Latest vulnerabilities [Friday, January 12, 2024]

Latest vulnerabilities [Friday, January 12, 2024]
{{titre}}

Last update performed on 01/12/2024 at 11:57:06 PM

(10) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : gitlab.com

Vulnerability ID : CVE-2023-7028

First published on : 12-01-2024 14:15:49
Last modified on : 12-01-2024 15:54:26

Description :
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

CVE ID : CVE-2023-7028
Source : cve@gitlab.com
CVSS Score : 10.0

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/436084 | source : cve@gitlab.com
https://hackerone.com/reports/2293343 | source : cve@gitlab.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-5356

First published on : 12-01-2024 14:15:48
Last modified on : 12-01-2024 15:54:26

Description :
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.

CVE ID : CVE-2023-5356
Source : cve@gitlab.com
CVSS Score : 9.6

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/427154 | source : cve@gitlab.com
https://hackerone.com/reports/2188868 | source : cve@gitlab.com

Vulnerability : CWE-863


Source : juniper.net

Vulnerability ID : CVE-2024-21591

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

CVE ID : CVE-2024-21591
Source : sirt@juniper.net
CVSS Score : 9.8

References :
https://supportportal.juniper.net/JSA75729 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-787


Source : bitdefender.com

Vulnerability ID : CVE-2023-49569

First published on : 12-01-2024 11:15:13
Last modified on : 12-01-2024 13:47:31

Description :
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli.

CVE ID : CVE-2023-49569
Source : cve-requests@bitdefender.com
CVSS Score : 9.8

References :
https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88 | source : cve-requests@bitdefender.com

Vulnerability : CWE-22


Source : github.com

Vulnerability ID : CVE-2023-51698

First published on : 12-01-2024 21:15:10
Last modified on : 12-01-2024 21:15:10

Description :
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.

CVE ID : CVE-2023-51698
Source : security-advisories@github.com
CVSS Score : 9.6

References :
https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed | source : security-advisories@github.com
https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2 | source : security-advisories@github.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-22206

First published on : 12-01-2024 20:15:47
Last modified on : 12-01-2024 20:15:47

Description :
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.

CVE ID : CVE-2024-22206
Source : security-advisories@github.com
CVSS Score : 9.0

References :
https://clerk.com/changelog/2024-01-12 | source : security-advisories@github.com
https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3 | source : security-advisories@github.com
https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg | source : security-advisories@github.com

Vulnerability : CWE-284
Vulnerability : CWE-287
Vulnerability : CWE-639


Source : nvidia.com

Vulnerability ID : CVE-2023-31029

First published on : 12-01-2024 19:15:09
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31029
Source : psirt@nvidia.com
CVSS Score : 9.3

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-31030

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31030
Source : psirt@nvidia.com
CVSS Score : 9.3

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-31024

First published on : 12-01-2024 19:15:09
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31024
Source : psirt@nvidia.com
CVSS Score : 9.0

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-121


Source : hackerone.com

Vulnerability ID : CVE-2024-21887

First published on : 12-01-2024 17:15:10
Last modified on : 12-01-2024 20:46:41

Description :
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

CVE ID : CVE-2024-21887
Source : support@hackerone.com
CVSS Score : 9.1

References :
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US | source : support@hackerone.com

Vulnerability : CWE-77

Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*


(24) HIGH VULNERABILITIES [7.0, 8.9]

Source : krcert.or.kr

Vulnerability ID : CVE-2023-40250

First published on : 12-01-2024 02:15:44
Last modified on : 12-01-2024 13:47:31

Description :
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.

CVE ID : CVE-2023-40250
Source : vuln@krcert.or.kr
CVSS Score : 8.8

References :
https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80 | source : vuln@krcert.or.kr

Vulnerability : CWE-120


Source : checkmk.com

Vulnerability ID : CVE-2023-31211

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 14:15:48

Description :
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials

CVE ID : CVE-2023-31211
Source : security@checkmk.com
CVSS Score : 8.8

References :
https://checkmk.com/werk/16227 | source : security@checkmk.com

Vulnerability : CWE-691


Vulnerability ID : CVE-2023-6735

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 14:15:49

Description :
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CVE ID : CVE-2023-6735
Source : security@checkmk.com
CVSS Score : 8.8

References :
https://checkmk.com/werk/16273 | source : security@checkmk.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-6740

