Windows Update Stack Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26236 secure@microsoft.com |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28904 secure@microsoft.com |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28905 secure@microsoft.com |
| microsoft — windows_server_2022,_23h2_edition_(server_core_installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-28907 secure@microsoft.com |
| microsoft — windows_server_2022 |
Windows Authentication Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-21447 secure@microsoft.com |
| microsoft — windows_server_2022 |
Windows USB Print Driver Elevation of Privilege Vulnerability | 2024-04-09 | 7 | CVE-2024-26243 secure@microsoft.com |
| microsoft — windows_server_2022 |
Windows Storage Elevation of Privilege Vulnerability | 2024-04-09 | 7.8 | CVE-2024-29052 secure@microsoft.com |
| moove_agency — import_xml_and_rss_feeds |
Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5. | 2024-04-07 | 7.2 | CVE-2024-31292 audit@patchstack.com |
| n/a — csmock |
A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers. | 2024-04-10 | 7.6 | CVE-2024-2243 patrick@puiterwijk.org patrick@puiterwijk.org |
| n/a — eap |
A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if a cached token should be used or not. This logic needs to be updated to take into account the new “provider-url” option in addition to the “realm” option. | 2024-04-10 | 7.3 | CVE-2023-6236 secalert@redhat.com secalert@redhat.com |
| n/a — eap |
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability. | 2024-04-09 | 7.3 | CVE-2024-1233 secalert@redhat.com secalert@redhat.com |
| n/a — mysql2 |
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. | 2024-04-11 | 9.8 | CVE-2024-21508 report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
| n/a — ofono |
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver(). | 2024-04-10 | 8.1 | CVE-2023-2794 patrick@puiterwijk.org |
| n/a — qemu |
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. | 2024-04-09 | 8.2 | CVE-2024-3446 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| nerdpressteam — hubbub_lite_-_fast_reliable_social_sharing_buttons |
The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the ‘dpsp_maybe_unserialize’ function. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-09 | 7.5 | CVE-2024-2501 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| netdata — netdata |
Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-04-12 | 8.8 | CVE-2024-32019 security-advisories@github.com security-advisories@github.com |
| nozomi_networks — guardian |
Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation. | 2024-04-10 | 7.2 | CVE-2023-6916 prodsec@nozominetworks.com |
| nozomi_networks — guardian |
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted. | 2024-04-10 | 7.5 | CVE-2024-0218 prodsec@nozominetworks.com |
| nvidia — chatrtx |
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering | 2024-04-08 | 8.2 | CVE-2024-0082 psirt@nvidia.com |
| octopus_deploy — octopus_server |
A race condition was identified through which privilege escalation was possible in certain configurations. | 2024-04-09 | 8.8 | CVE-2024-2975 security@octopus.com |
| opengnsys — opengnsys |
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database. | 2024-04-12 | 9.8 | CVE-2024-3704 cve-coordination@incibe.es |
| opengnsys — opengnsys |
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint ‘/opengnsys/images/M_Icons.php’ modifying the file extension, due to lack of file extension verification, resulting in a webshell injection. | 2024-04-12 | 8.8 | CVE-2024-3705 cve-coordination@incibe.es |
| opentext — arcsight_management_center |
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. | 2024-04-08 | 8.7 | CVE-2024-2834 security@opentext.com |
| palo_alto_networks — pan-os |
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | 2024-04-12 | 10 | CVE-2024-3400 psirt@paloaltonetworks.com psirt@paloaltonetworks.com psirt@paloaltonetworks.com |
| palo_alto_networks — pan-os |
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled. | 2024-04-10 | 7.5 | CVE-2024-3382 psirt@paloaltonetworks.com |
| palo_alto_networks — pan-os |
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules. | 2024-04-10 | 7.4 | CVE-2024-3383 psirt@paloaltonetworks.com |
| palo_alto_networks — pan-os |
A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. | 2024-04-10 | 7.5 | CVE-2024-3384 psirt@paloaltonetworks.com |
| palo_alto_networks — pan-os |
A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the following hardware firewall models: – PA-5400 Series firewalls – PA-7000 Series firewalls | 2024-04-10 | 7.5 | CVE-2024-3385 psirt@paloaltonetworks.com |
| pencidesign — soledad |
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | 2024-04-09 | 7.1 | CVE-2024-31367 audit@patchstack.com |
| phpgurukul — small_crm |
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480. | 2024-04-12 | 7.3 | CVE-2024-3691 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| pickplugins — product_designer |
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32. | 2024-04-07 | 8.7 | CVE-2024-31277 audit@patchstack.com |
| planet — igs-4215-16t2s |
Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface. | 2024-04-11 | 7.7 | CVE-2024-2740 cve-coordination@incibe.es |
| planet — igs-4215-16t2s
|
Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface. | 2024-04-11 | 7.1 | CVE-2024-2741 cve-coordination@incibe.es |
| presstigers — simple_job_board |
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code when a submitted job application is viewed. | 2024-04-09 | 9.8 | CVE-2024-1813 security@wordfence.com security@wordfence.com |
| rapidload — rapidload_power-up_for_autoptimize |
Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11. | 2024-04-07 | 7.2 | CVE-2024-31288 audit@patchstack.com |
| redisbloom — redisbloom |
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | 2024-04-09 | 7 | CVE-2024-25115 security-advisories@github.com security-advisories@github.com |
| redon-tech — redon-hub |
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch. | 2024-04-08 | 8.8 | CVE-2024-31442 security-advisories@github.com security-advisories@github.com |
| reservation_diary — redi_restaurant_reservation |
Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. | 2024-04-10 | 7.1 | CVE-2024-31299 audit@patchstack.com |
| rust-lang — rust |
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it’s up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of `cmd.exe`, we didn’t identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library’s escaping logic. | 2024-04-09 | 10 | CVE-2024-24576 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| saleswonder.biz — 5_stars_rating_funnel |
Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67. | 2024-04-10 | 7.5 | CVE-2024-31358 audit@patchstack.com |
| sap_se — sap_asset_accounting |
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API’s. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | 2024-04-09 | 7.2 | CVE-2024-27901 cna@sap.com cna@sap.com |
| sap_se — sap_businessobjects_web_intelligence |
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application. | 2024-04-09 | 7.7 | CVE-2024-25646 cna@sap.com cna@sap.com |
| sap_se — sap_netweaver_as_java_user_management_engine |
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability. | 2024-04-09 | 8.8 | CVE-2024-27899 cna@sap.com cna@sap.com |
| sc0ttkclark — pods_-_custom_content_types_and_fields |
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 8.8 | CVE-2023-6967 security@wordfence.com security@wordfence.com security@wordfence.com |
| sc0ttkclark — pods_-_custom_content_types_and_fields |
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server. | 2024-04-09 | 8.8 | CVE-2023-6999 security@wordfence.com security@wordfence.com security@wordfence.com |
| searchiq — searchiq |
Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. | 2024-04-10 | 7.5 | CVE-2024-31259 audit@patchstack.com |
| shapedplugin — carousel,_slider_gallery_by_wp_carousel_-_image_carousel_&_photo_gallery_post_carousel_&_post_grid_product_carousel_&_product_grid_for_woocommerce |
The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the ‘shortcode’ parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-10 | 7.2 | CVE-2024-3020 security@wordfence.com security@wordfence.com |
| siemens — parasolid_v35.1 |
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. | 2024-04-09 | 7.8 | CVE-2024-26275 productcert@siemens.com |
| siemens — scalance_w1748-1_m12 |
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 3 “Override client’s security context” of CVE-2022-47522. Affected devices can be tricked into associating a newly negotiated, attacker-controlled, security context with frames belonging to a victim. This could allow a physically proximate attacker to decrypt frames meant for the victim. | 2024-04-09 | 8.4 | CVE-2024-30191 productcert@siemens.com |
| siemens — sinec_nms |
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system. | 2024-04-09 | 7.6 | CVE-2024-31978 productcert@siemens.com |
| sizam — rehub_framework |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2. | 2024-04-07 | 8.5 | CVE-2024-31234 audit@patchstack.com |
| sizam — rehub
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1. | 2024-04-07 | 8.5 | CVE-2024-31233 audit@patchstack.com |
| skymoonlabs — moveto |
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | 2024-04-11 | 9.8 | CVE-2024-25912 audit@patchstack.com |
| smartersite — wp_compress_-_image_optimizer_[all-in-one] |
The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wps_local_compress::__construct’ function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images. | 2024-04-09 | 7.5 | CVE-2024-1934 security@wordfence.com security@wordfence.com security@wordfence.com |
| solwin_infotech — user_activity_log |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8. | 2024-04-10 | 7.6 | CVE-2024-31356 audit@patchstack.com |
| sonaar_music — mp3_audio_player_for_music_radio_&_podcast_by_sonaar |
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1. | 2024-04-10 | 7.5 | CVE-2024-31343 audit@patchstack.com |
| sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/login.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259691. | 2024-04-08 | 7.3 | CVE-2024-3438 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259692. | 2024-04-08 | 7.3 | CVE-2024-3439 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| specialk — simple_ajax_chat_-_add_a_fast,_secure_chat_box |
The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field in all versions up to, and including, 20240216 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 7.2 | CVE-2024-2957 security@wordfence.com security@wordfence.com |
| stylemix — masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education |
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the ‘template’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-04-09 | 9.8 | CVE-2024-3136 security@wordfence.com security@wordfence.com security@wordfence.com |
| subnet_solutions — powersystem_server |
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021. | 2024-04-09 | 8.4 | CVE-2024-3313 ics-cert@hq.dhs.gov |
| sukhchain_singh — auto_poster |
Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2. | 2024-04-07 | 9.1 | CVE-2024-31345 audit@patchstack.com |
| techlabpro1 — classified_listing_-_classified_ads_&_business_directory_plugin |
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the ‘rtcl_update_user_account’ function. This makes it possible for unauthenticated attackers to change the administrator user’s password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account. | 2024-04-09 | 8.8 | CVE-2024-1315 security@wordfence.com security@wordfence.com security@wordfence.com |
| themefusion — avada_|_website_builder_for_wordpress_&_woocommerce |
The Avada theme for WordPress is vulnerable to SQL Injection via the ‘entry’ parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 7.2 | CVE-2024-2344 security@wordfence.com security@wordfence.com security@wordfence.com |
| themify — post_type_builder_(ptb) |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | 2024-04-09 | 7.1 | CVE-2024-31365 audit@patchstack.com |
| themify — post_type_builder_(ptb) |
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | 2024-04-09 | 7.1 | CVE-2024-31366 audit@patchstack.com |
| thimpress — learnpress_export_import |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3. | 2024-04-07 | 7.6 | CVE-2024-31241 audit@patchstack.com |
| tooltip — wordpress_tooltips |
Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3. | 2024-04-11 | 7.1 | CVE-2024-31285 audit@patchstack.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point. | 2024-04-09 | 8.1 | CVE-2023-49133 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point. | 2024-04-09 | 8.1 | CVE-2023-49134 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device’s web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability. | 2024-04-09 | 7.5 | CVE-2023-48724 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | 2024-04-09 | 7.4 | CVE-2023-49074 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49906 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49907 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49908 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | 2024-04-09 | 7.2 | CVE-2023-49909 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49910 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49911 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49912 talos-cna@cisco.com |
| tp-link — ac1350_wireless_mu-mimo_gigabit_access_point_(eap225_v3) |
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | 2024-04-09 | 7.2 | CVE-2023-49913 talos-cna@cisco.com |
| traccar — traccar |
Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it’s not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably. | 2024-04-10 | 9.6 | CVE-2024-31214 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| traccar — traccar |
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue. | 2024-04-10 | 8.5 | CVE-2024-24809 security-advisories@github.com security-advisories@github.com |
| traefik — traefik |
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the “Content-length” request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option. | 2024-04-12 | 7.5 | CVE-2024-28869 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| tribulant — slideshow_gallery |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 2024-04-10 | 8.5 | CVE-2024-31355 audit@patchstack.com |
| undsgn — uncode_core |
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8. | 2024-04-12 | 8.8 | CVE-2023-51515 audit@patchstack.com |
| webinarpress — webinarpress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.9. | 2024-04-07 | 7.1 | CVE-2024-31256 audit@patchstack.com |
| wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting |
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 7.2 | CVE-2024-0952 security@wordfence.com security@wordfence.com |
| welotec — tk515l |
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | 2024-04-09 | 9.8 | CVE-2023-1083 info@cert.vde.com |
| welotec — tk515l |
An remote attacker with low privileges can perform a command injection which can lead to root access. | 2024-04-09 | 8.8 | CVE-2023-1082 info@cert.vde.com |
| wintercms — wn-dusk-plugin |
wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is `[[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]]` – where `[[URL]]` is the base URL of the site, `[[USER ID]]` is the ID of the user account and `[[MANAGER]]` is the authentication manager (either `backend` for Backend, or `user` for the User plugin). If a configuration of a site using the Dusk plugin is set up in such a way that the Dusk plugin is available publicly and the test cases in Dusk are run with live data, this route may potentially be used to gain access to any user account in either the Backend or User plugin without authentication. As indicated in the `README`, this plugin should only be used in development and should *NOT* be used in a production instance. It is specifically recommended that the plugin be installed as a development dependency only in Composer. In order to remediate this issue, the special routes used above will now no longer be registered unless the `APP_ENV` environment variable is specifically set to `dusk`. Since Winter by default does not use this environment variable and it is not populated by default, it will only exist if Dusk’s automatic configuration is used (which won’t exhibit this vulnerability) or if a developer manually specifies it in their configuration. The automatic configuration performed by the Dusk plugin has also been hardened by default to use sane defaults and not allow external environment variables to leak into this configuration. This will only affect users in which the Winter CMS installation meets ALL the following criteria: 1. The Dusk plugin is installed in the Winter CMS instance. 2. The application is in production mode (ie. the `debug` config value is set to `true` in `config/app.php`). 3. The Dusk plugin’s automatic configuration has been overridden, either by providing a custom `.env.dusk` file or by providing custom configuration in the `config/dusk` folder, or by providing configuration environment variables externally. 4. The environment has been configured to use production data in the database for testing, and not the temporary SQLite database that Dusk uses by default. 5. The application is connectable via the web. This issue has been fixed in version 2.1.0. Users are advised to upgrade. | 2024-04-12 | 8.8 | CVE-2024-32003 security-advisories@github.com security-advisories@github.com |
| wisdmlabs — edwiser_bridge |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2. | 2024-04-07 | 7.6 | CVE-2024-31260 audit@patchstack.com |
| wpeverest — everest_forms_-_build_contact_forms_surveys_polls_quizzes_newsletter_&_application_forms_and_many_more_with_ease! |
The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the ‘font_url’ parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-04-09 | 7.2 | CVE-2024-1812 security@wordfence.com security@wordfence.com |
| wpexperts — wholesale_for_woocommerce |
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | 2024-04-10 | 7.5 | CVE-2024-31297 audit@patchstack.com |
| wpmudev — forminator_-_contact_form,_payment_form_&_custom_form_builder |
The Forminator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. 3gpp file) in all versions up to, and including, 1.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 7.2 | CVE-2024-1794 security@wordfence.com security@wordfence.com |
| wpvividplugins — migration_backup_staging_-_wpvivid |
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-04-12 | 7.2 | CVE-2024-3054 security@wordfence.com security@wordfence.com |
| wpwhitesecurity — wp_activity_log_premium |
The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. One demonstrated attack included the injection of a PHP Object. | 2024-04-09 | 8.8 | CVE-2024-2018 security@wordfence.com security@wordfence.com |
| xibosignage — xibo-cms |
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into the session page to exfiltrate session IDs and User Agents. These session IDs / User Agents can subsequently be used to hijack active sessions. A malicious script can be injected into the display grid to exfiltrate information related to displays. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Upgrading to a fixed version is necessary to remediate. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this issue. | 2024-04-12 | 8.8 | CVE-2024-29022 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xibosignage — xibo-cms |
Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be granted access to the session page, or be a super admin. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this vulnerability. | 2024-04-12 | 7.2 | CVE-2024-29023 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-commons |
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn’t escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9 RC1. Apart from upgrading, there is no generic workaround. However, replacing `$escapetool.html` by `$escapetool.xml` in XWiki documents fixes the vulnerability. In a standard XWiki installation, the maintainers are only aware of the document `Panels.PanelLayoutUpdate` that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too. | 2024-04-10 | 10 | CVE-2024-31996 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki’s database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki. | 2024-04-10 | 10 | CVE-2024-31982 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the document `XWiki.SearchSuggestSourceSheet`. | 2024-04-10 | 9.9 | CVE-2024-31465 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading. | 2024-04-10 | 9.9 | CVE-2024-31981 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations. | 2024-04-10 | 9.9 | CVE-2024-31983 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page. | 2024-04-10 | 9.9 | CVE-2024-31984 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page. | 2024-04-10 | 9 | CVE-2024-31986 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading. | 2024-04-10 | 9.9 | CVE-2024-31987 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update `RTFrontend.ConvertHTML` manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used. | 2024-04-10 | 9.6 | CVE-2024-31988 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user’s own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available. | 2024-04-10 | 9.9 | CVE-2024-31997 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| yt-dlp — yt-dlp |
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `–exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `–exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `–exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `–exec` other than `{}` (filepath); if expansion in `–exec` is needed, verify the fields you are using do not contain `”`, `|` or `&`; and/or instead of using `–exec`, write the info json and load the fields from it instead. | 2024-04-09 | 8.3 | CVE-2024-22423 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| zauberzeug — nicegui |
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-04-12 | 8.2 | CVE-2024-32005 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 10web — form_maker_by_10web_-_mobile-friendly_drag_&_drop_contact_form_builder |
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures. | 2024-04-09 | 5.9 | CVE-2024-2112 security@wordfence.com security@wordfence.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-20778 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-20779 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-20780 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26046 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26047 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26076 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26079 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26084 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26087 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26097 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26098 psirt@adobe.com |
| adobe — adobe_experience_manager |
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | 2024-04-10 | 5.4 | CVE-2024-26122 psirt@adobe.com |
| adobe — after_effects |
After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 5.5 | CVE-2024-20737 psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.4, 24.0.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause a system crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20794 psirt@adobe.com |
| adobe — animate |
Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20796 psirt@adobe.com |
| adobe — bridge |
Bridge versions 13.0.6, 14.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20771 psirt@adobe.com |
| adobe — illustrator |
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-11 | 5.5 | CVE-2024-20798 psirt@adobe.com |
| adobe — indesign_desktop |
InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 5.5 | CVE-2024-20766 psirt@adobe.com |
| adobe — photoshop_desktop |
Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-04-10 | 5.5 | CVE-2024-20770 psirt@adobe.com |
| aerin — loan_repayment_calculator_and_application_form |
Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4. | 2024-04-12 | 5.4 | CVE-2024-31263 audit@patchstack.com |
| alex_tselegidis — easy!appointments |
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2. | 2024-04-11 | 6.3 | CVE-2023-32295 audit@patchstack.com |
| aminur_islam — wp_login_and_logout_redirect |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aminur Islam WP Login and Logout Redirect allows Stored XSS.This issue affects WP Login and Logout Redirect: from n/a through 1.2. | 2024-04-11 | 5.9 | CVE-2024-31927 audit@patchstack.com |
| appcheap.io — app_builder |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. | 2024-04-10 | 4.7 | CVE-2024-31282 audit@patchstack.com |
| apppresser_team — apppresser |
