Latest vulnerabilities [Friday, February 09, 2024]

Latest vulnerabilities [Friday, February 09, 2024]
{{titre}}

Last update performed on 02/09/2024 at 11:57:05 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : hq.dhs.gov

Vulnerability ID : CVE-2023-46687

First published on : 09-02-2024 04:15:07
Last modified on : 09-02-2024 14:31:23

Description :
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.

CVE ID : CVE-2023-46687
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01 | source : ics-cert@hq.dhs.gov
https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-77


Source : fortinet.com

Vulnerability ID : CVE-2024-21762

First published on : 09-02-2024 09:15:08
Last modified on : 09-02-2024 14:31:23

Description :
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

CVE ID : CVE-2024-21762
Source : psirt@fortinet.com
CVSS Score : 9.8

References :
https://fortiguard.com/psirt/FG-IR-24-015 | source : psirt@fortinet.com

Vulnerability : CWE-787


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6677

First published on : 09-02-2024 14:15:08
Last modified on : 09-02-2024 14:26:32

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.This issue affects Online Collection: before v.1.0.2.

CVE ID : CVE-2023-6677
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-24-0100 | source : iletisim@usom.gov.tr

Vulnerability : CWE-89


Source : github.com

Vulnerability ID : CVE-2024-24825

First published on : 09-02-2024 00:15:08
Last modified on : 09-02-2024 01:37:53

Description :
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-24825
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/DIRACGrid/DIRAC/commit/f9ddab755b9a69acb85e14d2db851d8ac0c9648c | source : security-advisories@github.com
https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j | source : security-advisories@github.com

Vulnerability : CWE-200


(7) HIGH VULNERABILITIES [7.0, 8.9]

Source : github.com

Vulnerability ID : CVE-2024-24821

First published on : 09-02-2024 00:15:08
Last modified on : 09-02-2024 01:37:53

Description :
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh rm vendor/composer/installed.php vendor/composer/InstalledVersions.php composer install --no-scripts --no-plugins ```

CVE ID : CVE-2024-24821
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 | source : security-advisories@github.com
https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h | source : security-advisories@github.com

Vulnerability : CWE-829


Vulnerability ID : CVE-2024-24820

First published on : 09-02-2024 00:15:08
Last modified on : 09-02-2024 01:37:53

Description :
Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being.

CVE ID : CVE-2024-24820
Source : security-advisories@github.com
CVSS Score : 8.3

References :
https://blog.mozilla.org/en/mozilla/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ | source : security-advisories@github.com
https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3 | source : security-advisories@github.com
https://github.com/Icinga/icingaweb2/issues?q=is%3Aissue++is%3Aclosed+4979+4960+4947 | source : security-advisories@github.com
https://github.com/nbuchwitz/icingaweb2-module-map/pull/86 | source : security-advisories@github.com
https://support.apple.com/en-is/guide/safari/sfri11471/16.0 | source : security-advisories@github.com
https://www.chromium.org/updates/same-site/ | source : security-advisories@github.com

Vulnerability : CWE-352


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6724

First published on : 09-02-2024 13:15:41
Last modified on : 09-02-2024 14:26:32

Description :
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.

CVE ID : CVE-2023-6724
Source : iletisim@usom.gov.tr
CVSS Score : 8.8

References :
https://www.usom.gov.tr/bildirim/tr-24-0099 | source : iletisim@usom.gov.tr

Vulnerability : CWE-639


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-51761

First published on : 09-02-2024 04:15:08
Last modified on : 09-02-2024 14:31:23

Description :
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities.

CVE ID : CVE-2023-51761
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.3

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01 | source : ics-cert@hq.dhs.gov
https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-287


Source : redhat.com

Vulnerability ID : CVE-2024-0229

First published on : 09-02-2024 07:16:00
Last modified on : 09-02-2024 14:31:23

Description :
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

CVE ID : CVE-2024-0229
Source : secalert@redhat.com
CVSS Score : 7.8

References :
https://access.redhat.com/errata/RHSA-2024:0320 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0557 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0558 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0597 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0607 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0614 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0617 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0621 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0626 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0629 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-0229 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2256690 | source : secalert@redhat.com

Vulnerability : CWE-788


Source : us.ibm.com

Vulnerability ID : CVE-2023-45191

First published on : 09-02-2024 01:15:08
Last modified on : 09-02-2024 01:37:53

Description :
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.