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 14:15:49

Description :
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CVE ID : CVE-2023-6740
Source : security@checkmk.com
CVSS Score : 8.8

References :
https://checkmk.com/werk/16163 | source : security@checkmk.com

Vulnerability : CWE-427


Source : zoom.us

Vulnerability ID : CVE-2023-49647

First published on : 12-01-2024 22:15:45
Last modified on : 12-01-2024 22:15:45

Description :
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

CVE ID : CVE-2023-49647
Source : security@zoom.us
CVSS Score : 8.8

References :
https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/ | source : security@zoom.us

Vulnerability : CWE-284


Source : github.com

Vulnerability ID : CVE-2023-48297

First published on : 12-01-2024 21:15:09
Last modified on : 12-01-2024 21:15:09

Description :
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.

CVE ID : CVE-2023-48297
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37 | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-42463

First published on : 12-01-2024 21:15:09
Last modified on : 12-01-2024 21:15:09

Description :
Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.

CVE ID : CVE-2023-42463
Source : security-advisories@github.com
CVSS Score : 7.4

References :
https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r | source : security-advisories@github.com

Vulnerability : CWE-121


Source : hackerone.com

Vulnerability ID : CVE-2023-46805

First published on : 12-01-2024 17:15:09
Last modified on : 12-01-2024 20:46:59

Description :
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

CVE ID : CVE-2023-46805
Source : support@hackerone.com
CVSS Score : 8.2

References :
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US | source : support@hackerone.com

Vulnerability : CWE-287

Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*


Source : ubuntu.com

Vulnerability ID : CVE-2023-6040

First published on : 12-01-2024 02:15:44
Last modified on : 12-01-2024 13:47:31

Description :
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.

CVE ID : CVE-2023-6040
Source : security@ubuntu.com
CVSS Score : 7.8

References :
http://www.openwall.com/lists/oss-security/2024/01/12/1 | source : security@ubuntu.com
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2024/01/12/1 | source : security@ubuntu.com

Vulnerability : CWE-125


Source : gitlab.com

Vulnerability ID : CVE-2023-4812

First published on : 12-01-2024 14:15:48
Last modified on : 12-01-2024 15:54:26

Description :
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.

CVE ID : CVE-2023-4812
Source : cve@gitlab.com
CVSS Score : 7.6

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/424398 | source : cve@gitlab.com
https://hackerone.com/reports/2115574 | source : cve@gitlab.com

Vulnerability : CWE-284


Source : juniper.net

Vulnerability ID : CVE-2024-21595

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.

CVE ID : CVE-2024-21595
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://advisory.juniper.net/JSA75734 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-1286


Vulnerability ID : CVE-2024-21602

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS. This issue does not happen with IPv6 packets. This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L: * 21.4-EVO versions earlier than 21.4R3-S6-EVO; * 22.1-EVO versions earlier than 22.1R3-S5-EVO; * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.

CVE ID : CVE-2024-21602
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75743 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-476


Vulnerability ID : CVE-2024-21604

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring. The following log messages can be seen when this issue occurs: <host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet This issue affects Juniper Networks Junos OS Evolved: * All versions earlier than 20.4R3-S7-EVO; * 21.2R1-EVO and later versions; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S2-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO; * 22.4-EVO versions earlier than 22.4R2-EVO.

CVE ID : CVE-2024-21604
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75745 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-770


Vulnerability ID : CVE-2024-21606

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3.

CVE ID : CVE-2024-21606
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75747 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H | source : sirt@juniper.net

Vulnerability : CWE-415


Vulnerability ID : CVE-2024-21611

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1.

CVE ID : CVE-2024-21611
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75752 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-401


Vulnerability ID : CVE-2024-21612

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.

CVE ID : CVE-2024-21612
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75753 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-228


Vulnerability ID : CVE-2024-21614

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS * 22.2 versions earlier than 22.2R2-S2, 22.2R3; * 22.3 versions earlier than 22.3R2, 22.3R3. Juniper Networks Junos OS Evolved * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO. This issue does not affect Juniper Networks: Junos OS versions earlier than 22.2R1; Junos OS Evolved versions earlier than 22.2R1-EVO.

CVE ID : CVE-2024-21614
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75755 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-754


Vulnerability ID : CVE-2024-21616

First published on : 12-01-2024 01:15:50
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.