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | 2024-04-12 | 4.3 | CVE-2024-31268 audit@patchstack.com |
| arnan_de_gans — no-bot_registration |
Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1. | 2024-04-12 | 4.3 | CVE-2024-31372 audit@patchstack.com |
| athemes — sydney_toolbox |
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3208 security@wordfence.com security@wordfence.com |
| automatic1111 — stable-diffusion-webui |
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access. | 2024-04-12 | 6.3 | CVE-2024-31462 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| automattic — woocommerce |
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2. | 2024-04-07 | 4.3 | CVE-2024-22155 audit@patchstack.com |
| automattic — wp_job_manager |
Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0. | 2024-04-12 | 5.3 | CVE-2023-52211 audit@patchstack.com |
| ayecode_ltd — userswp |
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6. | 2024-04-11 | 5.4 | CVE-2024-31936 audit@patchstack.com |
| bdthemes — element_pack_elementor_addons_(header_footer,_template_library,_dynamic_grid_&_carousel,_remote_arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details. | 2024-04-11 | 5.3 | CVE-2024-2966 security@wordfence.com security@wordfence.com |
| bdthemes — prime_slider_-_addons_for_elementor |
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. | 2024-04-11 | 4.3 | CVE-2024-24883 audit@patchstack.com |
| bdthemes — ultimate_store_kit_elementor_addons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.5.2. | 2024-04-08 | 6.5 | CVE-2024-31357 audit@patchstack.com |
| beaver_builder — beaver_themer |
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2023-6694 security@wordfence.com security@wordfence.com |
| beaver_builder — beaver_themer |
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the ‘wpbb’ shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values. | 2024-04-09 | 6.5 | CVE-2023-6695 security@wordfence.com security@wordfence.com |
| bestwebsoft — contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress | The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2200 security@wordfence.com security@wordfence.com |
| bestwebsoft — contact_form_by_bestwebsoft_-_advanced_contact_us_form_builder_for_wordpress |
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_address’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2198 security@wordfence.com security@wordfence.com |
| bfintal — stackable_-_page_builder_gutenberg_blocks |
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post(v2) block title tag in all versions up to, and including, 3.12.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2039 security@wordfence.com security@wordfence.com |
| blazethemes — newsmatic |
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the ‘newsmatic_filter_posts_load_tab_content’. This makes it possible for unauthenticated attackers to view draft posts and post content. | 2024-04-09 | 5.3 | CVE-2024-1587 security@wordfence.com security@wordfence.com |
| blocksmarket — gradient_text_widget_for_elementor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1. | 2024-04-07 | 6.5 | CVE-2024-31346 audit@patchstack.com |
| bogdanfix — wp_sendfox |
Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. | 2024-04-11 | 5.4 | CVE-2024-27970 audit@patchstack.com |
| boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2734 security@wordfence.com security@wordfence.com |
| boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price List’ element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2735 security@wordfence.com security@wordfence.com |
| boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2736 security@wordfence.com security@wordfence.com |
| boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3266 security@wordfence.com security@wordfence.com |
| boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3267 security@wordfence.com security@wordfence.com |
| boldthemes — bold_page_builder |
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s “Separator” element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 5.4 | CVE-2024-2733 security@wordfence.com security@wordfence.com |
| bosch — ams |
A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. | 2024-04-11 | 4.6 | CVE-2023-32228 psirt@bosch.com |
| bracketspace — advanced_cron_manager_-_debug_&_control |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.2. | 2024-04-11 | 5.9 | CVE-2024-31926 audit@patchstack.com |
| bracketspace — simple_post_notes |
Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6. | 2024-04-11 | 4.3 | CVE-2024-31935 audit@patchstack.com |
| bradvin — best_wordpress_gallery_plugin_-_foogallery |
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2081 security@wordfence.com security@wordfence.com security@wordfence.com |
| brainstormforce — astra |
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user’s display name in all versions up to, and including, 4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2347 security@wordfence.com security@wordfence.com |
| brainstormforce — cards_for_beaver_builder |
The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2305 security@wordfence.com security@wordfence.com |
| brainstormforce — spectra_-_wordpress_gutenberg_blocks |
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2023-6486 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| brechtvds — wp_recipe_maker |
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the recipe dashboard (which is administrator-only by default but can be assigned to arbitrary capabilities), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 4.4 | CVE-2024-1571 security@wordfence.com security@wordfence.com |
| bricksforge — bricksforge |
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | 2024-04-10 | 5.3 | CVE-2024-31242 audit@patchstack.com |
| britner — gutenberg_blocks_by_kadence_blocks_-_page_builder_features |
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-09 | 4.4 | CVE-2024-0598 security@wordfence.com security@wordfence.com security@wordfence.com |
| britner — gutenberg_blocks_by_kadence_blocks_page_builder_features |
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget’s anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1999 security@wordfence.com security@wordfence.com security@wordfence.com |
| bunny.net — bunny.net |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bunny.Net allows Stored XSS.This issue affects bunny.Net: from n/a through 2.0.1. | 2024-04-11 | 5.9 | CVE-2024-31361 audit@patchstack.com |
| byzoro — smart_s80_management_platform |
A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-09 | 4.7 | CVE-2024-3521 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — church_management_system |
A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/delete_log.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259906 is the identifier assigned to this vulnerability. | 2024-04-10 | 6.3 | CVE-2024-3536 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — church_management_system |
A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/admin_user.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259907. | 2024-04-10 | 6.3 | CVE-2024-3537 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — church_management_system |
A vulnerability was found in Campcodes Church Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/addTithes.php. The manipulation of the argument na leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259908. | 2024-04-10 | 6.3 | CVE-2024-3538 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — church_management_system |
A vulnerability was found in Campcodes Church Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addgiving.php. The manipulation of the argument amount leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259909 was assigned to this vulnerability. | 2024-04-10 | 6.3 | CVE-2024-3539 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — church_management_system |
A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_sundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259910 is the identifier assigned to this vulnerability. | 2024-04-10 | 6.3 | CVE-2024-3540 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — house_rental_management_system |
A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483. | 2024-04-12 | 6.3 | CVE-2024-3696 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — house_rental_management_system |
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484. | 2024-04-12 | 6.3 | CVE-2024-3697 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — house_rental_management_system |
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability. | 2024-04-12 | 6.3 | CVE-2024-3698 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — house_rental_management_system |
A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571. | 2024-04-13 | 6.3 | CVE-2024-3719 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — online_event_management_system |
A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability. | 2024-04-09 | 6.3 | CVE-2024-3522 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — online_event_management_system |
A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259894 is the identifier assigned to this vulnerability. | 2024-04-09 | 6.3 | CVE-2024-3523 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| catch_plugins — generate_child_theme |
Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0. | 2024-04-12 | 5.4 | CVE-2024-31279 audit@patchstack.com |
| celomitan — gum_elementor_addon |
The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2348 security@wordfence.com security@wordfence.com security@wordfence.com |
| clavaque — s2member_-_best_membership_plugin_for_all_kinds_of_memberships_content_restriction_paywalls_&_member_access_subscriptions |
The s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 230815 via the API. This makes it possible for unauthenticated attackers to see the contents of those posts and pages. | 2024-04-09 | 5.3 | CVE-2024-0899 security@wordfence.com security@wordfence.com |
| coded_commerce,_llc — benchmark_email_lite |
Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1. | 2024-04-12 | 4.3 | CVE-2024-31360 audit@patchstack.com |
| codepeople — contact_form_email |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. | 2024-04-10 | 5.3 | CVE-2024-31302 audit@patchstack.com |
| collizo4sky — paid_membership_plugin_ecommerce,_user_registration_form,_login_form_user_profile_&_restrict_content_-_profilepress |
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘reg-single-checkbox’ shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-3210 security@wordfence.com security@wordfence.com |
| colorlibplugins — fancybox_for_wordpress |
The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-09 | 4.4 | CVE-2024-0662 security@wordfence.com security@wordfence.com |
| connekthq — wordpress_infinite_scroll_-_ajax_load_more |
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the ‘type’ parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances. | 2024-04-09 | 4.9 | CVE-2024-1790 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| contao — contao |
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users. | 2024-04-09 | 5.4 | CVE-2024-28190 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| contao — contao |
Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable “Allow auto login” in the login module. | 2024-04-09 | 5.9 | CVE-2024-30262 security-advisories@github.com security-advisories@github.com |
| contao — contao |
Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments. | 2024-04-09 | 4.3 | CVE-2024-28234 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| convertkit — convertkit |
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. | 2024-04-10 | 5.3 | CVE-2024-31245 audit@patchstack.com |
| cp_plus — wi-fi_camera |
A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Affected by this vulnerability is an unknown functionality of the component User Management. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259615. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-08 | 5.4 | CVE-2024-3434 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| creativeminds — invitation_code_content_restriction_plugin_from_creativeminds |
The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘target_id’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2022-4965 security@wordfence.com security@wordfence.com |
| creativethemes — blocksy_companion |
Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. | 2024-04-11 | 5.4 | CVE-2024-31932 audit@patchstack.com |
| cssigniterteam — elements_plus! |
The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget link URLs in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2335 security@wordfence.com security@wordfence.com |
| cym1102 — nginxwebui |
A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability. | 2024-04-13 | 6.3 | CVE-2024-3739 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| cym1102 — nginxwebui |
A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579. | 2024-04-13 | 6.3 | CVE-2024-3740 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| cym1102 — nginxwebui |
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575. | 2024-04-13 | 4.3 | CVE-2024-3736 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| danieliser — popup_maker_-_popup_for_opt-ins_lead_gen_&_more |
The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2336 security@wordfence.com security@wordfence.com |
| dataease — dataease |
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform’s database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading. | 2024-04-08 | 5.3 | CVE-2024-30269 security-advisories@github.com security-advisories@github.com |
| dell — alienware_command_center_(awcc) |
Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. | 2024-04-10 | 6.7 | CVE-2024-0159 security_alert@emc.com |
| dell — cpg_bios |
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. | 2024-04-10 | 4.7 | CVE-2024-22448 security_alert@emc.com |
| dell — dell_storage_resource_manager |
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user’s application session. | 2024-04-12 | 5.9 | CVE-2024-0157 security_alert@emc.com |
| devitemsllc — shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor) |
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1960 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| devitemsllc — shoplentor_-_woocommerce_builder_for_elementor_&_gutenberg_+12_modules_-_all_in_one_solution_(formerly_woolentor) |
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2946 security@wordfence.com security@wordfence.com |
| devowl — real_media_library:_media_library_folder_&_file_manager |
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2027 security@wordfence.com security@wordfence.com |
| dfactory — post_views_counter |
Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions. | 2024-04-12 | 4.3 | CVE-2024-31264 audit@patchstack.com |
| dglingren — media_library_assistant |
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-04-09 | 6.4 | CVE-2024-2871 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| digitalbazaar — zcap |
`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time. | 2024-04-10 | 4.3 | CVE-2024-31995 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| easy_digital_downloads — easy_digital_downloads |
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. | 2024-04-12 | 4.3 | CVE-2024-31293 audit@patchstack.com |
| ecwid — ecwid_ecommerce_shopping_cart |
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2456 security@wordfence.com security@wordfence.com |
| elbanyaoui — woocommerce_clover_payment_gateway |
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid. | 2024-04-09 | 5.3 | CVE-2024-0626 security@wordfence.com security@wordfence.com security@wordfence.com |
| elementor — hello_elementor |
Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. | 2024-04-12 | 4.3 | CVE-2024-31289 audit@patchstack.com |
| elemntor — elementor_website_builder_-_more_than_just_a_page_builder |
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Path Widget in all versions up to, and including, 3.20.2 due to insufficient output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2117 security@wordfence.com security@wordfence.com |
| elextensions — elex_woocommerce_dynamic_pricing_and_discounts |
Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | 2024-04-12 | 4.3 | CVE-2024-31364 audit@patchstack.com |
| envato — template_kit_-_import |
The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2334 security@wordfence.com security@wordfence.com security@wordfence.com |
| exactly_www — ewww_image_optimizer |
Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3. | 2024-04-10 | 4.3 | CVE-2024-31924 audit@patchstack.com |
| expresstech — quiz_and_survey_master |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2. | 2024-04-11 | 5.9 | CVE-2024-27966 audit@patchstack.com |
| faktor_vier — f4_improvements |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0. | 2024-04-11 | 5.9 | CVE-2024-31925 audit@patchstack.com |
| fetch_designs — sign-up_sheets |
Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1. | 2024-04-12 | 4.3 | CVE-2024-31303 audit@patchstack.com |
| formsite — formsite_|_embed_online_forms_to_collect_orders_registrations_leads_and_surveys |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6. | 2024-04-07 | 6.5 | CVE-2024-31257 audit@patchstack.com |
| fortinet — fortimanager |
A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates. | 2024-04-09 | 6.7 | CVE-2023-47542 psirt@fortinet.com |
| fortinet — fortios |
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, version 7.0.14 and below, version 6.4.15 and below command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests. | 2024-04-09 | 6.7 | CVE-2023-48784 psirt@fortinet.com |
| fortinet — fortios |
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests. | 2024-04-09 | 5.3 | CVE-2024-23662 psirt@fortinet.com |
| fortinet — fortisandbox |
An improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.0.5 through 3.0.7 may allows attacker to execute unauthorized code or commands via CLI. | 2024-04-09 | 6.7 | CVE-2023-47540 psirt@fortinet.com |
| fortinet — fortisandbox |
An improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.2 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 and 2.3.0 through 2.3.3 and 2.2.0 through 2.2.2 and 2.1.0 through 2.1.3 and 2.0.0 through 2.0.3 allows attacker to execute unauthorized code or commands via CLI. | 2024-04-09 | 6.7 | CVE-2023-47541 psirt@fortinet.com |
| fortinet — fortisandbox |
A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.0 through 2.4.1 may allows attacker to information disclosure via crafted http requests. | 2024-04-09 | 5.9 | CVE-2024-31487 psirt@fortinet.com |
| fr-d-ric_gilles — fg_drupal_to_wordpress |
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. | 2024-04-10 | 5.3 | CVE-2024-31247 audit@patchstack.com |
| getbowtied — shopkeeper_extender |
The Shopkeeper Extender plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘image_slide’ shortcode in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-12 | 6.4 | CVE-2024-2801 security@wordfence.com security@wordfence.com |
| gitlab — gitlab |
A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature. | 2024-04-12 | 4.3 | CVE-2023-6489 cve@gitlab.com cve@gitlab.com |
| gitlab — gitlab |
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file. | 2024-04-12 | 4.3 | CVE-2023-6678 cve@gitlab.com cve@gitlab.com |
| givewp — givewp |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. | 2024-04-12 | 5.9 | CVE-2022-40211 audit@patchstack.com |
| gn_themes — wp_shortcodes_plugin_-_shortcodes_ultimate |
The WP Shortcodes Plugin – Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘note_color’ shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3512 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| hcl_software — bigfix_enterprise_suite_asset_discovery |
The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry. | 2024-04-08 | 6.6 | CVE-2024-23584 psirt@hcl.com |
| hidekazu_ishikawa — x-t9 |
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1. | 2024-04-10 | 4.3 | CVE-2024-31386 audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com audit@patchstack.com |
| i_thirteen_web_solution — wp_responsive_tabs_horizontal_vertical_and_accordion_tabs |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17. | 2024-04-11 | 6.5 | CVE-2024-27989 audit@patchstack.com |
| ibm — qradar_siem |
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. | 2024-04-11 | 5.9 | CVE-2023-50949 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — security_verify_access_appliance |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. | 2024-04-10 | 6.2 | CVE-2024-31874 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — sterling_b2b_integrator |
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338. | 2024-04-12 | 5.4 | CVE-2023-50307 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — sterling_b2b_integrator |
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894. | 2024-04-12 | 5.4 | CVE-2024-22357 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — sterling_b2b_integrator |
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691. | 2024-04-12 | 4.8 | CVE-2023-45186 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — sterling_file_gateway |
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. | 2024-04-12 | 4.8 | CVE-2023-47714 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — storage_defender |
IBM Storage Defender – Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986. | 2024-04-12 | 6.4 | CVE-2024-27261 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896. | 2024-04-12 | 6.3 | CVE-2024-22358 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897. | 2024-04-12 | 6.1 | CVE-2024-22359 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974. | 2024-04-12 | 4.4 | CVE-2024-22334 psirt@us.ibm.com psirt@us.ibm.com |
| ibm — urbancode_deploy |
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979. | 2024-04-12 | 4.3 | CVE-2024-22339 psirt@us.ibm.com psirt@us.ibm.com |
| ideaboxcreations — powerpack_addons_for_elementor_(free_widgets_extensions_and_templates) |
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget in all versions up to, and including, 2.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2492 security@wordfence.com security@wordfence.com |
| ideaboxcreations — powerpack_lite_for_beaver_builder |
The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link in multiple elements in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2289 security@wordfence.com security@wordfence.com |
| j_3rk — video_conferencing_with_zoom |
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site. | 2024-04-09 | 4.3 | CVE-2024-2033 security@wordfence.com security@wordfence.com |
| jackdewey — link_library |
The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchll parameter in all versions up to, and including, 7.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2325 security@wordfence.com security@wordfence.com |
| jcodex — woocommerce_checkout_field_editor_(checkout_manager) |
Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8. | 2024-04-12 | 5.4 | CVE-2024-31262 audit@patchstack.com |
| jetmonsters — getwid_-_gutenberg_blocks |
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1948 security@wordfence.com security@wordfence.com |
| jetmonsters — jetwidgets_for_elementor |
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2138 security@wordfence.com security@wordfence.com |
| jetmonsters — jetwidgets_for_elementor |
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2507 security@wordfence.com security@wordfence.com |
| joel_hardi — user_spam_remover |
Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. | 2024-04-10 | 5.3 | CVE-2024-31298 audit@patchstack.com |
| joomunited — wp_media_folder |
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | 2024-04-11 | 5.4 | CVE-2024-25907 audit@patchstack.com |
| joomunited — wp_media_folder |
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | 2024-04-11 | 4.3 | CVE-2024-25908 audit@patchstack.com |
| jtermaat — 360_javascript_viewer |
The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings. | 2024-04-09 | 4.3 | CVE-2024-1637 security@wordfence.com security@wordfence.com security@wordfence.com |
| julien_berthelot_/_mpembed.com — wp_matterport_shortcode |
Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode.This issue affects WP Matterport Shortcode: from n/a through 2.1.8. | 2024-04-11 | 4.3 | CVE-2024-32109 audit@patchstack.com |
| juniper_networks — junos_os_evolved |
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition. This issue affects Juniper Networks Junos OS Evolved: 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO. | 2024-04-12 | 6.5 | CVE-2024-30403 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os_evolved |
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO. | 2024-04-12 | 5.3 | CVE-2024-21590 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os_evolved |