CVE ID : CVE-2023-45191
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/268755 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7116045 | source : psirt@us.ibm.com

Vulnerability : CWE-307


Source : wordfence.com

Vulnerability ID : CVE-2024-0842

First published on : 09-02-2024 05:15:08
Last modified on : 09-02-2024 14:31:23

Description :
The Backuply โ€“ Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.

CVE ID : CVE-2024-0842
Source : security@wordfence.com
CVSS Score : 7.5

References :
https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve | source : security@wordfence.com


(17) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : hq.dhs.gov

Vulnerability ID : CVE-2023-43609

First published on : 09-02-2024 04:15:07
Last modified on : 09-02-2024 14:31:23

Description :
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.

CVE ID : CVE-2023-43609
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.9

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01 | source : ics-cert@hq.dhs.gov
https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-285


Vulnerability ID : CVE-2023-49716

First published on : 09-02-2024 04:15:08
Last modified on : 09-02-2024 14:31:23

Description :
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.

CVE ID : CVE-2023-49716
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.9

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-01 | source : ics-cert@hq.dhs.gov
https://www.emerson.com/documents/automation/security-notification-emerson-gas-chromatographs-cyber-security-notification-icsa-24-030-01-en-10103910.pdf | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-77


Source : us.ibm.com

Vulnerability ID : CVE-2023-32341

First published on : 09-02-2024 01:15:08
Last modified on : 09-02-2024 01:37:53

Description :
IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827.

CVE ID : CVE-2023-32341
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/255827 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7116081 | source : psirt@us.ibm.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2024-22332

First published on : 09-02-2024 01:15:09
Last modified on : 09-02-2024 01:37:53

Description :
The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972.

CVE ID : CVE-2024-22332
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/279972 | source : psirt@us.ibm.com
https://https://www.ibm.com/support/pages/node/7116046 | source : psirt@us.ibm.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-45187

First published on : 09-02-2024 01:15:08
Last modified on : 09-02-2024 01:37:53

Description :
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.

CVE ID : CVE-2023-45187
Source : psirt@us.ibm.com
CVSS Score : 6.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/268749 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7116045 | source : psirt@us.ibm.com

Vulnerability : CWE-613


Vulnerability ID : CVE-2023-45190

First published on : 09-02-2024 01:15:08
Last modified on : 09-02-2024 01:37:53

Description :
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.

CVE ID : CVE-2023-45190
Source : psirt@us.ibm.com
CVSS Score : 5.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/268754 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7116045 | source : psirt@us.ibm.com


Vulnerability ID : CVE-2024-22318

First published on : 09-02-2024 01:15:09
Last modified on : 09-02-2024 18:15:08

Description :
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.

CVE ID : CVE-2024-22318
Source : psirt@us.ibm.com
CVSS Score : 5.1

References :
http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html | source : psirt@us.ibm.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/279091 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7116091 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-42016

First published on : 09-02-2024 01:15:08
Last modified on : 09-02-2024 01:37:53

Description :
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559.

CVE ID : CVE-2023-42016
Source : psirt@us.ibm.com
CVSS Score : 4.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/265559 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7116083 | source : psirt@us.ibm.com

Vulnerability : CWE-614


Source : vuldb.com

Vulnerability ID : CVE-2024-1353

First published on : 09-02-2024 01:15:09
Last modified on : 09-02-2024 01:37:53

Description :
A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-1353
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/nxGzfEB6fFVY | source : cna@vuldb.com
https://vuldb.com/?ctiid.253226 | source : cna@vuldb.com
https://vuldb.com/?id.253226 | source : cna@vuldb.com

Vulnerability : CWE-502


Source : hcl.com

Vulnerability ID : CVE-2023-50349

First published on : 09-02-2024 21:15:07
Last modified on : 09-02-2024 21:15:07

Description :
Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.

CVE ID : CVE-2023-50349
Source : psirt@hcl.com
CVSS Score : 5.9

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 | source : psirt@hcl.com


Source : zabbix.com

Vulnerability ID : CVE-2024-22119

First published on : 09-02-2024 09:15:08
Last modified on : 09-02-2024 14:31:23

Description :
The cause of vulnerability is improper validation of form input field โ€œNameโ€ on Graph page in Items section.