An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane. When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn’t consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded. This issue affects Junos OS Evolved: All versions before 21.4R3-S4-EVO, 22.1-EVO versions before 22.1R3-S3-EVO, 22.2-EVO versions before 22.2R3-S2-EVO, 22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO. | 2024-04-12 | 5.3 | CVE-2024-30390 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os_evolved |
A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO. This issue does not affect releases before 23.1R1-EVO. | 2024-04-12 | 5.5 | CVE-2024-30406 sirt@juniper.net sirt@juniper.net sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2. | 2024-04-12 | 6.5 | CVE-2024-21593 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device. This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2 and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4. | 2024-04-12 | 6.5 | CVE-2024-21605 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command: user@host> show system processes extensive | grep iked PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 56903 root 31 0 4016M 2543M CPU0 0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. | 2024-04-12 | 6.5 | CVE-2024-21609 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R2-S2, 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO. | 2024-04-12 | 6.5 | CVE-2024-21618 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: All versions before 20.4R3-S9, 21.2 versions before 21.2R3-S5, 21.3 versions before 21.3R3-S5, 21.4 versions before 21.4R3-S4, 22.1 versions before 22.1R3-S2, 22.2 versions before 22.2R3-S2, 22.3 versions before 22.3R2-S2, 22.3R3, 22.4 versions before 22.4R2. | 2024-04-12 | 6.5 | CVE-2024-30387 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss. This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4 before 20.4R3-S8, * 21.2 versions from 21.2R3-S2 before 21.2R3-S6, * 21.4 versions from 21.4R2 before 21.4R3-S4, * 22.1 versions from 22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3. | 2024-04-12 | 6.5 | CVE-2024-30388 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can’t be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command: user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. | 2024-04-12 | 5.3 | CVE-2024-21610 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3 before 21.3R3-S5-EVO, * from 21.4 before 21.4R3-S5-EVO, * from 22.1 before 22.1R3-S5-EVO, * from 22.2 before 22.2R3-S3-EVO, * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO, * from 23.2 before 23.2R1-S2. | 2024-04-12 | 5 | CVE-2024-21615 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os
|
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers. This issue affects Junos OS: All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6. | 2024-04-12 | 5.5 | CVE-2024-30384 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os
|
A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS: * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved: * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO, * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO. | 2024-04-12 | 5.3 | CVE-2024-30386 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn’t recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1. | 2024-04-12 | 5.8 | CVE-2024-30389 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2; This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4. | 2024-04-12 | 5.9 | CVE-2024-30401 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition. This issue affects: Junos OS: All versions earlier than 20.4R3-S10; 21.2 versions earlier than 21.2R3-S7; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S1; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. Junos OS Evolved: All versions earlier than 21.4R3-S5-EVO; 22.1-EVO versions earlier than 22.1R3-S4-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S1-EVO; 22.4-EVO versions earlier than 22.4R3-EVO; 23.2-EVO versions earlier than 23.2R2-EVO. | 2024-04-12 | 5.9 | CVE-2024-30402 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service. This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2. Junos OS Evolved: * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO. | 2024-04-12 | 5.3 | CVE-2024-30409 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_os |
A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: All versions before 20.4R3-S7, 21.1 versions before 21.1R3, 21.2 versions before 21.2R2-S1, 21.2R3, 21.3 versions before 21.3R1-S2, 21.3R2. | 2024-04-12 | 4.8 | CVE-2024-30391 sirt@juniper.net sirt@juniper.net |
| juniper_networks — junos_ |
An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter. This issue affects only IPv6 firewall filter. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6. | 2024-04-12 | 5.8 | CVE-2024-30410 sirt@juniper.net sirt@juniper.net |
| junkcoder,_ristoniinemets — ajax_thumbnail_rebuild |
Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | 2024-04-11 | 4.3 | CVE-2022-47604 audit@patchstack.com |
| kekotron — ai_post_generator_|_autowriter |
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions. | 2024-04-09 | 6.3 | CVE-2024-1850 security@wordfence.com security@wordfence.com security@wordfence.com |
| khl32 — font_farsi |
The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-09 | 4.4 | CVE-2024-3093 security@wordfence.com security@wordfence.com |
| kurudrive — vk_all_in_one_expansion_unit |
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content. | 2024-04-09 | 6.5 | CVE-2024-2093 security@wordfence.com security@wordfence.com security@wordfence.com |
| kyivstarteam — react-native-sms-user-consent |
A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508. | 2024-04-07 | 5.3 | CVE-2021-4438 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| leadinfo — leadinfo |
Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0. | 2024-04-11 | 4.3 | CVE-2024-32112 audit@patchstack.com |
| leap13 — premium_addons_for_elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-0376 security@wordfence.com security@wordfence.com |
| leap13 — premium_addons_for_elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2664 security@wordfence.com security@wordfence.com |
| leap13 — premium_addons_for_elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.5 | CVE-2024-2665 security@wordfence.com security@wordfence.com |
| leap13 — premium_addons_for_elementor |
The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin’s Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and attempts to edit the content. | 2024-04-10 | 5.4 | CVE-2024-2666 security@wordfence.com security@wordfence.com |
| leap13 — premium_addons_for_elementor |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22. | 2024-04-10 | 4.3 | CVE-2024-31278 audit@patchstack.com |
| lifterlms — lifterlms |
Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0. | 2024-04-12 | 4.3 | CVE-2024-31363 audit@patchstack.com |
| link_whisper — link_whisper_free |
Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9. | 2024-04-11 | 4.3 | CVE-2024-31934 audit@patchstack.com |
| livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘text_alignment’ attribute of the Animated Text widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1458 security@wordfence.com security@wordfence.com |
| livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1461 security@wordfence.com security@wordfence.com |
| livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1464 security@wordfence.com security@wordfence.com |
| livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carousel_skin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1465 security@wordfence.com security@wordfence.com |
| livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-27986 may be a duplicate of this issue. | 2024-04-09 | 6.4 | CVE-2024-1466 security@wordfence.com security@wordfence.com |
| livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget ‘_id’ attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2539 security@wordfence.com security@wordfence.com |
| livemesh — elementor_addons_by_livemesh |
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-2655 security@wordfence.com security@wordfence.com |
| lizardbyte — sunshine |
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability. | 2024-04-08 | 5.9 | CVE-2024-31221 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| mailmunch — mailmunch_-_grow_your_email_list |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MailMunch MailMunch – Grow your Email List allows Stored XSS.This issue affects MailMunch – Grow your Email List: from n/a through 3.1.6. | 2024-04-07 | 6.5 | CVE-2024-31349 audit@patchstack.com |
| mark_stockton — quicksand_post_filter_jquery_plugin |
Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | 2024-04-11 | 5.3 | CVE-2024-24850 audit@patchstack.com |
| matrix-org — matrix-appservice-irc |
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don’t have access to. As a precondition to the attack, the malicious user needs to know the event ID of the message they want to leak, as well as to be joined to both the Matrix room and the IRC channel it is bridged to. The message reply containing the leaked message content is visible to IRC channel members when this happens. matrix-appservice-irc 2.0.0 checks whether the user has permission to view an event before constructing a reply. Administrators should upgrade to this version. It’s possible to limit the amount of information leaked by setting a reply template that doesn’t contain the original message. See these lines `601-604` in the configuration file linked. | 2024-04-12 | 4.3 | CVE-2024-32000 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| mautic — mautic |
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available | 2024-04-10 | 5.3 | CVE-2024-2730 vulnerability@ncsc.ch |
| mautic — mautic |
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users’ names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available. | 2024-04-10 | 5.4 | CVE-2024-2731 vulnerability@ncsc.ch |
| mautic — mautic |
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available. | 2024-04-10 | 5 | CVE-2024-3448 vulnerability@ncsc.ch |
| max_foundry — media_library_folders |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. | 2024-04-10 | 6.5 | CVE-2024-31287 audit@patchstack.com |
| mbis — permalink_manager_lite |
The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-09 | 6.1 | CVE-2024-2738 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| mbis — permalink_manager_lite |
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘get_uri_editor’ function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts. | 2024-04-09 | 4.3 | CVE-2024-2543 security@wordfence.com security@wordfence.com security@wordfence.com |
| memberpress — memberpress |
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and ‘error’ parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note – the issue was partially patched in 1.11.25, but could still potentially be exploited under some circumstances. | 2024-04-09 | 6.1 | CVE-2024-1412 security@wordfence.com security@wordfence.com |
| metagauss — profilegrid_ |
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. | 2024-04-07 | 4.3 | CVE-2024-31291 audit@patchstack.com |
| metagauss — profilegrid_ |
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 2024-04-12 | 4.3 | CVE-2024-31362 audit@patchstack.com |
| metagauss — registrationmagic |
Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | 2024-04-11 | 4.3 | CVE-2024-25935 audit@patchstack.com |
| metaslider — slider_gallery_and_carousel_by_metaslider_-_responsive_wordpress_slideshows |
The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘metaslider’ shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 6.4 | CVE-2024-3285 security@wordfence.com security@wordfence.com |
| michael_leithold — dsgvo_all_in_one_for_wp |
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. | 2024-04-11 | 4.3 | CVE-2024-27967 audit@patchstack.com |
| micro.company — form_to_chat_app |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6. | 2024-04-07 | 6.5 | CVE-2024-31258 audit@patchstack.com |
| microsoft — azure_arc_extension |
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | 2024-04-09 | 6.2 | CVE-2024-28917 secure@microsoft.com |
| microsoft — azure_compute_gallery |
Azure Compute Gallery Elevation of Privilege Vulnerability | 2024-04-09 | 6.5 | CVE-2024-21424 secure@microsoft.com |
| microsoft — azure_identity_library_for_.net |
Azure Identity Library for .NET Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-29992 secure@microsoft.com |
| microsoft — azure_migrate |
Azure Migrate Remote Code Execution Vulnerability | 2024-04-09 | 6.4 | CVE-2024-26193 secure@microsoft.com |
| microsoft — azure_private_5g_core |
Azure Private 5G Core Denial of Service Vulnerability | 2024-04-09 | 5.9 | CVE-2024-20685 secure@microsoft.com |
| microsoft — microsoft_sharepoint_server_2019 |
Microsoft SharePoint Server Spoofing Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26251 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
BitLocker Security Feature Bypass Vulnerability | 2024-04-09 | 6.1 | CVE-2024-20665 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-20669 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26168 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-26171 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Kerberos Denial of Service Vulnerability | 2024-04-09 | 6.5 | CVE-2024-26183 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Proxy Driver Spoofing Vulnerability | 2024-04-09 | 6.7 | CVE-2024-26234 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-26250 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows rndismp6.sys Remote Code Execution Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26252 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows rndismp6.sys Remote Code Execution Vulnerability | 2024-04-09 | 6.8 | CVE-2024-26253 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.8 | CVE-2024-28897 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.3 | CVE-2024-28898 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28903 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28919 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28921 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.4 | CVE-2024-28923 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 6.7 | CVE-2024-28924 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Hyper-V Denial of Service Vulnerability | 2024-04-09 | 6.2 | CVE-2024-29064 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows DWM Core Library Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26172 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26207 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26209 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26217 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Mobile Hotspot Information Disclosure Vulnerability | 2024-04-09 | 5 | CVE-2024-26220 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-26255 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-28900 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-28901 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability | 2024-04-09 | 5.5 | CVE-2024-28902 secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Secure Boot Security Feature Bypass Vulnerability | 2024-04-09 | 4.1 | CVE-2024-28922 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows Distributed File System (DFS) Information Disclosure Vulnerability | 2024-04-09 | 6.5 | CVE-2024-26226 secure@microsoft.com |
| microsoft — windows_server_2019 |
Windows Authentication Elevation of Privilege Vulnerability | 2024-04-09 | 4.3 | CVE-2024-29056 secure@microsoft.com |
| mndpsingh287 — file_manager |
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information. | 2024-04-09 | 6.8 | CVE-2024-2654 security@wordfence.com security@wordfence.com security@wordfence.com |
| n/a — dedecms |
A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260472. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 6.3 | CVE-2024-3685 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a — dedecms |
A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: ‘../filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 4.3 | CVE-2024-3686 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a — eyoucms |
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 4.7 | CVE-2024-3431 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| n/a — freeipa |
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | 2024-04-10 | 5.3 | CVE-2024-1481 secalert@redhat.com secalert@redhat.com |
| n/a — mysql2 |
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | 2024-04-10 | 6.5 | CVE-2024-21507 report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
| n/a — mysql2 |
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. | 2024-04-10 | 6.5 | CVE-2024-21509 report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io report@snyk.io |
| n/a — qemu |
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. | 2024-04-10 | 5.5 | CVE-2024-3567 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
| n/a — save_as_image_plugin_by_pdfcrowd |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 . | 2024-04-11 | 5.9 | CVE-2024-31931 audit@patchstack.com |
| netentsec — ns-asg_application_security_gateway |
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711. | 2024-04-08 | 6.3 | CVE-2024-3455 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| netentsec — ns-asg_application_security_gateway |
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712. | 2024-04-08 | 6.3 | CVE-2024-3456 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| netentsec — ns-asg_application_security_gateway |
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/config_ISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259713 was assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3457 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| netentsec — ns-asg_application_security_gateway |
A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /admin/add_ikev2.php. The manipulation of the argument TunnelId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259714 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3458 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| nextendweb — smart_slider_3 |
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks. | 2024-04-13 | 6.4 | CVE-2024-3027 security@wordfence.com security@wordfence.com |
| nick_pelton — search_keyword_redirect |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0. | 2024-04-11 | 5.9 | CVE-2024-32080 audit@patchstack.com |
| nickboss — wordpress_file_upload |
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2847 security@wordfence.com security@wordfence.com |
| ninjateam — wp_chat_app |
The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageAlt’ block attribute in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2513 security@wordfence.com security@wordfence.com |
| nudgify — nudgify_social_proof,_sales_popup_&_fomo |
Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. | 2024-04-12 | 4.3 | CVE-2024-31239 audit@patchstack.com |
| nuknightlab — knight_lab_timeline |
The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.9.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2287 security@wordfence.com security@wordfence.com |
| nvidia — chatrtx |
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users’ browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure. | 2024-04-08 | 6.5 | CVE-2024-0083 psirt@nvidia.com |
| oceanwp — ocean_extra |
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3167 security@wordfence.com security@wordfence.com security@wordfence.com |
| octolize — usps_shipping_for_woocommerce_-_live_rates |
Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2. | 2024-04-10 | 4.3 | CVE-2024-31943 audit@patchstack.com |
| octolize — woocommerce_ups_shipping_-_live_rates_and_access_points |
Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4. | 2024-04-10 | 4.3 | CVE-2024-31944 audit@patchstack.com |
| open-telemetry — opentelemetry-dotnet |
OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII – End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-04-12 | 4.1 | CVE-2024-32028 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| open-xchange_gmbh — ox_app_suite |
RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Potentially malicious attributes now get removed from external RSS content. No publicly available exploits are known. | 2024-04-08 | 6.1 | CVE-2024-23192 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
| open-xchange_gmbh — ox_app_suite |
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering attack to make users import external content. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-generated content has been improved. No publicly available exploits are known. | 2024-04-08 | 5.4 | CVE-2024-23189 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
| open-xchange_gmbh — ox_app_suite |
Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known. | 2024-04-08 | 5.4 | CVE-2024-23190 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
| open-xchange_gmbh — ox_app_suite |
Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to a users account or an successful social engineering attack to lure users to maliciously configured accounts. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. Sanitization of user-defined upsell content has been improved. No publicly available exploits are known. | 2024-04-08 | 5.4 | CVE-2024-23191 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
| opengnsys — opengnsys |
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored. | 2024-04-12 | 5.9 | CVE-2024-3706 cve-coordination@incibe.es |
| opengnsys — opengnsys |
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file. | 2024-04-12 | 5.3 | CVE-2024-3707 cve-coordination@incibe.es |
| palo_alto_networks — pan-os |
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption. | 2024-04-10 | 5.3 | CVE-2024-3386 psirt@paloaltonetworks.com |
| palo_alto_networks — pan-os |
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls. | 2024-04-10 | 5.3 | CVE-2024-3387 psirt@paloaltonetworks.com |
| palo_alto_networks — pan-os |
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | 2024-04-10 | 4.1 | CVE-2024-3388 psirt@paloaltonetworks.com |
| patrickposner — passster_-_password_protect_pages_and_content |
The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2026 security@wordfence.com security@wordfence.com |
| pdfcrowd — save_as_pdf_plugin_by_pdfcrowd |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 . | 2024-04-11 | 5.9 | CVE-2024-31930 audit@patchstack.com |
| peach_payments — peach_payments_gateway |
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. | 2024-04-11 | 5.4 | CVE-2024-25922 audit@patchstack.com |
| peepso — community_by_peepso |
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. | 2024-04-12 | 4.3 | CVE-2024-31251 audit@patchstack.com |
| pencidesign — soledad |
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | 2024-04-09 | 6.5 | CVE-2024-31368 audit@patchstack.com |
| pencidesign — soledad |
Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | 2024-04-09 | 5.4 | CVE-2024-31369 audit@patchstack.com |
| phpbits_creative_studio — easy_login_styler_-_white_label_admin_login_page_for_wordpress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6. | 2024-04-07 | 5.9 | CVE-2024-31344 audit@patchstack.com |
| phpgurukul — small_crm |
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479. | 2024-04-12 | 6.3 | CVE-2024-3690 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| pickplugins — accordion |
The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ‘accordions_duplicate_post_as_draft’ function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts. | 2024-04-09 | 5.4 | CVE-2024-1641 security@wordfence.com security@wordfence.com security@wordfence.com |
| ping_identity — pingfederate |
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. | 2024-04-10 | 6.5 | CVE-2023-40148 responsible-disclosure@pingidentity.com responsible-disclosure@pingidentity.com |
| planet — igs-4215-16t2s |
Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality. | 2024-04-11 | 6.4 | CVE-2024-2742 cve-coordination@incibe.es |
| pluginsware — advanced_classifieds_&_directory_pro |
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads. | 2024-04-09 | 4.3 | CVE-2024-2222 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| polevaultweb — intagrate_lite |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Polevaultweb Intagrate Lite allows Stored XSS.This issue affects Intagrate Lite: from n/a through 1.3.7. | 2024-04-11 | 5.9 | CVE-2024-31929 audit@patchstack.com |
| popup_likebox_team — popup_like_box |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. | 2024-04-11 | 5.9 | CVE-2024-31387 audit@patchstack.com |
| prasunsen — watu_quiz |
The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘watu-basic-chart’ shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-0873 security@wordfence.com security@wordfence.com |
| prasunsen — watu_quiz |
The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which can include session tokens and user emails. | 2024-04-09 | 4.3 | CVE-2024-0872 security@wordfence.com security@wordfence.com |
| princeahmed — wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress |
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as insufficient access control on the settings. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-10 | 6.4 | CVE-2024-1041 security@wordfence.com security@wordfence.com |
| princeahmed — wp_radio_-_worldwide_online_radio_stations_directory_for_wordpress |
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin’s settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041. | 2024-04-10 | 6.4 | CVE-2024-1042 security@wordfence.com security@wordfence.com |
| propertyhive — propertyhive |
Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9. | 2024-04-11 | 5.4 | CVE-2024-27985 audit@patchstack.com |
| psi-4ward — psitransfer |
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which allows users to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for the issue. CVE-2024-31453 allows users to violate the integrity of a file bucket and upload new files there, while the vulnerability with the number CVE-2024-31454 allows users to violate the integrity of a single file that is uploaded by another user by writing data there and not allows you to upload new files to the bucket. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic. | 2024-04-09 | 6.5 | CVE-2024-31453 security-advisories@github.com security-advisories@github.com |
| psi-4ward — psitransfer |
PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The vulnerability allows an attacker to influence those users who come to the file distribution after them and slip the victim files with a malicious or phishing signature. Version 2.2.0 contains a patch for this issue. CVE-2024-31454 allows users to violate the integrity of a file that is uploaded by another user. In this case, additional files are not loaded into the file bucket. Violation of integrity at the level of individual files. While the vulnerability with the number CVE-2024-31453 allows users to violate the integrity of a file bucket without violating the integrity of files uploaded by other users. Thus, vulnerabilities are reproduced differently, require different security recommendations and affect different objects of the application’s business logic. | 2024-04-09 | 6.5 | CVE-2024-31454 security-advisories@github.com security-advisories@github.com |
| puneethreddyhc — event_management |
A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259613 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 5.5 | CVE-2024-3432 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| qodeinteractive — qi_addons_for_elementor |
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-0826 security@wordfence.com security@wordfence.com security@wordfence.com |
| rainbowgeek — seopress_-_on-site_seo |
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2165 security@wordfence.com security@wordfence.com |
| rankmath — rank_math_seo_with_ai_seo_tools |
The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2536 security@wordfence.com security@wordfence.com |
| realmag777 — wolf_-_wordpress_posts_bulk_editor_and_manager_professional |
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.1; BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.1. | 2024-04-10 | 4.3 | CVE-2024-31430 audit@patchstack.com audit@patchstack.com |
| redisbloom — redisbloom |
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | 2024-04-09 | 5.5 | CVE-2024-25116 security-advisories@github.com security-advisories@github.com |
| relevanssi — relevanssi_-_a_better_search_(pro) |
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS. | 2024-04-09 | 5.3 | CVE-2024-3213 security@wordfence.com security@wordfence.com security@wordfence.com |
| relevanssi — relevanssi_-_a_better_search_(pro) |
The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | 2024-04-09 | 5.8 | CVE-2024-3214 security@wordfence.com security@wordfence.com |
| repute_infosystems — arforms_form_builder |
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | 2024-04-12 | 6.3 | CVE-2024-31272 audit@patchstack.com |
| repute_infosystems — bookingpress |
Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81. | 2024-04-07 | 4.3 | CVE-2024-31296 audit@patchstack.com |
| revolution_slider — slider_revolution |
The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors. | 2024-04-09 | 6.4 | CVE-2024-2306 security@wordfence.com security@wordfence.com |
| rtcamp — transcoder |
Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5. | 2024-04-12 | 4.3 | CVE-2024-31305 audit@patchstack.com |
| rubengc — gamipress_-_the_#1_gamification_plugin_to_reward_points_achievements_badges_&_ranks_in_wordpress |
The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2783 security@wordfence.com security@wordfence.com |
| saleor — saleor |
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`. | 2024-04-08 | 4.2 | CVE-2024-31205 security-advisories@github.com security-advisories@github.com |
| saleor — saleor |
Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | 2024-04-11 | 4.3 | CVE-2024-32105 audit@patchstack.com |
| saleswonder.biz_team — wp2leads |
Missing Authorization vulnerability in Saleswonder.Biz Team WP2LEADS.This issue affects WP2LEADS: from n/a through 3.2.7. | 2024-04-08 | 5.4 | CVE-2024-31375 audit@patchstack.com |
| sap_se — sap_business_connector |
The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side. | 2024-04-09 | 4.8 | CVE-2024-30214 cna@sap.com cna@sap.com |
| sap_se — sap_business_connector |
The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. | 2024-04-09 | 4.8 | CVE-2024-30215 cna@sap.com cna@sap.com |
| sap_se — sap_group_reporting_data_collection_(enter_package_data) |
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction. | 2024-04-09 | 6.5 | CVE-2024-28167 cna@sap.com cna@sap.com |
| sap_se — sap_netweaver_as_abap_and_abap_platform |
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. | 2024-04-09 | 6.5 | CVE-2024-30218 cna@sap.com cna@sap.com |
| sap_se — sap_netweaver |
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. | 2024-04-09 | 5.3 | CVE-2024-27898 cna@sap.com cna@sap.com |
| sap_se — sap_s/4_hana_(cash_management) |
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with ‘completed’ status affecting the integrity of the application. Confidentiality and Availability are not impacted. | 2024-04-09 | 4.3 | CVE-2024-30216 cna@sap.com cna@sap.com |
| sap_se — sap_s/4_hana_(cash_management) |
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted. | 2024-04-09 | 4.3 | CVE-2024-30217 cna@sap.com cna@sap.com |
| saumya_majumder — wp_server_health_stats |
Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3. | 2024-04-12 | 4.3 | CVE-2024-31250 audit@patchstack.com |
| sc0ttkclark — pods_-_custom_content_types_and_fields |
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role). | 2024-04-09 | 4.3 | CVE-2023-6965 security@wordfence.com security@wordfence.com security@wordfence.com |
| setriosoft — bizcalendar_web |
The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-04-10 | 6.1 | CVE-2024-1780 security@wordfence.com security@wordfence.com |
| shopware — shopware |
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won’t be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround. | 2024-04-08 | 5.3 | CVE-2024-31447 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| shortpixel — shortpixel_adaptive_images |
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. | 2024-04-10 | 5.3 | CVE-2024-31230 audit@patchstack.com |
| siemens — scalance_w1748-1_m12 |
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0). This CVE refers to Scenario 2 “Abuse the queue for network disruptions” of CVE-2022-47522. Affected devices can be tricked into enabling its power-saving mechanisms for a victim client. This could allow a physically proximate attacker to execute disconnection and denial-of-service attacks. | 2024-04-09 | 6.1 | CVE-2024-30190 productcert@siemens.com |
| siemens — scalance_w721-1_rj45 |
A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AC0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA0) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AA6) (All versions), SCALANCE W734-1 RJ45 (6GK5734-1FX00-0AB0) (All versions), SCALANCE W734-1 RJ45 (USA) (6GK5734-1FX00-0AB6) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AA0) (All versions), SCALANCE W738-1 M12 (6GK5738-1GY00-0AB0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AA0) (All versions), SCALANCE W748-1 M12 (6GK5748-1GD00-0AB0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AA0) (All versions), SCALANCE W748-1 RJ45 (6GK5748-1FC00-0AB0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AA0) (All versions), SCALANCE W761-1 RJ45 (6GK5761-1FC00-0AB0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TA0) (All versions), SCALANCE W774-1 M12 EEC (6GK5774-1FY00-0TB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AA6) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AB0) (All versions), SCALANCE W774-1 RJ45 (6GK5774-1FX00-0AC0) (All versions), SCALANCE W774-1 RJ45 (USA) (6GK5774-1FX00-0AB6) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AA0) (All versions), SCALANCE W778-1 M12 (6GK5778-1GY00-0AB0) (All versions), SCALANCE W778-1 M12 EEC (6GK5778-1GY00-0TA0) (All versions), SCALANCE W778-1 M12 EEC (USA) (6GK5778-1GY00-0TB0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AA0) (All versions), SCALANCE W786-1 RJ45 (6GK5786-1FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AA0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AB0) (All versions), SCALANCE W786-2 RJ45 (6GK5786-2FC00-0AC0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AA0) (All versions), SCALANCE W786-2 SFP (6GK5786-2FE00-0AB0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AA0) (All versions), SCALANCE W786-2IA RJ45 (6GK5786-2HC00-0AB0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AA0) (All versions), SCALANCE W788-1 M12 (6GK5788-1GD00-0AB0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AA0) (All versions), SCALANCE W788-1 RJ45 (6GK5788-1FC00-0AB0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AA0) (All versions), SCALANCE W788-2 M12 (6GK5788-2GD00-0AB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TA0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TB0) (All versions), SCALANCE W788-2 M12 EEC (6GK5788-2GD00-0TC0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AA0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AB0) (All versions), SCALANCE W788-2 RJ45 (6GK5788-2FC00-0AC0) (All versions). This CVE refers to Scenario 1 “Leak frames from the Wi-Fi queue” of CVE-2022-47522. Affected devices queue frames in order to subsequently change the security context and leak the queued frames. This could allow a physically proximate attacker to intercept (possibly cleartext) target-destined frames. | 2024-04-09 | 6.1 | CVE-2024-30189 productcert@siemens.com |
| siemens — simatic_pcs_7_v9.1 |
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition. | 2024-04-09 | 6.2 | CVE-2023-50821 productcert@siemens.com |
| sigstore — cosign |
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability. | 2024-04-10 | 4.2 | CVE-2024-29902 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| sigstore — cosign |
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability. | 2024-04-10 | 4.2 | CVE-2024-29903 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| silverks — graphene |
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source. | 2024-04-09 | 5.3 | CVE-2024-1984 security@wordfence.com security@wordfence.com |
| smub — easy_digital_downloads_-_sell_digital_files_&_subscriptions_(ecommerce_store_+_payments_made_easy) |
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the debug log via Directory Listing. This file may include PII. | 2024-04-09 | 5.3 | CVE-2024-2302 security@wordfence.com security@wordfence.com security@wordfence.com |
| smub — wordpress_gallery_plugin_-_nextgen_gallery |
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin. | 2024-04-09 | 5.3 | CVE-2024-3097 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| soflyy — import_any_xml_or_csv_file_to_wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. | 2024-04-10 | 4.3 | CVE-2024-31939 audit@patchstack.com |
| softaculous — page_builder:_pagelayer_-_drag_and_drop_website_builder |
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attr’ parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2504 security@wordfence.com security@wordfence.com security@wordfence.com |
| someguy9 — lightweight_accordion |
The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2436 security@wordfence.com security@wordfence.com security@wordfence.com |
| sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file /control/deactivate_case.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260273 was assigned to this vulnerability. | 2024-04-11 | 4.7 | CVE-2024-3617 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file /control/activate_case.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260274 is the identifier assigned to this vulnerability. | 2024-04-11 | 4.7 | CVE-2024-3618 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /control/addcase_stage.php. The manipulation of the argument cname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260275. | 2024-04-11 | 4.7 | CVE-2024-3619 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260276. | 2024-04-11 | 4.7 | CVE-2024-3620 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — kortex_lite_advocate_office_management_system |
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. This affects an unknown part of the file /control/register_case.php. The manipulation of the argument title/case_no/client_name/court/case_type/case_stage/legel_acts/description/filling_date/hearing_date/opposite_lawyer/total_fees/unpaid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260277 was assigned to this vulnerability. | 2024-04-11 | 4.7 | CVE-2024-3621 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — laundry_management_system |
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3445 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — laundry_management_system |
A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3464 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — laundry_management_system |
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3465 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — laundry_management_system |
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747. | 2024-04-08 | 5.5 | CVE-2024-3466 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588. | 2024-04-07 | 6.3 | CVE-2024-3416 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3417 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3418 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591. | 2024-04-07 | 6.3 | CVE-2024-3419 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592. | 2024-04-07 | 6.3 | CVE-2024-3420 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3421 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3422 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595. | 2024-04-07 | 6.3 | CVE-2024-3423 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596. | 2024-04-07 | 6.3 | CVE-2024-3424 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — online_courseware |
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability. | 2024-04-07 | 6.3 | CVE-2024-3425 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3436 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability. | 2024-04-08 | 6.3 | CVE-2024-3441 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — prison_management_system |
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695. | 2024-04-08 | 6.3 | CVE-2024-3442 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631. | 2024-04-08 | 4.7 | CVE-2024-3437 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — prison_management_system |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/edit_profile.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259693 was assigned to this vulnerability. | 2024-04-08 | 4.7 | CVE-2024-3440 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| spwebguy — responsive_tabs |
The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3514 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| stacklok — minder |
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`. | 2024-04-09 | 4.3 | CVE-2024-31455 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| staxwp — elementor_addons_widgets_and_enhancements_-_stax |
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Heading’ widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3064 security@wordfence.com security@wordfence.com |
| stephanie_leary — convert_post_types |
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4. | 2024-04-11 | 4.3 | CVE-2024-32108 audit@patchstack.com |
| stiofansisland — userswp_-_front-end_login_form,_user_registration_user_profile_&_members_directory_plugin_for_wordpress |
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2423 security@wordfence.com security@wordfence.com security@wordfence.com |
| strangerstudios — paid_memberships_pro_-_content_restriction_user_registration_&_paid_subscriptions |
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing nonce validation on the pmpro_lifter_save_streamline_option() function. This makes it possible for unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-04-09 | 4.3 | CVE-2024-0588 security@wordfence.com security@wordfence.com |
| stylemix — masterstudy_lms_wordpress_plugin__for_online_courses_and_education |
The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts. | 2024-04-09 | 4.3 | CVE-2024-1904 security@wordfence.com security@wordfence.com |
| supportcandy — supportcandy |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3. | 2024-04-11 | 6.5 | CVE-2024-27991 audit@patchstack.com |
| supsystic — easy_google_maps |
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. | 2024-04-12 | 4.3 | CVE-2024-31269 audit@patchstack.com |
| supsystic — ultimate_maps_by_supsystic |
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. | 2024-04-12 | 4.3 | CVE-2024-31271 audit@patchstack.com |
| tausworks — global_elementor_buttons |
The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2327 security@wordfence.com security@wordfence.com |
| tbk — dvr-4104 |
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576. | 2024-04-13 | 6.3 | CVE-2024-3737 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| tbk –dvr-4104
|
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability. | 2024-04-13 | 6.3 | CVE-2024-3721 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| techlabpro1 — classified_listing_-_classified_ads_&_business_directory_plugin |
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms. | 2024-04-09 | 6.5 | CVE-2024-1352 security@wordfence.com security@wordfence.com security@wordfence.com |
| the_moneytizer — the_moneytizer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20. | 2024-04-11 | 6.5 | CVE-2024-27990 audit@patchstack.com |
| the_tcpdump_group — tcpdump |
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. | 2024-04-12 | 6.2 | CVE-2024-2397 security@tcpdump.org |
| theeventscalendar — event_tickets_and_registration |
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including emails and street addresses. | 2024-04-09 | 4.3 | CVE-2024-2261 security@wordfence.com security@wordfence.com |
| thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1498 security@wordfence.com security@wordfence.com security@wordfence.com |
| thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2787 security@wordfence.com security@wordfence.com |
| thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2788 security@wordfence.com security@wordfence.com |
| thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2789 security@wordfence.com security@wordfence.com |
| thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the title_tag attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 5.4 | CVE-2024-2786 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| thehappymonster — happy_addons_for_elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure. | 2024-04-09 | 4.3 | CVE-2024-1387 security@wordfence.com security@wordfence.com security@wordfence.com |
| themefusion — avada_|_website_builder_for_wordpress_&_woocommerce |
The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2311 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| themefusion — avada_|_website_builder_for_wordpress_&_woocommerce |
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the form_to_url_action function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-04-09 | 6.4 | CVE-2024-2343 security@wordfence.com security@wordfence.com security@wordfence.com |
| themefusion — avada_|_website_builder_for_wordpress_&_woocommerce |
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the ‘/wp-content/uploads/fusion-forms/’ directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. | 2024-04-09 | 5.3 | CVE-2024-2340 security@wordfence.com security@wordfence.com |
| themeisle — multiple_page_generator_plugin_-_mpg |
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | 2024-04-12 | 5.4 | CVE-2024-31301 audit@patchstack.com |
| themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse |
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id parameter in the google-map block in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2226 security@wordfence.com security@wordfence.com |
| themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse |
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 6.4 | CVE-2024-3343 security@wordfence.com security@wordfence.com |
| themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse |
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-11 | 6.4 | CVE-2024-3344 security@wordfence.com security@wordfence.com |
| themeisle — rss_aggregator_by_feedzy_-_feed_to_post_autoblogging_news_&_youtube_video_feeds_aggregator |
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping on the Content-Type field of error messages when retrieving an invalid RSS feed. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-07 | 6.4 | CVE-2023-6877 security@wordfence.com security@wordfence.com |
| themepoints — testimonials |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5. | 2024-04-07 | 6.5 | CVE-2024-31348 audit@patchstack.com |
| themepunch — essential_grid_gallery_wordpress_plugin
|
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information. | 2024-04-10 | 5.3 | CVE-2024-3235 security@wordfence.com security@wordfence.com |
| themesgrove — all-in-one_addons_for_elementor_-_widgetkit |
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets (e.g. Pricing Single, Pricing Icon, Pricing Tab) in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-12 | 6.4 | CVE-2024-2137 security@wordfence.com security@wordfence.com |
| thimpress — learnpress_-_wordpress_lms_plugin |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to obtain information on orders placed by other users and guests, which can be leveraged to sign up for paid courses that were purchased by guests. Emails of other users are also exposed. | 2024-04-09 | 6.5 | CVE-2024-1289 security@wordfence.com security@wordfence.com |
| thimpress — learnpress_-_wordpress_lms_plugin |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with LP Instructor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 4.4 | CVE-2024-1463 security@wordfence.com security@wordfence.com |
| tianwell — fire_intelligent_command_platform |
A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260572. | 2024-04-13 | 6.3 | CVE-2024-3720 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| totalpressorg — custom_post_types_custom_fields_&_more |
The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2023-6993 security@wordfence.com security@wordfence.com |
| tribulant — slideshow_gallery |
Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 2024-04-10 | 5.3 | CVE-2024-31353 audit@patchstack.com |
| tribulant — slideshow_gallery |
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 2024-04-12 | 4.3 | CVE-2024-31354 audit@patchstack.com |
| varun_kumar — easy_logo |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3. | 2024-04-11 | 5.9 | CVE-2024-32083 audit@patchstack.com |
| visitor_analytics — twipla_(visitor_analytics_io) |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2.0. | 2024-04-11 | 5.9 | CVE-2024-31937 audit@patchstack.com |
| vjinfotech — wp_import_export_lite |
Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26. | 2024-04-07 | 4.4 | CVE-2024-31308 audit@patchstack.com |
| wangshen — secgate_3600 |
A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability. | 2024-04-08 | 4.7 | CVE-2024-3444 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| webdevmattcrom — givewp_-_donation_plugin_and_fundraising_platform |