CVE ID : CVE-2024-22119
Source : security@zabbix.com
CVSS Score : 5.5

References :
https://support.zabbix.com/browse/ZBX-24070 | source : security@zabbix.com

Vulnerability : CWE-20


Source : github.com

Vulnerability ID : CVE-2024-24819

First published on : 09-02-2024 01:15:10
Last modified on : 09-02-2024 01:37:53

Description :
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-24819
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/Icinga/icingaweb2-module-incubator/commit/db7dc49585fee0b4e96be666d7f6009a74a1ccb5 | source : security-advisories@github.com
https://github.com/Icinga/icingaweb2-module-incubator/security/advisories/GHSA-p8vv-9pqq-rm8p | source : security-advisories@github.com
https://github.com/search?q=gipfl%5CWeb%5CForm%3B&type=code | source : security-advisories@github.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-23639

First published on : 09-02-2024 01:15:09
Last modified on : 09-02-2024 01:37:53

Description :
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.

CVE ID : CVE-2024-23639
Source : security-advisories@github.com
CVSS Score : 5.1

References :
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests | source : security-advisories@github.com
https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf | source : security-advisories@github.com

Vulnerability : CWE-15
Vulnerability : CWE-610
Vulnerability : CWE-664


Vulnerability ID : CVE-2024-24829

First published on : 09-02-2024 00:15:09
Last modified on : 09-02-2024 01:37:53

Description :
Sentry is an error tracking and performance monitoring platform. Sentryโ€™s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-24829
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/getsentry/self-hosted/releases/tag/24.1.2 | source : security-advisories@github.com
https://github.com/getsentry/sentry/pull/64882 | source : security-advisories@github.com
https://github.com/getsentry/sentry/security/advisories/GHSA-rqxh-fp9p-p98r | source : security-advisories@github.com

Vulnerability : CWE-918


Source : wordfence.com

Vulnerability ID : CVE-2024-1122

First published on : 09-02-2024 05:15:08
Last modified on : 09-02-2024 14:31:23

Description :
The Event Manager, Events Calendar, Events Tickets for WooCommerce โ€“ Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.

CVE ID : CVE-2024-1122
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset/3033231/wp-event-solution/tags/3.3.51/core/admin/hooks.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0cbdf679-1657-4249-a433-8fe0cddd94be?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0657

First published on : 09-02-2024 05:15:08
Last modified on : 09-02-2024 14:31:23

Description :
The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0657
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve | source : security@wordfence.com


Source : mattermost.com

Vulnerability ID : CVE-2024-1402

First published on : 09-02-2024 16:15:07
Last modified on : 09-02-2024 17:31:15

Description :
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post.

CVE ID : CVE-2024-1402
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-400


(8) LOW VULNERABILITIES [0.1, 3.9]

Source : hcl.com

Vulnerability ID : CVE-2023-45718

First published on : 09-02-2024 22:15:08
Last modified on : 09-02-2024 22:15:08

Description :
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session.

CVE ID : CVE-2023-45718
Source : psirt@hcl.com
CVSS Score : 3.9

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-45716

First published on : 09-02-2024 22:15:07
Last modified on : 09-02-2024 22:15:07

Description :
Sametime is impacted by sensitive information passed in URL.

CVE ID : CVE-2023-45716
Source : psirt@hcl.com
CVSS Score : 1.7

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082 | source : psirt@hcl.com


Source : mattermost.com

Vulnerability ID : CVE-2024-23319

First published on : 09-02-2024 15:15:08
Last modified on : 09-02-2024 17:31:15

Description :
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.

CVE ID : CVE-2024-23319
Source : responsibledisclosure@mattermost.com
CVSS Score : 3.5

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-24774

First published on : 09-02-2024 15:15:08
Last modified on : 09-02-2024 17:31:15

Description :
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

CVE ID : CVE-2024-24774
Source : responsibledisclosure@mattermost.com
CVSS Score : 3.4

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-863


Vulnerability ID : CVE-2024-24776

First published on : 09-02-2024 15:15:08
Last modified on : 09-02-2024 17:31:15

Description :
Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions.