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-1424 security@wordfence.com security@wordfence.com |
| webdevmattcrom — givewp_-_donation_plugin_and_fundraising_platform |
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘give_form’ shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-13 | 6.4 | CVE-2024-1957 security@wordfence.com security@wordfence.com |
| webfactory — wp_reset_-_most_advanced_wordpress_reset_tool |
The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames. | 2024-04-09 | 5.9 | CVE-2023-6799 security@wordfence.com security@wordfence.com |
| webtechstreet — elementor_addon_elements |
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in all versions up to, and including, 1.13.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.5 | CVE-2024-2792 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
| webtoffee — wordpress_comments_import_&_export |
Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. | 2024-04-12 | 4.3 | CVE-2024-31235 audit@patchstack.com |
| wen_themes — wen_responsive_columns |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2. | 2024-04-11 | 6.5 | CVE-2024-27988 audit@patchstack.com |
| woocommerce — woocommerce_shipping_per_product |
Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. | 2024-04-12 | 4.3 | CVE-2023-51499 audit@patchstack.com |
| wp_compress — wp_compress_-_image_optimizer_[all-in-one] |
Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35. | 2024-04-11 | 4.3 | CVE-2024-32106 audit@patchstack.com |
| wp_darko — top_bar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5. | 2024-04-11 | 5.9 | CVE-2024-31928 audit@patchstack.com |
| wp_enhanced — free_downloads_woocommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2. | 2024-04-11 | 6.5 | CVE-2024-27969 audit@patchstack.com |
| wp_oauth_server — oauth_server |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. | 2024-04-10 | 4.7 | CVE-2024-31253 audit@patchstack.com |
| wp_royal — royal_elementor_addons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93. | 2024-04-07 | 6.5 | CVE-2024-31236 audit@patchstack.com |
| wp_swings — points_and_rewards_for_woocommerce |
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | 2024-04-11 | 5.4 | CVE-2023-27607 audit@patchstack.com |
| wpcalc — modal_window_-_create_popup_modal_window |
The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2457 security@wordfence.com security@wordfence.com |
| wpclever — wpc_smart_quick_view_for_woocommerce |
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-04-13 | 4.4 | CVE-2023-6494 security@wordfence.com security@wordfence.com |
| wpcloudgallery — wordpress_gallery_exporter |
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. | 2024-04-10 | 6.5 | CVE-2024-31342 audit@patchstack.com |
| wpdeveloper — essential_blocks_for_gutenberg |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3. | 2024-04-07 | 6.5 | CVE-2024-31306 audit@patchstack.com |
| wpdevteam — betterdocs_-_best_documentation_faq_&_knowledge_base_plugin_with_ai_support_&_instant_answer_for_elementor_&_gutenberg |
The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2845 security@wordfence.com security@wordfence.com |
| wpdevteam — embedpress_-_embed_pdf_google_docs_vimeo_wistia_embed_youtube_videos,_audios_maps_&_embed_any_documents_in_gutenberg_&_elementor |
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’embedpress_calendar’ shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3244 security@wordfence.com security@wordfence.com security@wordfence.com |
| wpdevteam — essential_addons_for_elementor_-_best_elementor_templates_widgets_kits_&_woocommerce_builders |
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2650 security@wordfence.com security@wordfence.com |
| wpdevteam — essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders |
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget’s message parameter in all versions up to, and including, 5.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2623 security@wordfence.com security@wordfence.com security@wordfence.com |
| wpdevteam — essential_addons_for_elementor_best_elementor_templates,_widgets,_kits_&_woocommerce_builders |
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts. | 2024-04-09 | 5.3 | CVE-2024-2974 security@wordfence.com security@wordfence.com |
| wpgmaps — wp_go_maps_(formerly_wp_google_maps) |
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer’s Google API key. While this does not affect the security of sites using this plugin, it allows unauthenticated attackers to make requests using this API key with the potential of exhausting requests resulting in an inability to use the map functionality offered by the plugin. | 2024-04-09 | 5.3 | CVE-2023-6777 security@wordfence.com security@wordfence.com |
| wpkube — subscribe_to_comments_reloaded |
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. | 2024-04-10 | 5.3 | CVE-2024-31249 audit@patchstack.com |
| wpmudev — forminator_-_contact_form_payment_form_&_custom_form_builder |
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-3053 security@wordfence.com security@wordfence.com |
| wpzoom — beaver_builder_addons_by_wpzoom |
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2181 security@wordfence.com security@wordfence.com |
| wpzoom — beaver_builder_addons_by_wpzoom |
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-30424 is likely a duplicate of this issue. | 2024-04-09 | 6.4 | CVE-2024-2183 security@wordfence.com security@wordfence.com |
| wpzoom — beaver_builder_addons_by_wpzoom |
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2185 security@wordfence.com security@wordfence.com |
| wpzoom — beaver_builder_addons_by_wpzoom |
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Members widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2186 security@wordfence.com security@wordfence.com |
| wpzoom — beaver_builder_addons_by_wpzoom |
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonials widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-04-09 | 6.4 | CVE-2024-2187 security@wordfence.com security@wordfence.com |
| wpzoom — wpzoom_social_feed_widget_&_block |
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site. | 2024-04-13 | 4.3 | CVE-2024-3662 security@wordfence.com security@wordfence.com |
| xiamen_four-faith — rmp_router_management_platform |
A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 6.3 | CVE-2024-3688 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| xlplugins — finale_lite |
Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | 2024-04-11 | 4.3 | CVE-2024-32107 audit@patchstack.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it’s possible for an attacker to have access to the hash password of a user if they have rights to edit the users’ page. With the default right scheme in XWiki this vulnerability is normally prevented on user profiles, except by users with Admin rights. Note that this vulnerability also impacts any extensions that might use passwords stored in xobjects: for those usecases it depends on the right of those pages. There is currently no way to be 100% sure that this vulnerability has been exploited, as an attacker with enough privilege could have deleted the revision where the xobject was deleted after rolling-back the deletion. But again, this operation requires high privileges on the target page (Admin right). A page with a user password xobject which have in its history a revision where the object has been deleted should be considered at risk and the password should be changed there. a diff, to ensure it’s not coming from a password field. As another mitigation, admins should ensure that the user pages are properly protected: the edit right shouldn’t be allowed for other users than Admin and owner of the profile (which is the default right). There is not much workaround possible for a privileged user other than upgrading XWiki. | 2024-04-10 | 6.8 | CVE-2024-31464 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xwiki — xwiki-platform |
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page. | 2024-04-10 | 5.4 | CVE-2024-31985 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| xylus_themes — wp_event_aggregator |
Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. | 2024-04-12 | 4.3 | CVE-2024-31371 audit@patchstack.com |
| yith — yith_woocommerce_gift_cards_premium |
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. | 2024-04-11 | 6.5 | CVE-2022-44633 audit@patchstack.com |
| zaytech — smart_online_order_for_clover |
Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. | 2024-04-12 | 5.4 | CVE-2024-31238 audit@patchstack.com |
| zoom_video_communications_inc. — zoom_desktop_client_for_linux |
Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access. | 2024-04-09 | 4.1 | CVE-2024-27242 security@zoom.us |
| zoom_video_communications_inc. — zoom_desktop_client_for_macos |
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | 2024-04-09 | 5.5 | CVE-2024-27247 security@zoom.us |
| zoom_video_communications_inc. — zoom_desktop_client_for_windows |
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. | 2024-04-09 | 5.9 | CVE-2024-24694 security@zoom.us |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| authzed — spicedb
|
SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for either `folder` or `folder#parent`. This bug only manifests if the same subject type is used multiple types in a relation, relationships exist for both subject types and an arrow is used over the relation. Any user making a negative authorization decision based on the results of a LookupSubjects request with version before v1.30.1 is affected. Version 1.30.1 contains a patch for the issue. As a workaround, avoid using LookupSubjects for negative authorization decisions and/or avoid using the broken schema. | 2024-04-10 | 2.2 | CVE-2024-32001 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| bihell–dice
|
A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability. | 2024-04-12 | 3.5 | CVE-2024-3687 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — church_management_system
|
A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/admin_user.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259911. | 2024-04-10 | 3.5 | CVE-2024-3541 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — church_management_system
|
A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259912. | 2024-04-10 | 3.5 | CVE-2024-3542 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — complete_online_student_management_system
|
A vulnerability was found in Campcodes Complete Online Student Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file units_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259898 is the identifier assigned to this vulnerability. | 2024-04-10 | 3.5 | CVE-2024-3528 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — complete_online_student_management_system
|
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been classified as problematic. This affects an unknown part of the file students_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259899. | 2024-04-10 | 3.5 | CVE-2024-3529 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — complete_online_student_management_system
|
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file Marks_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259900. | 2024-04-10 | 3.5 | CVE-2024-3530 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — complete_online_student_management_system
|
A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file courses_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259901 was assigned to this vulnerability. | 2024-04-10 | 3.5 | CVE-2024-3531 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — complete_online_student_management_system
|
A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. Affected is an unknown function of the file attendance_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259902 is the identifier assigned to this vulnerability. | 2024-04-10 | 3.5 | CVE-2024-3532 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — complete_online_student_management_system
|
A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file academic_year_view.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259903. | 2024-04-10 | 3.5 | CVE-2024-3533 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — online_event_management_system
|
A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. This issue affects some unknown processing of the file /views/process.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259895. | 2024-04-10 | 3.5 | CVE-2024-3524 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — online_event_management_system
|
A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. Affected is an unknown function of the file /views/index.php. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259896. | 2024-04-10 | 3.5 | CVE-2024-3525 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| campcodes — online_event_management_system
|
A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259897 was assigned to this vulnerability. | 2024-04-10 | 3.5 | CVE-2024-3526 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| contao — contao
|
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, do not output user data from frontend forms next to each other, always separate them by at least one character. | 2024-04-09 | 3.1 | CVE-2024-28191 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
| gamerz — wp-postratings
|
A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability. | 2024-04-08 | 3.5 | CVE-2011-10006 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| hcl_software– dryicec_myxalytics
|
HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration. | 2024-04-10 | 3.7 | CVE-2023-50347 psirt@hcl.com |
| N/A — qksms
|
A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been classified as problematic. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259611. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 2.4 | CVE-2024-3430 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| N/A — smart_office
|
A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-13 | 3.7 | CVE-2024-3735 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| namithjawahar– wp-insert
|
A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.9 is able to address this issue. The name of the patch is a07b7b08084b9b85859f3968ce7fde0fd1fcbba3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259628. | 2024-04-08 | 3.5 | CVE-2014-125111 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| puneethreddyhc– eventmanagement
|
A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. It is possible to launch the attack remotely. VDB-259614 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-07 | 3.5 | CVE-2024-3433 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| siemens — parasolid_v35.1
|
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition. | 2024-04-09 | 3.3 | CVE-2024-26276 productcert@siemens.com |
| siemens — parasolid_v35.1
|
A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-04-09 | 3.3 | CVE-2024-26277 productcert@siemens.com |
| sourcecodester — computer-laboratory_management_system
|
A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability. | 2024-04-12 | 3.5 | CVE-2024-3695 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — laundry_management_system |
A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259744. | 2024-04-08 | 3.5 | CVE-2024-3463 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester — prison_management_system
|
A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696. | 2024-04-08 | 3.5 | CVE-2024-3443 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester– online_courseware
|
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability. | 2024-04-07 | 3.5 | CVE-2024-3426 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester– online_courseware
|
A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599. | 2024-04-07 | 3.5 | CVE-2024-3427 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester– online_courseware
|
A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600. | 2024-04-07 | 3.5 | CVE-2024-3428 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester–warehouse_management_system
|
A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260269 was assigned to this vulnerability. | 2024-04-11 | 3.5 | CVE-2024-3612 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester–warehouse_management_system
|
A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file supplier.php. The manipulation of the argument nama_supplier/alamat_supplier/notelp_supplier leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260270 is the identifier assigned to this vulnerability. | 2024-04-11 | 3.5 | CVE-2024-3613 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester–warehouse_management_system
|
A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument nama_customer/alamat_customer/notelp_customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260271. | 2024-04-11 | 3.5 | CVE-2024-3614 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sourcecodester–warehouse_management_system
|
A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. This vulnerability affects unknown code of the file pengguna.php. The manipulation of the argument admin_user/admin_nama/admin_alamat/admin_telepon leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260272. | 2024-04-11 | 3.5 | CVE-2024-3616 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
| sumome — sumo
|
Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | 2024-04-12 | 3.7 | CVE-2024-31265 audit@patchstack.com |
| webtoffee — wordpress_backup_&_migration
|
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. | 2024-04-10 | 3.7 | CVE-2024-31254 audit@patchstack.com |
| zhejiang_land_zongheng_network_technology–o2oa | A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-04-12 | 3.7 | CVE-2024-3689 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aimhubio — aimhubio/aim |
A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise. | 2024-04-10 | not yet calculated | CVE-2024-2195 security@huntr.dev |
| aimhubio — aimhubio/aim |
aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user’s consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation. | 2024-04-10 | not yet calculated | CVE-2024-2196 security@huntr.dev |
| apache_software_foundation — apache_kafka |
While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal. When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct. The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain). The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period. | 2024-04-12 | not yet calculated | CVE-2024-27309 security@apache.org |
| apache_software_foundation — apache_solr_operator |
Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the “solr” and “admin” accounts for use by end-users, and a “k8s-oper” account which the operator uses for its own requests to Solr. One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr’s health and ability to receive traffic. By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well. Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes “event” containing the username and password of the “k8s-oper” account. Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`. Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests. Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`. | 2024-04-12 | not yet calculated | CVE-2024-31391 security@apache.org |
| apache_software_foundation — apache_traffic_server |
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue. | 2024-04-10 | not yet calculated | CVE-2024-31309 security@apache.org security@apache.org security@apache.org |
| apache_software_foundation — apache_zeppelin_sap |
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-04-09 | not yet calculated | CVE-2022-47894 security@apache.org security@apache.org |
| apache_software_foundation — apache_zeppelin |
Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | 2024-04-09 | not yet calculated | CVE-2021-28656 security@apache.org |
| apache_software_foundation — apache_zeppelin |
Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31860 security@apache.org security@apache.org |
| apache_software_foundation — apache_zeppelin |
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Zeppelin. The attackers can use Shell interpreter as a code generation gateway, and execute the generated code as a normal way. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which doesn’t have Shell interpreter by default. | 2024-04-11 | not yet calculated | CVE-2024-31861 security@apache.org security@apache.org |
| apache_software_foundation — apache_zeppelin |
Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin’s UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31862 security@apache.org security@apache.org |
| apache_software_foundation — apache_zeppelin |
Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31863 security@apache.org |
| apache_software_foundation — apache_zeppelin |
Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31864 security@apache.org security@apache.org security@apache.org |
| apache_software_foundation — apache_zeppelin |
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31865 security@apache.org security@apache.org |
| apache_software_foundation — apache_zeppelin |
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31866 security@apache.org security@apache.org |
| apache_software_foundation — apache_zeppelin |
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31867 security@apache.org security@apache.org |
| apache_software_foundation — apache_zeppelin |
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | 2024-04-09 | not yet calculated | CVE-2024-31868 security@apache.org security@apache.org |
| berriai — berriai/litellm |
BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server. | 2024-04-10 | not yet calculated | CVE-2024-2952 security@huntr.dev |
| devolutions — server |
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request. | 2024-04-09 | not yet calculated | CVE-2024-2918 security@devolutions.net |
| devolutions — server |
Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled. | 2024-04-09 | not yet calculated | CVE-2024-3545 security@devolutions.net |
| furuno_systems_co-ltd — acera_9010-08 |
The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration. | 2024-04-08 | not yet calculated | CVE-2024-28744 vultures@jpcert.or.jp vultures@jpcert.or.jp |
| gaizhenbiao — gaizhenbiao/chuanhuchatgpt |
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application’s handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication. | 2024-04-10 | not yet calculated | CVE-2024-2217 security@huntr.dev security@huntr.dev |
| google — chrome |
Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) | 2024-04-10 | not yet calculated | CVE-2024-3157 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome |
Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-04-10 | not yet calculated | CVE-2024-3515 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| google — chrome |
Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-04-10 | not yet calculated | CVE-2024-3516 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
| gradio-app — gradio-app/gradio |
gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server. | 2024-04-10 | not yet calculated | CVE-2024-1728 security@huntr.dev security@huntr.dev |
| hp_inc. — poly_ccx_devices |
A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor. | 2024-04-09 | not yet calculated | CVE-2024-3281 hp-security-alert@hp.com hp-security-alert@hp.com |