CVE ID : CVE-2024-24776
Source : responsibledisclosure@mattermost.com
CVSS Score : 3.1

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Source : ff5b8ace-8b95-4078-9743-eac1ca5451de

Vulnerability ID : CVE-2024-1245

First published on : 09-02-2024 20:15:54
Last modified on : 09-02-2024 22:15:08

Description :
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.

CVE ID : CVE-2024-1245
Source : ff5b8ace-8b95-4078-9743-eac1ca5451de
CVSS Score : 2.4

References :
https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes | source : ff5b8ace-8b95-4078-9743-eac1ca5451de
https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory | source : ff5b8ace-8b95-4078-9743-eac1ca5451de

Vulnerability : CWE-20


Vulnerability ID : CVE-2024-1247

First published on : 09-02-2024 19:15:24
Last modified on : 09-02-2024 20:15:54

Description :
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability.

CVE ID : CVE-2024-1247
Source : ff5b8ace-8b95-4078-9743-eac1ca5451de
CVSS Score : 2.0

References :
https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes | source : ff5b8ace-8b95-4078-9743-eac1ca5451de
https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory | source : ff5b8ace-8b95-4078-9743-eac1ca5451de

Vulnerability : CWE-20


Vulnerability ID : CVE-2024-1246

First published on : 09-02-2024 20:15:54
Last modified on : 09-02-2024 22:15:08

Description :
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website userโ€™s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.

CVE ID : CVE-2024-1246
Source : ff5b8ace-8b95-4078-9743-eac1ca5451de
CVSS Score : 2.0

References :
https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes | source : ff5b8ace-8b95-4078-9743-eac1ca5451de
https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory | source : ff5b8ace-8b95-4078-9743-eac1ca5451de

Vulnerability : CWE-20


(43) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-31506

First published on : 09-02-2024 07:15:59
Last modified on : 09-02-2024 14:31:23

Description :
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.

CVE ID : CVE-2023-31506
Source : cve@mitre.org
CVSS Score : /

References :
https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31506 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39683

First published on : 09-02-2024 07:15:59
Last modified on : 09-02-2024 14:31:23

Description :
Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.

CVE ID : CVE-2023-39683
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zalify/easy-email/issues/321 | source : cve@mitre.org
https://github.com/zalify/easy-email/issues/373 | source : cve@mitre.org
https://medium.com/%40vificatem/cve-2023-39683-dom-xss-on-json-source-code-panel-in-zalify-easy-email-3fa08f3e0d49 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25003

First published on : 09-02-2024 07:16:00
Last modified on : 09-02-2024 14:31:23

Description :
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.

CVE ID : CVE-2024-25003
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html | source : cve@mitre.org
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25004

First published on : 09-02-2024 07:16:00
Last modified on : 09-02-2024 14:31:23

Description :
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.

CVE ID : CVE-2024-25004
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html | source : cve@mitre.org
https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 | source : cve@mitre.org


Vulnerability ID : CVE-2023-46350

First published on : 09-02-2024 08:15:08
Last modified on : 09-02-2024 14:31:23

Description :
SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.

CVE ID : CVE-2023-46350
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/02/08/idxrmanufacturer.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-50026

First published on : 09-02-2024 08:15:08
Last modified on : 09-02-2024 14:31:23

Description :
SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().

CVE ID : CVE-2023-50026
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/02/08/hsmultiaccessoriespro.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-23749

First published on : 09-02-2024 08:15:08
Last modified on : 09-02-2024 14:31:23

Description :
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.

CVE ID : CVE-2024-23749
Source : cve@mitre.org
CVSS Score : /

References :
http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html | source : cve@mitre.org
https://blog.defcesco.io/CVE-2024-23749 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24308

First published on : 09-02-2024 08:15:08
Last modified on : 09-02-2024 14:31:23

Description :
SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.

CVE ID : CVE-2024-24308
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/02/08/boostmyshopagent.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-25674

First published on : 09-02-2024 09:15:08
Last modified on : 09-02-2024 14:31:23

Description :
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.

CVE ID : CVE-2024-25674
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/312d2d5422235235ddd211dcb6bb5bb09c07791f | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25675

First published on : 09-02-2024 09:15:08
Last modified on : 09-02-2024 14:26:32

Description :
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.