| huawei — harmonyos | Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52537 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52539 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52540 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52541 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52542 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52543 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52544 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52545 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52546 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52549 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52550 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52551 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52552 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Race condition vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52553 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2023-52554 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 2024-04-07 | not yet calculated | CVE-2023-52713 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-07 | not yet calculated | CVE-2023-52714 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability. | 2024-04-07 | not yet calculated | CVE-2023-52715 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2023-52716 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos | Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2023-52717 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52359 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds write. | 2024-04-08 | not yet calculated | CVE-2023-52364 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Vulnerability of improper control over foreground service notifications in the notification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-07 | not yet calculated | CVE-2023-52382 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52385 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52386 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Permission control vulnerability in the clock module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52388 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. | 2024-04-08 | not yet calculated | CVE-2024-27895 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity. | 2024-04-08 | not yet calculated | CVE-2024-27896 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-08 | not yet calculated | CVE-2024-27897 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2024-30413 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-07 | not yet calculated | CVE-2024-30414 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2024-30415 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2024-30416 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-04-07 | not yet calculated | CVE-2024-30417 psirt@huawei.com psirt@huawei.com |
| huawei — harmonyos |
Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-07 | not yet calculated | CVE-2024-30418 psirt@huawei.com psirt@huawei.com |
| huggingface — huggingface/transformers |
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. | 2024-04-10 | not yet calculated | CVE-2024-3568 security@huntr.dev security@huntr.dev |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. | 2024-04-10 | not yet calculated | CVE-2021-47181 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MODE SENSE(10) command is 16-bits, occupying bytes 7 and 8 of the CDB. With this command, access to mode pages larger than 255 bytes is thus possible. However, the CDB allocation length field is set by assigning len to byte 8 only, thus truncating buffer length larger than 255. 2) If scsi_mode_sense() is called with len smaller than 8 with sdev->use_10_for_ms set, or smaller than 4 otherwise, the buffer length is increased to 8 and 4 respectively, and the buffer is zero filled with these increased values, thus corrupting the memory following the buffer. Fix these 2 problems by using put_unaligned_be16() to set the allocation length field of MODE SENSE(10) CDB and by returning an error when len is too small. Furthermore, if len is larger than 255B, always try MODE SENSE(10) first, even if the device driver did not set sdev->use_10_for_ms. In case of invalid opcode error for MODE SENSE(10), access to mode pages larger than 255 bytes are not retried using MODE SENSE(6). To avoid buffer length overflows for the MODE_SENSE(10) case, check that len is smaller than 65535 bytes. While at it, also fix the folowing: * Use get_unaligned_be16() to retrieve the mode data length and block descriptor length fields of the mode sense reply header instead of using an open coded calculation. * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable Block Descriptor, which is the opposite of what the dbd argument description was. | 2024-04-10 | not yet calculated | CVE-2021-47182 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer dereference. Driver unload requests may hang with repeated “2878” log messages. The Link down processing results in ABTS requests for outstanding ELS requests. The Abort WQEs are sent for the ELSs before the driver had set the link state to down. Thus the driver is sending the Abort with the expectation that an ABTS will be sent on the wire. The Abort request is stalled waiting for the link to come up. In some conditions the driver may auto-complete the ELSs thus if the link does come up, the Abort completions may reference an invalid structure. Fix by ensuring that Abort set the flag to avoid link traffic if issued due to conditions where the link failed. | 2024-04-10 | not yet calculated | CVE-2021-47183 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40E_VSI_RELEASING flag to signalize deleting and releasing of VSI resources to sync this thread with sync filters subtask. Without this patch it is possible to start update the VSI filter list after VSI is removed, that’s causing a kernel oops. | 2024-04-10 | not yet calculated | CVE-2021-47184 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound flush_to_ldisc Call trace: dump_backtrace+0x0/0x1ec show_stack+0x24/0x30 dump_stack+0xd0/0x128 panic+0x15c/0x374 watchdog_timer_fn+0x2b8/0x304 __run_hrtimer+0x88/0x2c0 __hrtimer_run_queues+0xa4/0x120 hrtimer_interrupt+0xfc/0x270 arch_timer_handler_phys+0x40/0x50 handle_percpu_devid_irq+0x94/0x220 __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x84/0xfc el1_irq+0xc8/0x180 slip_unesc+0x80/0x214 [slip] tty_ldisc_receive_buf+0x64/0x80 tty_port_default_receive_buf+0x50/0x90 flush_to_ldisc+0xbc/0x110 process_one_work+0x1d4/0x4b0 worker_thread+0x180/0x430 kthread+0x11c/0x120 In the testcase pty04, The first process call the write syscall to send data to the pty master. At the same time, the workqueue will do the flush_to_ldisc to pop data in a loop until there is no more data left. When the sender and workqueue running in different core, the sender sends data fastly in full time which will result in workqueue doing work in loop for a long time and occuring softlockup in flush_to_ldisc with kernel configured without preempt. So I add need_resched check and cond_resched in the flush_to_ldisc loop to avoid it. | 2024-04-10 | not yet calculated | CVE-2021-47185 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1]. [1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58 | 2024-04-10 | not yet calculated | CVE-2021-47186 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency The entry/exit latency and minimum residency in state for the idle states of MSM8998 were ..bad: first of all, for all of them the timings were written for CPU sleep but the min-residency-us param was miscalculated (supposedly, while porting this from downstream); Then, the power collapse states are setting PC on both the CPU cluster *and* the L2 cache, which have different timings: in the specific case of L2 the times are higher so these ones should be taken into account instead of the CPU ones. This parameter misconfiguration was not giving particular issues because on MSM8998 there was no CPU scaling at all, so cluster/L2 power collapse was rarely (if ever) hit. When CPU scaling is enabled, though, the wrong timings will produce SoC unstability shown to the user as random, apparently error-less, sudden reboots and/or lockups. This set of parameters are stabilizing the SoC when CPU scaling is ON and when power collapse is frequently hit. | 2024-04-10 | not yet calculated | CVE-2021-47187 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following statement: WARN_ON(lrbp->cmd); Fix this warning by clearing lrbp->cmd from the abort handler. | 2024-04-10 | not yet calculated | CVE-2021-47188 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren’t guaranteed to be handled by the same thread which executed the normal work functions. The only way execution between normal/ordered functions is synchronized is via the WORK_DONE_BIT, unfortunately the used bitops don’t guarantee any ordering whatsoever. This manifested as seemingly inexplicable crashes on ARM64, where async_chunk::inode is seen as non-null in async_cow_submit which causes submit_compressed_extents to be called and crash occurs because async_chunk::inode suddenly became NULL. The call trace was similar to: pc : submit_compressed_extents+0x38/0x3d0 lr : async_cow_submit+0x50/0xd0 sp : ffff800015d4bc20 <registers omitted for brevity> Call trace: submit_compressed_extents+0x38/0x3d0 async_cow_submit+0x50/0xd0 run_ordered_work+0xc8/0x280 btrfs_work_helper+0x98/0x250 process_one_work+0x1f0/0x4ac worker_thread+0x188/0x504 kthread+0x110/0x114 ret_from_fork+0x10/0x18 Fix this by adding respective barrier calls which ensure that all accesses preceding setting of WORK_DONE_BIT are strictly ordered before setting the flag. At the same time add a read barrier after reading of WORK_DONE_BIT in run_ordered_work which ensures all subsequent loads would be strictly ordered after reading the bit. This in turn ensures are all accesses before WORK_DONE_BIT are going to be strictly ordered before any access that can occur in ordered_func. | 2024-04-10 | not yet calculated | CVE-2021-47189 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn’t insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn’t happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn’t affect anything as the result is never checked. | 2024-04-10 | not yet calculated | CVE-2021-47190 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() The following warning was observed running syzkaller: [ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e– guessing data in; [ 3813.830724] program syz-executor not setting count and/or reply_len properly [ 3813.836956] ================================================================== [ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x1e0 [ 3813.841773] Read of size 4096 at addr ffff8883cf80f540 by task syz-executor/1549 [ 3813.846612] Call Trace: [ 3813.846995] dump_stack+0x108/0x15f [ 3813.847524] print_address_description+0xa5/0x372 [ 3813.848243] kasan_report.cold+0x236/0x2a8 [ 3813.849439] check_memory_region+0x240/0x270 [ 3813.850094] memcpy+0x30/0x80 [ 3813.850553] sg_copy_buffer+0x157/0x1e0 [ 3813.853032] sg_copy_from_buffer+0x13/0x20 [ 3813.853660] fill_from_dev_buffer+0x135/0x370 [ 3813.854329] resp_readcap16+0x1ac/0x280 [ 3813.856917] schedule_resp+0x41f/0x1630 [ 3813.858203] scsi_debug_queuecommand+0xb32/0x17e0 [ 3813.862699] scsi_dispatch_cmd+0x330/0x950 [ 3813.863329] scsi_request_fn+0xd8e/0x1710 [ 3813.863946] __blk_run_queue+0x10b/0x230 [ 3813.864544] blk_execute_rq_nowait+0x1d8/0x400 [ 3813.865220] sg_common_write.isra.0+0xe61/0x2420 [ 3813.871637] sg_write+0x6c8/0xef0 [ 3813.878853] __vfs_write+0xe4/0x800 [ 3813.883487] vfs_write+0x17b/0x530 [ 3813.884008] ksys_write+0x103/0x270 [ 3813.886268] __x64_sys_write+0x77/0xc0 [ 3813.886841] do_syscall_64+0x106/0x360 [ 3813.887415] entry_SYSCALL_64_after_hwframe+0x44/0xa9 This issue can be reproduced with the following syzkaller log: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)=’./file0x00′, 0x26e1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)=’fd/3×00′) open_by_handle_at(r1, &(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x602000) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40782) write$binfmt_aout(r2, &(0x7f0000000340)=ANY=[@ANYBLOB=”00000000deff000000000000000000000000000000000000000000000000000047f007af9e107a41ec395f1bded7be24277a1501ff6196a83366f4e6362bc0ff2b247f68a972989b094b2da4fb3607fcf611a22dd04310d28c75039d”], 0x126) In resp_readcap16() we get “int alloc_len” value -1104926854, and then pass the huge arr_len to fill_from_dev_buffer(), but arr is only 32 bytes. This leads to OOB in sg_copy_buffer(). To solve this issue, define alloc_len as u32. | 2024-04-10 | not yet calculated | CVE-2021-47191 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 (“scsi: core: Fix capacity set to zero after offlinining device”) The problem is that after iSCSI recovery, iscsid will call into the kernel to set the dev’s state to running, and with that patch we now call scsi_rescan_device() with the state_mutex held. If the SCSI error handler thread is just starting to test the device in scsi_send_eh_cmnd() then it’s going to try to grab the state_mutex. We are then stuck, because when scsi_rescan_device() tries to send its I/O scsi_queue_rq() calls -> scsi_host_queue_ready() -> scsi_host_in_recovery() which will return true (the host state is still in recovery) and I/O will just be requeued. scsi_send_eh_cmnd() will then never be able to grab the state_mutex to finish error handling. To prevent the deadlock move the rescan-related code to after we drop the state_mutex. This also adds a check for if we are already in the running state. This prevents extra scans and helps the iscsid case where if the transport class has already onlined the device during its recovery process then we don’t need userspace to do it again plus possibly block that daemon. | 2024-04-10 | not yet calculated | CVE-2021-47192 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the module is removed. | 2024-04-10 | not yet calculated | CVE-2021-47193 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt. | 2024-04-10 | not yet calculated | CVE-2021-47194 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 (“spi: Fix deadlock when adding SPI controllers on SPI buses”) introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Move the put_device() after the mutex_unlock(). | 2024-04-10 | not yet calculated | CVE-2021-47195 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp properties. This change is needed for mlx5, because in case of QP creation failure, it will go to the path of QP destroy which relies on proper CQ pointers. BUG: KASAN: use-after-free in create_qp.cold+0x164/0x16e [mlx5_ib] Write of size 8 at addr ffff8880064c55c0 by task a.out/246 CPU: 0 PID: 246 Comm: a.out Not tainted 5.15.0+ #291 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x45/0x59 print_address_description.constprop.0+0x1f/0x140 kasan_report.cold+0x83/0xdf create_qp.cold+0x164/0x16e [mlx5_ib] mlx5_ib_create_qp+0x358/0x28a0 [mlx5_ib] create_qp.part.0+0x45b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Allocated by task 246: kasan_save_stack+0x1b/0x40 __kasan_kmalloc+0xa4/0xd0 create_qp.part.0+0x92/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 246: kasan_save_stack+0x1b/0x40 kasan_set_track+0x1c/0x30 kasan_set_free_info+0x20/0x30 __kasan_slab_free+0x10c/0x150 slab_free_freelist_hook+0xb4/0x1b0 kfree+0xe7/0x2a0 create_qp.part.0+0x52b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae | 2024-04-10 | not yet calculated | CVE-2021-47196 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() Prior to this patch in case mlx5_core_destroy_cq() failed it proceeds to rest of destroy operations. mlx5_core_destroy_cq() could be called again by user and cause additional call of mlx5_debug_cq_remove(). cq->dbg was not nullify in previous call and cause the crash. Fix it by nullify cq->dbg pointer after removal. Also proceed to destroy operations only if FW return 0 for MLX5_CMD_OP_DESTROY_CQ command. general protection fault, probably for non-canonical address 0x2000300004058: 0000 [#1] SMP PTI CPU: 5 PID: 1228 Comm: python Not tainted 5.15.0-rc5_for_upstream_min_debug_2021_10_14_11_06 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:lockref_get+0x1/0x60 Code: 5d e9 53 ff ff ff 48 8d 7f 70 e8 0a 2e 48 00 c7 85 d0 00 00 00 02 00 00 00 c6 45 70 00 fb 5d c3 c3 cc cc cc cc cc cc cc cc 53 <48> 8b 17 48 89 fb 85 d2 75 3d 48 89 d0 bf 64 00 00 00 48 89 c1 48 RSP: 0018:ffff888137dd7a38 EFLAGS: 00010206 RAX: 0000000000000000 RBX: ffff888107d5f458 RCX: 00000000fffffffe RDX: 000000000002c2b0 RSI: ffffffff8155e2e0 RDI: 0002000300004058 RBP: ffff888137dd7a88 R08: 0002000300004058 R09: ffff8881144a9f88 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881141d4000 R13: ffff888137dd7c68 R14: ffff888137dd7d58 R15: ffff888137dd7cc0 FS: 00007f4644f2a4c0(0000) GS:ffff8887a2d40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b4500f4380 CR3: 0000000114f7a003 CR4: 0000000000170ea0 Call Trace: simple_recursive_removal+0x33/0x2e0 ? debugfs_remove+0x60/0x60 debugfs_remove+0x40/0x60 mlx5_debug_cq_remove+0x32/0x70 [mlx5_core] mlx5_core_destroy_cq+0x41/0x1d0 [mlx5_core] devx_obj_cleanup+0x151/0x330 [mlx5_ib] ? __pollwait+0xd0/0xd0 ? xas_load+0x5/0x70 ? xa_load+0x62/0xa0 destroy_hw_idr_uobject+0x20/0x80 [ib_uverbs] uverbs_destroy_uobject+0x3b/0x360 [ib_uverbs] uobj_destroy+0x54/0xa0 [ib_uverbs] ib_uverbs_cmd_verbs+0xaf2/0x1160 [ib_uverbs] ? uverbs_finalize_object+0xd0/0xd0 [ib_uverbs] ib_uverbs_ioctl+0xc4/0x1b0 [ib_uverbs] __x64_sys_ioctl+0x3e4/0x8e0 | 2024-04-10 | not yet calculated | CVE-2021-47197 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: “KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b” The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free access when used as an rpi_ids array index. Fix by clearing the NLP_REG_LOGIN_SEND nlp_flag in lpfc_mbx_cmpl_fc_reg_login(). | 2024-04-10 | not yet calculated | CVE-2021-47198 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to the flow’s original mod actions in order to clear the registers which hold ct_state. When such flow also includes encap action, a neigh update event can cause the driver to unoffload the flow and then reoffload it. Each time this happens, the ct clear handling adds that same set of mod hdr actions to reset ct_state until the max of mod hdr actions is reached. Also the driver never releases the allocated mod hdr actions and causing a memleak. Fix above two issues by moving CT clear mod acts allocation into the parsing actions phase and only use it when offloading the rule. The release of mod acts will be done in the normal flow_put(). backtrace: [<000000007316e2f3>] krealloc+0x83/0xd0 [<00000000ef157de1>] mlx5e_mod_hdr_alloc+0x147/0x300 [mlx5_core] [<00000000970ce4ae>] mlx5e_tc_match_to_reg_set_and_get_id+0xd7/0x240 [mlx5_core] [<0000000067c5fa17>] mlx5e_tc_match_to_reg_set+0xa/0x20 [mlx5_core] [<00000000d032eb98>] mlx5_tc_ct_entry_set_registers.isra.0+0x36/0xc0 [mlx5_core] [<00000000fd23b869>] mlx5_tc_ct_flow_offload+0x272/0x1f10 [mlx5_core] [<000000004fc24acc>] mlx5e_tc_offload_fdb_rules.part.0+0x150/0x620 [mlx5_core] [<00000000dc741c17>] mlx5e_tc_encap_flows_add+0x489/0x690 [mlx5_core] [<00000000e92e49d7>] mlx5e_rep_update_flows+0x6e4/0x9b0 [mlx5_core] [<00000000f60f5602>] mlx5e_rep_neigh_update+0x39a/0x5d0 [mlx5_core] | 2024-04-10 | not yet calculated | CVE-2021-47199 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success. If the gem object’s refcount == 1 on entry to drm_gem_prime_mmap(), that drop will free the gem object, and the subsequent drm_gem_object_get() will be a UAF. Fix by grabbing a reference before calling the mmap helper. This issue was forseen when the reference dropping was adding in commit 9786b65bc61ac (“drm/ttm: fix mmap refcounting”): “For that to work properly the drm_gem_object_get() call in drm_gem_ttm_mmap() must be moved so it happens before calling obj->funcs->mmap(), otherwise the gem refcount would go down to zero.” | 2024-04-10 | not yet calculated | CVE-2021-47200 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of these two function calls in iavf_disable_vf(). This resolves a panic encountered when the interface is disabled and then later brought up again after PF communication is restored. | 2024-04-10 | not yet calculated | CVE-2021-47201 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consuming a thermal sensor and that thermal sensor device hasn’t probed yet, an attempt to set trip_point_*_temp for that thermal zone device can cause a NULL pointer dereference. Fix it. console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp … Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 … Call trace: of_thermal_set_trip_temp+0x40/0xc4 trip_point_temp_store+0xc0/0x1dc dev_attr_store+0x38/0x88 sysfs_kf_write+0x64/0xc0 kernfs_fop_write_iter+0x108/0x1d0 vfs_write+0x2f4/0x368 ksys_write+0x7c/0xec __arm64_sys_write+0x20/0x30 el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc do_el0_svc+0x28/0xa0 el0_svc+0x14/0x24 el0_sync_handler+0x88/0xec el0_sync+0x1c0/0x200 While at it, fix the possible NULL pointer dereference in other functions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend(). | 2024-04-10 | not yet calculated | CVE-2021-47202 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local “fail_msg” string is set and a log message output. The job is then added to a completions list for cancellation. Processing of any further jobs from the txq list continues, but since “fail_msg” remains set, jobs are added to the completions list regardless of whether a wqe was passed to the adapter. If successfully added to txcmplq, jobs are added to both lists resulting in list corruption. Fix by clearing the fail_msg string after adding a job to the completions list. This stops the subsequent jobs from being added to the completions list unless they had an appropriate failure. | 2024-04-10 | not yet calculated | CVE-2021-47203 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove Access to netdev after free_netdev() will cause use-after-free bug. Move debug log before free_netdev() call to avoid it. | 2024-04-10 | not yet calculated | CVE-2021-47204 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device’s MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some clock operation tries to perform MMIO. Fix this by separating the CCU initialization from the memory allocation, and then using a devres callback to unregister the clocks and resets. This also fixes a memory leak of the `struct ccu_reset`, and uses the correct owner (the specific platform driver) for the clocks and resets. Early OF clock providers are never unregistered, and limited error handling is possible, so they are mostly unchanged. The error reporting is made more consistent by moving the message inside of_sunxi_ccu_probe. | 2024-04-10 | not yet calculated | CVE-2021-47205 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. | 2024-04-10 | not yet calculated | CVE-2021-47206 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fix null pointer dereference on pointer block The pointer block return from snd_gf1_dma_next_block could be null, so there is a potential null pointer dereference issue. Fix this by adding a null check before dereference. | 2024-04-10 | not yet calculated | CVE-2021-47207 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfs_rq’s Kevin is reporting crashes which point to a use-after-free of a cfs_rq in update_blocked_averages(). Initial debugging revealed that we’ve live cfs_rq’s (on_list=1) in an about to be kfree()’d task group in free_fair_sched_group(). However, it was unclear how that can happen. His kernel config happened to lead to a layout of struct sched_entity that put the ‘my_q’ member directly into the middle of the object which makes it incidentally overlap with SLUB’s freelist pointer. That, in combination with SLAB_FREELIST_HARDENED’s freelist pointer mangling, leads to a reliable access violation in form of a #GP which made the UAF fail fast. Michal seems to have run into the same issue[1]. He already correctly diagnosed that commit a7b359fc6a37 (“sched/fair: Correctly insert cfs_rq’s to list on unthrottle”) is causing the preconditions for the UAF to happen by re-adding cfs_rq’s also to task groups that have no more running tasks, i.e. also to dead ones. His analysis, however, misses the real root cause and it cannot be seen from the crash backtrace only, as the real offender is tg_unthrottle_up() getting called via sched_cfs_period_timer() via the timer interrupt at an inconvenient time. When unregister_fair_sched_group() unlinks all cfs_rq’s from the dying task group, it doesn’t protect itself from getting interrupted. If the timer interrupt triggers while we iterate over all CPUs or after unregister_fair_sched_group() has finished but prior to unlinking the task group, sched_cfs_period_timer() will execute and walk the list of task groups, trying to unthrottle cfs_rq’s, i.e. re-add them to the dying task group. These will later — in free_fair_sched_group() — be kfree()’ed while still being linked, leading to the fireworks Kevin and Michal are seeing. To fix this race, ensure the dying task group gets unlinked first. However, simply switching the order of unregistering and unlinking the task group isn’t sufficient, as concurrent RCU walkers might still see it, as can be seen below: CPU1: CPU2: : timer IRQ: : do_sched_cfs_period_timer(): : : : distribute_cfs_runtime(): : rcu_read_lock(); : : : unthrottle_cfs_rq(): sched_offline_group(): : : walk_tg_tree_from(…,tg_unthrottle_up,…): list_del_rcu(&tg->list); : (1) : list_for_each_entry_rcu(child, &parent->children, siblings) : : (2) list_del_rcu(&tg->siblings); : : tg_unthrottle_up(): unregister_fair_sched_group(): struct cfs_rq *cfs_rq = tg->cfs_rq[cpu_of(rq)]; : : list_del_leaf_cfs_rq(tg->cfs_rq[cpu]); : : : : if (!cfs_rq_is_decayed(cfs_rq) || cfs_rq->nr_running) (3) : list_add_leaf_cfs_rq(cfs_rq); : : : : : : : : : —truncated— | 2024-04-10 | not yet calculated | CVE-2021-47209 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Remove WARN_ON in tps6598x_block_read Calling tps6598x_block_read with a higher than allowed len can be handled by just returning an error. There’s no need to crash systems with panic-on-warn enabled. | 2024-04-10 | not yet calculated | CVE-2021-47210 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix null pointer dereference on pointer cs_desc The pointer cs_desc return from snd_usb_find_clock_source could be null, so there is a potential null pointer dereference issue. Fix this by adding a null check before dereference. | 2024-04-10 | not yet calculated | CVE-2021-47211 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy process. In this case, when a destroy command is being executed, it should return MLX5_CMD_STAT_OK. Fix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK instead of EIO. This fixes a call trace in the umem release process – [ 2633.536695] Call Trace: [ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs] [ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core] [ 2633.539641] disable_device+0x8c/0x130 [ib_core] [ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core] [ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core] [ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib] [ 2633.543640] auxiliary_bus_remove+0x1e/0x30 [auxiliary] [ 2633.544661] device_release_driver_internal+0x103/0x1f0 [ 2633.545679] bus_remove_device+0xf7/0x170 [ 2633.546640] device_del+0x181/0x410 [ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core] [ 2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core] [ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core] [ 2633.550864] remove_one+0x69/0xe0 [mlx5_core] [ 2633.551819] pci_device_remove+0x3b/0xc0 [ 2633.552731] device_release_driver_internal+0x103/0x1f0 [ 2633.553746] unbind_store+0xf6/0x130 [ 2633.554657] kernfs_fop_write+0x116/0x190 [ 2633.555567] vfs_write+0xa5/0x1a0 [ 2633.556407] ksys_write+0x4f/0xb0 [ 2633.557233] do_syscall_64+0x5b/0x1a0 [ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 2633.559018] RIP: 0033:0x7f9977132648 [ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55 [ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648 [ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001 [ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740 [ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0 [ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c [ 2633.568725] —[ end trace 10b4fe52945e544d ]— | 2024-04-10 | not yet calculated | CVE-2021-47212 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: hugetlb, userfaultfd: fix reservation restore on userfaultfd error Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we bail out using “goto out_release_unlock;” in the cases where idx >= size, or !huge_pte_none(), the code will detect that new_pagecache_page == false, and so call restore_reserve_on_error(). In this case I see restore_reserve_on_error() delete the reservation, and the following call to remove_inode_hugepages() will increment h->resv_hugepages causing a 100% reproducible leak. We should treat the is_continue case similar to adding a page into the pagecache and set new_pagecache_page to true, to indicate that there is no reservation to restore on the error path, and we need not call restore_reserve_on_error(). Rename new_pagecache_page to page_in_pagecache to make that clear. | 2024-04-10 | not yet calculated | CVE-2021-47214 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by protecting the entries against movements coming from resync_handle_seq_match(), until their resync handling in napi is fully completed. | 2024-04-10 | not yet calculated | CVE-2021-47215 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: advansys: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to ‘unsigned long’ and printed with %lx. Change %lx to %p to print the hashed pointer. | 2024-04-10 | not yet calculated | CVE-2021-47216 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails Check for a valid hv_vp_index array prior to derefencing hv_vp_index when setting Hyper-V’s TSC change callback. If Hyper-V setup failed in hyperv_init(), the kernel will still report that it’s running under Hyper-V, but will have silently disabled nearly all functionality. BUG: kernel NULL pointer dereference, address: 0000000000000010 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2+ #75 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:set_hv_tscchange_cb+0x15/0xa0 Code: <8b> 04 82 8b 15 12 17 85 01 48 c1 e0 20 48 0d ee 00 01 00 f6 c6 08 … Call Trace: kvm_arch_init+0x17c/0x280 kvm_init+0x31/0x330 vmx_init+0xba/0x13a do_one_initcall+0x41/0x1c0 kernel_init_freeable+0x1f2/0x23b kernel_init+0x16/0x120 ret_from_fork+0x22/0x30 | 2024-04-10 | not yet calculated | CVE-2021-47217 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: selinux: fix NULL-pointer dereference when hashtab allocation fails When the hash table slot array allocation fails in hashtab_init(), h->size is left initialized with a non-zero value, but the h->htable pointer is NULL. This may then cause a NULL pointer dereference, since the policydb code relies on the assumption that even after a failed hashtab_init(), hashtab_map() and hashtab_destroy() can be safely called on it. Yet, these detect an empty hashtab only by looking at the size. Fix this by making sure that hashtab_init() always leaves behind a valid empty hashtab when the allocation fails. | 2024-04-10 | not yet calculated | CVE-2021-47218 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline] BUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831 Read of size 2132 at addr ffff8880aea95dc8 by task syz-executor.0/9815 CPU: 0 PID: 9815 Comm: syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe4/0x14a lib/dump_stack.c:118 print_address_description+0x73/0x280 mm/kasan/report.c:253 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report+0x272/0x370 mm/kasan/report.c:410 memcpy+0x1f/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:377 [inline] sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831 fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021 resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772 schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429 scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835 scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896 scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034 __blk_run_queue_uncond block/blk-core.c:464 [inline] __blk_run_queue+0x1a4/0x380 block/blk-core.c:484 blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78 sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847 sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716 sg_write+0x64/0xa0 drivers/scsi/sg.c:622 __vfs_write+0xed/0x690 fs/read_write.c:485 kill_bdev:block_device:00000000e138492c vfs_write+0x184/0x4c0 fs/read_write.c:549 ksys_write+0x107/0x240 fs/read_write.c:599 do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe We get ‘alen’ from command its type is int. If userspace passes a large length we will get a negative ‘alen’. Switch n, alen, and rlen to u32. | 2024-04-10 | not yet calculated | CVE-2021-47219 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload. | 2024-04-08 | not yet calculated | CVE-2024-26811 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checking TCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed value tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]); if (tc >= TC_QOPT_MAX_QUEUE) { NL_SET_ERR_MSG_MOD(extack, “TC entry index out of range”); return -ERANGE; } syzbot reported that it could fed arbitary negative values: UBSAN: shift-out-of-bounds in net/sched/sch_taprio.c:1722:18 shift exponent -2147418108 is negative CPU: 0 PID: 5066 Comm: syz-executor367 Not tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [inline] __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386 taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [inline] taprio_parse_tc_entries net/sched/sch_taprio.c:1768 [inline] taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877 taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f1b2dea3759 Code: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759 RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R11: 0000000000000246 R12: 00007ffd4de45340 R13: 00007ffd4de45310 R14: 0000000000000001 R15: 00007ffd4de45340 | 2024-04-10 | not yet calculated | CVE-2024-26815 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the “startup_xen” entry point. This information is used prior to booting the kernel, so relocations are not useful. In fact, performing relocations against the .notes section means that the KASLR base is exposed since /sys/kernel/notes is world-readable. To avoid leaking the KASLR base without breaking unprivileged tools that are expecting to read /sys/kernel/notes, skip performing relocations in the .notes section. The values readable in .notes are then identical to those found in System.map. | 2024-04-10 | not yet calculated | CVE-2024-26816 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow. | 2024-04-13 | not yet calculated | CVE-2024-26817 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| lunary-ai — lunary-ai/lunary |
lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient server-side validation of user account types during project creation. In the free account tier, users are limited to creating only two projects. However, this restriction is enforced only in the web UI and not on the server side, allowing users to bypass the limitation and create an unlimited number of projects without upgrading their account or incurring additional charges. This vulnerability is due to the lack of checks in the project creation endpoint. | 2024-04-10 | not yet calculated | CVE-2024-1599 security@huntr.dev security@huntr.dev |
| lunary-ai — lunary-ai/lunary |
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization’s project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails to verify if the project ID provided in the request belongs to the requesting user’s organization. As a result, an attacker can delete projects belonging to any organization by sending a crafted DELETE request with the target project’s ID. This issue affects the project deletion functionality implemented in the projects.delete route. | 2024-04-10 | not yet calculated | CVE-2024-1625 security@huntr.dev security@huntr.dev |
| lunary-ai — lunary-ai/lunary |
By knowing an organization’s ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw is due to insufficient verification of user permissions when joining an organization. | 2024-04-10 | not yet calculated | CVE-2024-1643 security@huntr.dev security@huntr.dev |
| lunary-ai — lunary-ai/lunary |
In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token. The lunary web application communicates with the server using an ‘Authorization’ token in the browser, which does not properly invalidate upon the user’s removal from the organization. This allows the removed user to perform unauthorized actions on logs and access project and external user details without valid permissions. | 2024-04-10 | not yet calculated | CVE-2024-1740 security@huntr.dev security@huntr.dev |
| lunary-ai — lunary-ai/lunary |
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data. | 2024-04-10 | not yet calculated | CVE-2024-1741 security@huntr.dev |
| lunary-ai — lunary-ai/lunary |
lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization’s name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route. | 2024-04-10 | not yet calculated | CVE-2024-1902 security@huntr.dev |
| mintplex-labs — mintplex-labs/anything-llm |
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application’s database. | 2024-04-10 | not yet calculated | CVE-2024-3025 security@huntr.dev security@huntr.dev |
| mintplex-labs — mintplex-labs/anything-llm |
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating ‘Multi-User Mode’. By sending a specially crafted curl request with the ‘multi_user_mode’ parameter set to false, an attacker can deactivate ‘Multi-User Mode’. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access. | 2024-04-10 | not yet calculated | CVE-2024-3101 security@huntr.dev security@huntr.dev |
| mintplex-labs — mintplex-labs/anything-llm |
A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The ‘/admin/system-preferences’ API endpoint improperly authorizes manager-level users to modify the ‘multi_user_mode’ system variable, enabling them to access the ‘/api/system/enable-multi-user’ endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiable fields, leading to unauthorized modification of system settings and subsequent privilege escalation. | 2024-04-10 | not yet calculated | CVE-2024-3283 security@huntr.dev security@huntr.dev |
| mintplex-labs — mintplex-labs/anything-llm |
A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in ‘just me’ mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted ‘Authorization:’ header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition. | 2024-04-10 | not yet calculated | CVE-2024-3569 security@huntr.dev security@huntr.dev |
| mintplex-labs — mintplex-labs/anything-llm |
A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user’s session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to perform actions on behalf of the user, such as creating a new admin account or changing the user’s password, leading to a complete takeover of the AnythingLLM application. The vulnerability stems from the improper sanitization of user and ChatBot input, specifically through the use of `dangerouslySetInnerHTML`. Successful exploitation requires convincing an admin to add a malicious LocalAI ChatBot to their AnythingLLM instance. | 2024-04-10 | not yet calculated | CVE-2024-3570 security@huntr.dev security@huntr.dev |
| mudler — mudler/localai |
A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing them to ffmpeg via a shell command, allowing an attacker to execute arbitrary commands on the host system. Successful exploitation could lead to unauthorized access, data breaches, or other detrimental impacts, depending on the privileges of the process executing the code. | 2024-04-10 | not yet calculated | CVE-2024-2029 security@huntr.dev security@huntr.dev |
| node.js — node |
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition. | 2024-04-09 | not yet calculated | CVE-2024-27983 support@hackerone.com |
| openssl — openssl |
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue. | 2024-04-08 | not yet calculated | CVE-2024-2511 openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org |
| parisneo — parisneo/lollms-webui |
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages. | 2024-04-10 | not yet calculated | CVE-2024-1511 security@huntr.dev |
| parisneo — parisneo/lollms-webui |
An OS Command Injection vulnerability exists in the ‘/open_code_folder’ endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the ‘discussion_id’ parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise. | 2024-04-10 | not yet calculated | CVE-2024-1520 security@huntr.dev security@huntr.dev |
| parisneo — parisneo/lollms-webui |
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application. | 2024-04-10 | not yet calculated | CVE-2024-1600 security@huntr.dev security@huntr.dev |
| parisneo — parisneo/lollms-webui |
parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user’s browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker’s host. The issue affects various components of the application, including the handling of user input and model output. | 2024-04-10 | not yet calculated | CVE-2024-1602 security@huntr.dev |
| qdrant — qdrant/qdrant |
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction. | 2024-04-10 | not yet calculated | CVE-2024-2221 security@huntr.dev security@huntr.dev |
| run-llama — run-llama/llama_index |
A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw. | 2024-04-10 | not yet calculated | CVE-2024-3098 security@huntr.dev security@huntr.dev |
| saturday_drive — ninja_forms |
Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed. | 2024-04-11 | not yet calculated | CVE-2024-25572 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| saturday_drive — ninja_forms |
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | 2024-04-11 | not yet calculated | CVE-2024-26019 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| saturday_drive — ninja_forms |
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | 2024-04-11 | not yet calculated | CVE-2024-29220 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
| the_libreswan_project_(www.libreswan.org) — libreswan |
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan’s default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. | 2024-04-11 | not yet calculated | CVE-2024-3652 d42dc95b-23f1-4e06-9076-20753a0fb0df |
| unisoc_(shanghai)_technologies_co_ltd — sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 |
In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2024-23658 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd — sc7731e/sc9832e/sc9863a/t310/t610/t618 |
In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52535 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd — sc7731e/sc9832e/sc9863a/t310/t610/t618 |
In faceid service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52536 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd — sc7731e/sc9832e/sc9863a/t310/t610/t618 |
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. | 2024-04-08 | not yet calculated | CVE-2023-52538 psirt@huawei.com psirt@huawei.com |
| unisoc_(shanghai)_technologies_co_ltd — t760/t770/t820/s8000 |
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52533 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd — t760/t770/t820/s8000 |
In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52534 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52346 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52347 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52348 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52349 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52350 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52351 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 | In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52352 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd– sc7731e/sc9832e/sc9863a/t310/t606/t612/t616/t610/t618/t760/t770/t820/s8000 |
In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52345 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd. — t760/t770/t820/s8000 | In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52343 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd. — t760/t770/t820/s8000 |
In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52341 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd. — t760/t770/t820/s8000 |
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52342 security@unisoc.com |
| unisoc_(shanghai)_technologies_co_ltd. — t760/t770/t820/s8000 |
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges needed | 2024-04-08 | not yet calculated | CVE-2023-52344 security@unisoc.com |
| unknown — backwpup |
The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site’s database. | 2024-04-08 | not yet calculated | CVE-2023-7164 contact@wpscan.com |
| unknown — font_farsi |
The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-08 | not yet calculated | CVE-2024-1752 contact@wpscan.com |
| unknown — inline_related_posts |
The Inline Related Posts WordPress plugin before 3.6.0 does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts | 2024-04-11 | not yet calculated | CVE-2023-6257 contact@wpscan.com |
| unknown — post_grid_form_maker_popup_maker_woocommerce_blocks_post_blocks_post_carousel_ |
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts | 2024-04-11 | not yet calculated | CVE-2024-0881 contact@wpscan.com |
| unknown — responsive_gallery_grid |
The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-09 | not yet calculated | CVE-2024-1664 contact@wpscan.com |
| unknown — sendpress_newsletters |
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-08 | not yet calculated | CVE-2024-1588 contact@wpscan.com |
| unknown — sendpress_newsletters |
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-04-08 | not yet calculated | CVE-2024-1589 contact@wpscan.com |
| unknown — the_ultimate_video_player_for_wordpress_ |
The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks | 2024-04-10 | not yet calculated | CVE-2024-2428 contact@wpscan.com |
| unknown — wordpress_ping_optimizer |
The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs. | 2024-04-10 | not yet calculated | CVE-2023-6385 contact@wpscan.com |
| unknown — wp_shortcodes_plugin_-_shortcodes_ultimate |
The WP Shortcodes Plugin – Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks. | 2024-04-13 | not yet calculated | CVE-2024-2583 contact@wpscan.com |
| unknown — wpb-show-core |
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-04-08 | not yet calculated | CVE-2024-1292 contact@wpscan.com |
| unknown — wpb-show-core |
The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting | 2024-04-08 | not yet calculated | CVE-2024-1956 contact@wpscan.com |
| unknown — wpb-show-core |
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users | 2024-04-08 | not yet calculated | CVE-2024-1958 contact@wpscan.com |
| N/A — N/A
|
The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected. | 2024-04-08 | not yet calculated | CVE-2020-36829 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format. | 2024-04-12 | not yet calculated | CVE-2020-8006 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service. | 2024-04-08 | not yet calculated | CVE-2021-47208 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
AbrhilSoft Employee’s Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page. | 2024-04-08 | not yet calculated | CVE-2022-43216 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a “TuDoor” attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. | 2024-04-11 | not yet calculated | CVE-2023-29483 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44852 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44853 cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44854 cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44855 cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients’ parameters of the sub_21D24 function in the acu_web file. | 2024-04-12 | not yet calculated | CVE-2023-44856 cve@mitre.org |
| N/A — N/A
|
An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. | 2024-04-12 | not yet calculated | CVE-2023-44857 cve@mitre.org |
| N/A — N/A
|
An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL. | 2024-04-11 | not yet calculated | CVE-2023-48865 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. | 2024-04-12 | not yet calculated | CVE-2023-49528 cve@mitre.org |
| N/A — N/A
|
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component | 2024-04-11 | not yet calculated | CVE-2023-51141 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. | 2024-04-11 | not yet calculated | CVE-2023-51142 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the ‘setSeriesNeedle(int index, int type)’ method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2023-52070 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file. | 2024-04-12 | not yet calculated | CVE-2024-22526 cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application. | 2024-04-11 | not yet calculated | CVE-2024-22717 cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL. | 2024-04-11 | not yet calculated | CVE-2024-22718 cve@mitre.org |
| N/A — N/A
|
SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the ‘keyword’ when searching for a client. | 2024-04-11 | not yet calculated | CVE-2024-22719 cve@mitre.org |
| N/A — N/A
|
Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link. | 2024-04-11 | not yet calculated | CVE-2024-22721 cve@mitre.org |
| N/A — N/A
|
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. | 2024-04-11 | not yet calculated | CVE-2024-22722 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components. | 2024-04-12 | not yet calculated | CVE-2024-22734 cve@mitre.org |
| N/A — N/A
|
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-22949 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2024-23076 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2024-23077 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23078 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23079 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2024-23080 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23081 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23082 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-10 | not yet calculated | CVE-2024-23083 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23084 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23085 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | 2024-04-08 | not yet calculated | CVE-2024-23086 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link. | 2024-04-10 | not yet calculated | CVE-2024-23734 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate. | 2024-04-10 | not yet calculated | CVE-2024-23735 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. | 2024-04-09 | not yet calculated | CVE-2024-24245 cve@mitre.org |
| N/A — N/A
|
An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions. | 2024-04-08 | not yet calculated | CVE-2024-24279 cve@mitre.org |