CVE ID : CVE-2024-25675
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/0ac2468c2896f4be4ef9219cfe02bff164411594 | source : cve@mitre.org
https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25677

First published on : 09-02-2024 09:15:08
Last modified on : 09-02-2024 14:26:32

Description :
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.

CVE ID : CVE-2024-25677
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/minbrowser/min/security/advisories/GHSA-4w9v-7h8h-rv8x | source : cve@mitre.org


Vulnerability ID : CVE-2024-25678

First published on : 09-02-2024 10:15:08
Last modified on : 09-02-2024 14:26:32

Description :
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.

CVE ID : CVE-2024-25678
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/litespeedtech/lsquic/commit/515f453556c99d27c4dddb5424898dc1a5537708 | source : cve@mitre.org
https://github.com/litespeedtech/lsquic/releases/tag/v4.0.4 | source : cve@mitre.org
https://www.rfc-editor.org/rfc/rfc9001 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25679

First published on : 09-02-2024 10:15:08
Last modified on : 09-02-2024 14:26:32

Description :
In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.

CVE ID : CVE-2024-25679
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/p-quic/pquic/issues/35 | source : cve@mitre.org
https://github.com/p-quic/pquic/pull/39 | source : cve@mitre.org
https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys | source : cve@mitre.org


Vulnerability ID : CVE-2024-25304

First published on : 09-02-2024 13:15:41
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."

CVE ID : CVE-2024-25304
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25305

First published on : 09-02-2024 13:15:41
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.

CVE ID : CVE-2024-25305
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20Authentication%20Bypass.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25306

First published on : 09-02-2024 13:15:42
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".

CVE ID : CVE-2024-25306
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-1.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25308

First published on : 09-02-2024 13:15:42
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.

CVE ID : CVE-2024-25308
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-6.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25309

First published on : 09-02-2024 13:15:42
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.

CVE ID : CVE-2024-25309
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-7.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25312

First published on : 09-02-2024 13:15:42
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."

CVE ID : CVE-2024-25312
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-5.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25313

First published on : 09-02-2024 13:15:42
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.

CVE ID : CVE-2024-25313
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20Authentication%20Bypass%20-%202.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25302

First published on : 09-02-2024 14:15:08
Last modified on : 09-02-2024 14:26:32

Description :
Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.

CVE ID : CVE-2024-25302
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVE/blob/main/Event_Student_Attendance_System.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25307

First published on : 09-02-2024 14:15:08
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."

CVE ID : CVE-2024-25307
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Cinema%20Seat%20Reservation%20System/Cinema%20Seat%20Reservation%20System%20-%20SQL%20Injection.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25310

First published on : 09-02-2024 14:15:08
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."

CVE ID : CVE-2024-25310
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-3.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25314

First published on : 09-02-2024 14:15:08
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.

CVE ID : CVE-2024-25314
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-2.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25315

First published on : 09-02-2024 14:15:08
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.

CVE ID : CVE-2024-25315
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-1.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25316

First published on : 09-02-2024 14:15:08
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.

CVE ID : CVE-2024-25316
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-4.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25318

First published on : 09-02-2024 14:15:09
Last modified on : 09-02-2024 14:26:32

Description :
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.

CVE ID : CVE-2024-25318
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-3.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25442

First published on : 09-02-2024 15:15:08
Last modified on : 09-02-2024 17:31:15

Description :
An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.

CVE ID : CVE-2024-25442
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.launchpad.net/hugin/+bug/2025032 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25443

First published on : 09-02-2024 15:15:08
Last modified on : 09-02-2024 17:31:15

Description :
An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.

CVE ID : CVE-2024-25443
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.launchpad.net/hugin/+bug/2025035 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25445

First published on : 09-02-2024 15:15:08
Last modified on : 09-02-2024 17:31:15

Description :
Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.

CVE ID : CVE-2024-25445
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.launchpad.net/hugin/+bug/2025038 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25446

First published on : 09-02-2024 15:15:08
Last modified on : 09-02-2024 17:31:15

Description :
An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.

CVE ID : CVE-2024-25446
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.launchpad.net/hugin/+bug/2025037 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25447

First published on : 09-02-2024 15:15:08
Last modified on : 09-02-2024 17:31:15

Description :
An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.

CVE ID : CVE-2024-25447
Source : cve@mitre.org
CVSS Score : /

References :
https://git.enlightenment.org/old/legacy-imlib2/issues/20 | source : cve@mitre.org
https://github.com/derf/feh/issues/709 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25448

First published on : 09-02-2024 15:15:09
Last modified on : 09-02-2024 17:31:15

Description :
An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.

CVE ID : CVE-2024-25448
Source : cve@mitre.org
CVSS Score : /

References :
https://git.enlightenment.org/old/legacy-imlib2/issues/20 | source : cve@mitre.org
https://github.com/derf/feh/issues/711 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25450

First published on : 09-02-2024 15:15:09
Last modified on : 09-02-2024 17:31:15

Description :
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().

CVE ID : CVE-2024-25450
Source : cve@mitre.org
CVSS Score : /

References :
https://git.enlightenment.org/old/legacy-imlib2/issues/20 | source : cve@mitre.org
https://github.com/derf/feh/issues/712 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25451

First published on : 09-02-2024 15:15:09
Last modified on : 09-02-2024 17:31:15

Description :
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.

CVE ID : CVE-2024-25451
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/axiomatic-systems/Bento4/issues/872 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25452

First published on : 09-02-2024 15:15:09
Last modified on : 09-02-2024 17:31:15

Description :
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.

CVE ID : CVE-2024-25452
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/axiomatic-systems/Bento4/issues/873 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25453

First published on : 09-02-2024 15:15:09
Last modified on : 09-02-2024 17:31:15

Description :
Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.

CVE ID : CVE-2024-25453
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/axiomatic-systems/Bento4/issues/204 | source : cve@mitre.org
https://github.com/axiomatic-systems/Bento4/issues/874 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25454

First published on : 09-02-2024 15:15:09
Last modified on : 09-02-2024 17:31:15

Description :
Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.

CVE ID : CVE-2024-25454
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/axiomatic-systems/Bento4/issues/875 | source : cve@mitre.org


Source : redhat.com

Vulnerability ID : CVE-2023-6716

First published on : 09-02-2024 09:15:07
Last modified on : 09-02-2024 09:15:07

Description :
Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. All references and descriptions in this record have been removed to prevent accidental usage.

CVE ID : CVE-2023-6716
Source : secalert@redhat.com
CVSS Score : /

References :


Source : apache.org

Vulnerability ID : CVE-2023-50291

First published on : 09-02-2024 18:15:08
Last modified on : 09-02-2024 19:15:11

Description :
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint. This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI. This /admin/info/properties endpoint is protected under the "config-read" permission. Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission. Users are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue. A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps". By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password". Users who cannot upgrade can also use the following Java system property to fix the issue: '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'

CVE ID : CVE-2023-50291
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/02/09/4 | source : security@apache.org
https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies | source : security@apache.org

Vulnerability : CWE-522


Vulnerability ID : CVE-2023-50292

First published on : 09-02-2024 18:15:08
Last modified on : 09-02-2024 19:15:11

Description :
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets. However, when the feature was created, the "trust" (authentication) of these configSets was not considered. External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution. Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer. Users are recommended to upgrade to version 9.3.0, which fixes the issue.

CVE ID : CVE-2023-50292
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/02/09/3 | source : security@apache.org
https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions | source : security@apache.org

Vulnerability : CWE-732


Vulnerability ID : CVE-2023-50298

First published on : 09-02-2024 18:15:08
Last modified on : 09-02-2024 19:15:11

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides. An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost". Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.

CVE ID : CVE-2023-50298
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/02/09/2 | source : security@apache.org
http://www.openwall.com/lists/oss-security/2024/02/09/3 | source : security@apache.org
https://solr.apache.org/security.html#cve-2023-50298-apache-solr-can-expose-zookeeper-credentials-via-streaming-expressions | source : security@apache.org

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-50386

First published on : 09-02-2024 18:15:08
Last modified on : 09-02-2024 19:15:11

Description :
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.

CVE ID : CVE-2023-50386
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/02/09/1 | source : security@apache.org
https://solr.apache.org/security.html#cve-2023-50386-apache-solr-backuprestore-apis-allow-for-deployment-of-executables-in-malicious-configsets | source : security@apache.org

Vulnerability : CWE-434
Vulnerability : CWE-913


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.