| N/A — N/A
|
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | 2024-04-11 | not yet calculated | CVE-2024-25376 cve@mitre.org |
| N/A — N/A
|
An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component. | 2024-04-12 | not yet calculated | CVE-2024-25545 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the “AccessControlList” parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. | 2024-04-11 | not yet calculated | CVE-2024-25852 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | 2024-04-10 | not yet calculated | CVE-2024-26362 cve@mitre.org |
| N/A — N/A
|
Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe | 2024-04-08 | not yet calculated | CVE-2024-26574 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators. | 2024-04-10 | not yet calculated | CVE-2024-27474 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. | 2024-04-10 | not yet calculated | CVE-2024-27476 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field of tickets (also known as to-dos). This stored XSS vulnerability can be exploited to perform Server-Side Request Forgery (SSRF) attacks. | 2024-04-10 | not yet calculated | CVE-2024-27477 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. | 2024-04-11 | not yet calculated | CVE-2024-27592 cve@mitre.org |
| N/A — N/A
|
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. | 2024-04-08 | not yet calculated | CVE-2024-27630 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php | 2024-04-08 | not yet calculated | CVE-2024-27631 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. | 2024-04-08 | not yet calculated | CVE-2024-27632 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module. | 2024-04-09 | not yet calculated | CVE-2024-27665 cve@mitre.org |
| N/A — N/A
|
D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify. | 2024-04-11 | not yet calculated | CVE-2024-27683 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | 2024-04-08 | not yet calculated | CVE-2024-28066 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion). | 2024-04-08 | not yet calculated | CVE-2024-28224 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. | 2024-04-08 | not yet calculated | CVE-2024-28270 cve@mitre.org |
| N/A — N/A
|
An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the “back” parameter in the URL through a double encoded URL. | 2024-04-10 | not yet calculated | CVE-2024-28344 cve@mitre.org |
| N/A — N/A
|
An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL. | 2024-04-10 | not yet calculated | CVE-2024-28345 cve@mitre.org |
| N/A — N/A
|
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | 2024-04-11 | not yet calculated | CVE-2024-28402 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. | 2024-04-11 | not yet calculated | CVE-2024-28458 cve@mitre.org |
| N/A — N/A
|
An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component. | 2024-04-12 | not yet calculated | CVE-2024-28718 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). | 2024-04-08 | not yet calculated | CVE-2024-28732 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. | 2024-04-10 | not yet calculated | CVE-2024-29269 cve@mitre.org |
| N/A — N/A
|
A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. | 2024-04-10 | not yet calculated | CVE-2024-29296 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | 2024-04-11 | not yet calculated | CVE-2024-29399 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. | 2024-04-12 | not yet calculated | CVE-2024-29400 cve@mitre.org |
| N/A — N/A
|
An unauthorized node injection vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS2 nodes into the system. | 2024-04-10 | not yet calculated | CVE-2024-29439 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS2 nodes. | 2024-04-11 | not yet calculated | CVE-2024-29441 cve@mitre.org |
| N/A — N/A
|
A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-10 | not yet calculated | CVE-2024-29443 cve@mitre.org |
| N/A — N/A
|
An OS command injection vulnerability has been discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-11 | not yet calculated | CVE-2024-29444 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3 where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. | 2024-04-10 | not yet calculated | CVE-2024-29445 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in the default configurations of ROS2 Humble Hawksbill in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. | 2024-04-11 | not yet calculated | CVE-2024-29447 cve@mitre.org |
| N/A — N/A
|
A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings. | 2024-04-11 | not yet calculated | CVE-2024-29448 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via man-in-the-middle attacks due to cleartext transmission of data across the ROS2 nodes’ communication channels. | 2024-04-11 | not yet calculated | CVE-2024-29449 cve@mitre.org |
| N/A — N/A
|
An issue has been discovered in the permission and access control components within ROS2 Humble Hawksbill, in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the authentication system, including protocols, processes, and checks designed to verify the identities of users or devices attempting to access the ROS2 system. | 2024-04-11 | not yet calculated | CVE-2024-29450 cve@mitre.org |
| N/A — N/A
|
An insecure deserialization vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-11 | not yet calculated | CVE-2024-29452 cve@mitre.org |
| N/A — N/A
|
An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary commands potentially leading to unauthorized system control, data breaches, system and network compromise, and operational disruption. | 2024-04-11 | not yet calculated | CVE-2024-29454 cve@mitre.org |
| N/A — N/A
|
An arbitrary file upload vulnerability has been discovered in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-11 | not yet calculated | CVE-2024-29455 cve@mitre.org |
| N/A — N/A
|
An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. | 2024-04-10 | not yet calculated | CVE-2024-29460 cve@mitre.org |
| N/A — N/A
|
An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. | 2024-04-12 | not yet calculated | CVE-2024-29461 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. | 2024-04-10 | not yet calculated | CVE-2024-29500 cve@mitre.org |
| N/A — N/A
|
An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | 2024-04-10 | not yet calculated | CVE-2024-29502 cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. | 2024-04-10 | not yet calculated | CVE-2024-29504 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | 2024-04-11 | not yet calculated | CVE-2024-29937 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope. | 2024-04-12 | not yet calculated | CVE-2024-30614 cve@mitre.org |
| N/A — N/A
|
Shell Injection vulnerability in ROS (Robot Operating System) Melodic Morenia versions ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information. | 2024-04-08 | not yet calculated | CVE-2024-30659 cve@mitre.org |
| N/A — N/A
|
An unauthorized access vulnerability has been discovered in ROS Melodic Morenia versions where ROS_VERSION is 1 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized information access to multiple ROS nodes remotely. Unauthorized information access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. | 2024-04-08 | not yet calculated | CVE-2024-30661 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data. | 2024-04-08 | not yet calculated | CVE-2024-30662 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in the default configurations of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability allows unauthenticated attackers to gain access using default credentials, posing a serious threat to the integrity and security of the system. | 2024-04-08 | not yet calculated | CVE-2024-30663 cve@mitre.org |
| N/A — N/A
|
An OS command injection vulnerability has been discovered in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3. This vulnerability primarily affects the command processing or system call components in ROS, making them susceptible to manipulation by malicious entities. Through this, unauthorized commands can be executed, leading to remote code execution (RCE), data theft, and malicious activities. The affected components include External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-08 | not yet calculated | CVE-2024-30665 cve@mitre.org |
| N/A — N/A
|
A buffer overflow vulnerability has been discovered in the C++ components of ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via improper handling of arrays or strings within these components. | 2024-04-08 | not yet calculated | CVE-2024-30666 cve@mitre.org |
| N/A — N/A
|
Insecure deserialization vulnerability in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or obtain sensitive information via crafted input to the data handling components. | 2024-04-08 | not yet calculated | CVE-2024-30667 cve@mitre.org |
| N/A — N/A
|
Arbitrary file upload vulnerability in ROS (Robot Operating System) Melodic Morenia in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via the file upload component. | 2024-04-08 | not yet calculated | CVE-2024-30672 cve@mitre.org |
| N/A — N/A
|
Unauthorized access vulnerability in ROS2 Iron Irwini in ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to gain control of multiple ROS2 nodes. Unauthorized information access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. | 2024-04-08 | not yet calculated | CVE-2024-30674 cve@mitre.org |
| N/A — N/A
|
Unauthorized node injection vulnerability in ROS2 Iron Irwini in ROS_VERSION 2 and ROS_PYTHON_VERSION 3. This vulnerability could allow a malicious user to escalate privileges by injecting malicious ROS2 nodes into the system remotely. | 2024-04-08 | not yet calculated | CVE-2024-30675 cve@mitre.org |
| N/A — N/A
|
A Denial-of-Service (DoS) vulnerability exists in ROS2 Iron Irwini versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. A malicious user could potentially exploit this vulnerability remotely to crash the ROS2 nodes, thereby causing a denial of service. The flaw allows an attacker to cause unexpected behavior in the operation of ROS2 nodes, which leads to their failure and interrupts the regular operation of the system, thus making it unavailable for its intended users. | 2024-04-09 | not yet calculated | CVE-2024-30676 cve@mitre.org |
| N/A — N/A
|
An issue has been discovered in ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to intercept and access this data. | 2024-04-09 | not yet calculated | CVE-2024-30678 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in the default configurations of ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to authenticate using default credentials. | 2024-04-09 | not yet calculated | CVE-2024-30679 cve@mitre.org |
| N/A — N/A
|
Shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Iron Irwini in versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-09 | not yet calculated | CVE-2024-30680 cve@mitre.org |
| N/A — N/A
|
An OS command injection vulnerability has been discovered in ROS2 Iron Irwini version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2. | 2024-04-09 | not yet calculated | CVE-2024-30681 cve@mitre.org |
| N/A — N/A
|
A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings. | 2024-04-09 | not yet calculated | CVE-2024-30683 cve@mitre.org |
| N/A — N/A
|
An insecure logging vulnerability has been identified within ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to access sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. | 2024-04-09 | not yet calculated | CVE-2024-30684 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system. | 2024-04-09 | not yet calculated | CVE-2024-30686 cve@mitre.org |
| N/A — N/A
|
An insecure deserialization vulnerability has been identified in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-09 | not yet calculated | CVE-2024-30687 cve@mitre.org |
| N/A — N/A
|
An arbitrary file upload vulnerability has been discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-09 | not yet calculated | CVE-2024-30688 cve@mitre.org |
| N/A — N/A
|
An unauthorized node injection vulnerability has been identified in ROS2 Galactic Geochelone versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to escalate privileges. | 2024-04-09 | not yet calculated | CVE-2024-30690 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 Galactic Geochelone in version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes. | 2024-04-09 | not yet calculated | CVE-2024-30691 cve@mitre.org |
| N/A — N/A
|
A issue was discovered in ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) in the ROS2 nodes. | 2024-04-09 | not yet calculated | CVE-2024-30692 cve@mitre.org |
| N/A — N/A
|
A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-09 | not yet calculated | CVE-2024-30694 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in the default configurations of ROS2 Galactic Geochelone versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. | 2024-04-09 | not yet calculated | CVE-2024-30695 cve@mitre.org |
| N/A — N/A
|
OS command injection vulnerability in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2, including External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-09 | not yet calculated | CVE-2024-30696 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. | 2024-04-09 | not yet calculated | CVE-2024-30697 cve@mitre.org |
| N/A — N/A
|
A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings. | 2024-04-09 | not yet calculated | CVE-2024-30699 cve@mitre.org |
| N/A — N/A
|
An insecure logging vulnerability in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. | 2024-04-09 | not yet calculated | CVE-2024-30701 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 Galactic Geochelone in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system. | 2024-04-09 | not yet calculated | CVE-2024-30702 cve@mitre.org |
| N/A — N/A
|
An arbitrary file upload vulnerability has been discovered in ROS2 (Robot Operating System 2) Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via a crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-09 | not yet calculated | CVE-2024-30703 cve@mitre.org |
| N/A — N/A
|
An insecure deserialization vulnerability has been identified in ROS2 Galactic Geochelone ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-09 | not yet calculated | CVE-2024-30704 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 Dashing Diademata versions ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS2 nodes. | 2024-04-09 | not yet calculated | CVE-2024-30706 cve@mitre.org |
| N/A — N/A
|
Unauthorized node injection vulnerability in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS2 nodes into the system. | 2024-04-10 | not yet calculated | CVE-2024-30707 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS2 nodes. | 2024-04-10 | not yet calculated | CVE-2024-30708 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, where the system transmits messages in plaintext. This flaw exposes sensitive information, making it vulnerable to man-in-the-middle (MitM) attacks, and allowing attackers to easily intercept and access this data. | 2024-04-10 | not yet calculated | CVE-2024-30710 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in the default configurations of ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. | 2024-04-10 | not yet calculated | CVE-2024-30711 cve@mitre.org |
| N/A — N/A
|
A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-10 | not yet calculated | CVE-2024-30712 cve@mitre.org |
| N/A — N/A
|
An OS command injection vulnerability has been discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-10 | not yet calculated | CVE-2024-30713 cve@mitre.org |
| N/A — N/A
|
A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings. | 2024-04-10 | not yet calculated | CVE-2024-30715 cve@mitre.org |
| N/A — N/A
|
An insecure logging vulnerability in ROS2 Dashing Diademata ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attacks to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2. | 2024-04-10 | not yet calculated | CVE-2024-30716 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS2 Dashing Diademata in ROS_VERSION=2 and ROS_PYTHON_VERSION=3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system. | 2024-04-10 | not yet calculated | CVE-2024-30718 cve@mitre.org |
| N/A — N/A
|
An insecure deserialization vulnerability has been identified in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-10 | not yet calculated | CVE-2024-30719 cve@mitre.org |
| N/A — N/A
|
An arbitrary file upload vulnerability has been discovered in ROS2 Dashing Diademata in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via a crafted payload to the file upload mechanism of the ROS2 system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-10 | not yet calculated | CVE-2024-30721 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to cause a denial of service (DoS) via the ROS nodes. | 2024-04-10 | not yet calculated | CVE-2024-30722 cve@mitre.org |
| N/A — N/A
|
An unauthorized node injection vulnerability has been identified in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS nodes into the system due to insecure permissions. | 2024-04-10 | not yet calculated | CVE-2024-30723 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, obtain sensitive information, and gain unauthorized access to multiple ROS nodes. | 2024-04-10 | not yet calculated | CVE-2024-30724 cve@mitre.org |
| N/A — N/A
|
A shell injection vulnerability was discovered in ROS (Robot Operating System) Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS handles shell command execution in components like command interpreters or interfaces that process external inputs. | 2024-04-10 | not yet calculated | CVE-2024-30726 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS Kinetic Kame in Kinetic Kame ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, where the system transmits messages in plaintext, allowing attackers to obtain sensitive information via a man-in-the-middle attack. | 2024-04-10 | not yet calculated | CVE-2024-30727 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in the default configurations of ROS (Robot Operating System) Kinetic Kame ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials. | 2024-04-10 | not yet calculated | CVE-2024-30728 cve@mitre.org |
| N/A — N/A
|
An OS command injection vulnerability has been discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the External Command Execution Modules, System Call Handlers, and Interface Scripts. | 2024-04-10 | not yet calculated | CVE-2024-30729 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An insecure logging vulnerability has been identified within ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows attackers to obtain sensitive information via inadequate security measures implemented within the logging mechanisms of ROS. | 2024-04-10 | not yet calculated | CVE-2024-30730 cve@mitre.org |
| N/A — N/A
|
A buffer overflow vulnerability has been discovered in the C++ components of ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a denial of service (DoS) via improper handling of arrays or strings within these components. | 2024-04-10 | not yet calculated | CVE-2024-30733 cve@mitre.org |
| N/A — N/A
|
An arbitrary file upload vulnerability has been discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via crafted payload to the file upload mechanism of the ROS system, including the server’s functionality for handling file uploads and the associated validation processes. | 2024-04-10 | not yet calculated | CVE-2024-30735 cve@mitre.org |
| N/A — N/A
|
An insecure deserialization vulnerability has been identified in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code and obtain sensitive information via the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces. | 2024-04-10 | not yet calculated | CVE-2024-30736 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS system. | 2024-04-10 | not yet calculated | CVE-2024-30737 cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. | 2024-04-12 | not yet calculated | CVE-2024-30845 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go | 2024-04-12 | not yet calculated | CVE-2024-30850 cve@mitre.org |
| N/A — N/A
|
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. | 2024-04-11 | not yet calculated | CVE-2024-30878 cve@mitre.org |
| N/A — N/A
|
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. | 2024-04-11 | not yet calculated | CVE-2024-30879 cve@mitre.org |
| N/A — N/A
|
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function. | 2024-04-11 | not yet calculated | CVE-2024-30880 cve@mitre.org |
| N/A — N/A
|
Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function. | 2024-04-11 | not yet calculated | CVE-2024-30883 cve@mitre.org |
| N/A — N/A
|
Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. | 2024-04-11 | not yet calculated | CVE-2024-30884 cve@mitre.org |
| N/A — N/A
|
Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . | 2024-04-11 | not yet calculated | CVE-2024-30885 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component. | 2024-04-11 | not yet calculated | CVE-2024-30915 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component. | 2024-04-11 | not yet calculated | CVE-2024-30916 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | 2024-04-11 | not yet calculated | CVE-2024-30917 cve@mitre.org |
| N/A — N/A
|
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. | 2024-04-08 | not yet calculated | CVE-2024-31022 cve@mitre.org |
| N/A — N/A
|
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. | 2024-04-08 | not yet calculated | CVE-2024-31047 cve@mitre.org |
| N/A — N/A
|
Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the “id” parameter in admin/admin_cs.php. | 2024-04-09 | not yet calculated | CVE-2024-31506 cve@mitre.org |
| N/A — N/A
|
Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the “request” parameter in admin/fetch_gendercs.php. | 2024-04-09 | not yet calculated | CVE-2024-31507 cve@mitre.org |
| N/A — N/A
|
A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record. | 2024-04-09 | not yet calculated | CVE-2024-31544 cve@mitre.org |
| N/A — N/A
|
Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the “password” parameter in the “login.php” file. | 2024-04-11 | not yet calculated | CVE-2024-31678 cve@mitre.org |
| N/A — N/A
|
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. | 2024-04-08 | not yet calculated | CVE-2024-31805 cve@mitre.org |
| N/A — N/A
|
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. | 2024-04-08 | not yet calculated | CVE-2024-31806 cve@mitre.org |
| N/A — N/A
|
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. | 2024-04-08 | not yet calculated | CVE-2024-31807 cve@mitre.org |
| N/A — N/A
|
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | 2024-04-08 | not yet calculated | CVE-2024-31808 cve@mitre.org |
| N/A — N/A
|
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. | 2024-04-08 | not yet calculated | CVE-2024-31809 cve@mitre.org |
| N/A — N/A
|
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. | 2024-04-08 | not yet calculated | CVE-2024-31811 cve@mitre.org |
| N/A — N/A
|
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. | 2024-04-08 | not yet calculated | CVE-2024-31812 cve@mitre.org |
| N/A — N/A
|
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. | 2024-04-08 | not yet calculated | CVE-2024-31813 cve@mitre.org |
| N/A — N/A
|
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. | 2024-04-08 | not yet calculated | CVE-2024-31814 cve@mitre.org |
| N/A — N/A
|
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh | 2024-04-08 | not yet calculated | CVE-2024-31815 cve@mitre.org |
| N/A — N/A
|
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. | 2024-04-08 | not yet calculated | CVE-2024-31816 cve@mitre.org |
| N/A — N/A
|
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. | 2024-04-08 | not yet calculated | CVE-2024-31817 cve@mitre.org |
| N/A — N/A
|
Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. | 2024-04-12 | not yet calculated | CVE-2024-31818 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | 2024-04-10 | not yet calculated | CVE-2024-31819 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. | 2024-04-12 | not yet calculated | CVE-2024-31839 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. | 2024-04-07 | not yet calculated | CVE-2024-31948 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. | 2024-04-07 | not yet calculated | CVE-2024-31949 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated). | 2024-04-07 | not yet calculated | CVE-2024-31950 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated). | 2024-04-07 | not yet calculated | CVE-2024-31951 cve@mitre.org cve@mitre.org |
| N/A — N/A
|
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. | 2024-04-13 | not yet calculated | CVE-2024-32487 cve@mitre.org cve@mitre.org cve@mitre.org |
| N/A — N/A
|
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | 2024-04-10 | not yet calculated | CVE-2024-3566 cret@cert.org cret@cert.org cret@cert.org cret@cert.org cret@cert.org cret@cert.org cret@cert.org |