CVE ID : CVE-2024-21616
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75757 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-1286


Vulnerability ID : CVE-2024-21589

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0.

CVE ID : CVE-2024-21589
Source : sirt@juniper.net
CVSS Score : 7.4

References :
https://supportportal.juniper.net/JSA75727 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-284


Source : vmware.com

Vulnerability ID : CVE-2023-34061

First published on : 12-01-2024 07:15:11
Last modified on : 12-01-2024 13:47:31

Description :
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

CVE ID : CVE-2023-34061
Source : security@vmware.com
CVSS Score : 7.5

References :
https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/ | source : security@vmware.com


Source : bitdefender.com

Vulnerability ID : CVE-2023-49568

First published on : 12-01-2024 11:15:12
Last modified on : 12-01-2024 13:47:31

Description :
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.

CVE ID : CVE-2023-49568
Source : cve-requests@bitdefender.com
CVSS Score : 7.5

References :
https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r | source : cve-requests@bitdefender.com

Vulnerability : CWE-20


Source : nvidia.com

Vulnerability ID : CVE-2023-31036

First published on : 12-01-2024 17:15:09
Last modified on : 12-01-2024 18:05:43

Description :
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVE ID : CVE-2023-31036
Source : psirt@nvidia.com
CVSS Score : 7.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5509 | source : psirt@nvidia.com

Vulnerability : CWE-23


Vulnerability ID : CVE-2023-31032

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.

CVE ID : CVE-2023-31032
Source : psirt@nvidia.com
CVSS Score : 7.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-627


Vulnerability ID : CVE-2023-31035

First published on : 12-01-2024 19:15:11
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVE ID : CVE-2023-31035
Source : psirt@nvidia.com
CVSS Score : 7.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-20


(45) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : nvidia.com

Vulnerability ID : CVE-2023-31033

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31033
Source : psirt@nvidia.com
CVSS Score : 6.8

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-31034

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31034
Source : psirt@nvidia.com
CVSS Score : 6.6

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-31025

First published on : 12-01-2024 19:15:09
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.

CVE ID : CVE-2023-31025
Source : psirt@nvidia.com
CVSS Score : 6.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-90


Vulnerability ID : CVE-2023-31031

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31031
Source : psirt@nvidia.com
CVSS Score : 4.2

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-122


Source : gitlab.com

Vulnerability ID : CVE-2023-6955

First published on : 12-01-2024 14:15:49
Last modified on : 12-01-2024 15:54:26

Description :
An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

CVE ID : CVE-2023-6955
Source : cve@gitlab.com
CVSS Score : 6.6

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/432188 | source : cve@gitlab.com

Vulnerability : CWE-284


Source : juniper.net

Vulnerability ID : CVE-2023-36842

First published on : 12-01-2024 01:15:45
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R2.

CVE ID : CVE-2023-36842
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75730 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-703


Vulnerability ID : CVE-2024-21587

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation. user@junos> show system processes extensive | match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive | match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.

CVE ID : CVE-2024-21587
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75725 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-755


Vulnerability ID : CVE-2024-21599

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2.

CVE ID : CVE-2024-21599
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75740 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-401


Vulnerability ID : CVE-2024-21600

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover. Please note that this issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x. Other PTX Series devices and Line Cards (LC) are not affected. The following log message can be seen when the issue occurs: Cmerror Op Set: Host Loopback: HOST LOOPBACK WEDGE DETECTED IN PATH ID <id> (URI: /fpc/<fpc>/pfe/<pfe>/cm/<cm>/Host_Loopback/<cm>/HOST_LOOPBACK_MAKE_CMERROR_ID[<id>]) This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S8; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R2-S2, 22.1R3; * 22.2 versions earlier than 22.2R2-S1, 22.2R3.

CVE ID : CVE-2024-21600
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75741 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-76


Vulnerability ID : CVE-2024-21603

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU statistics are gathered by executing specific SNMP requests or CLI commands, a 'vmcore' for the RE kernel will be seen which leads to a device restart. Continued exploitation of this issue will lead to a sustained DoS. This issue only affects MX Series devices with MPC10, MPC11 or LC9600, and MX304. No other MX Series devices are affected. This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R2; * 22.3 versions earlier than 22.3R2.

CVE ID : CVE-2024-21603
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75744 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-754


Vulnerability ID : CVE-2024-21613

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can be monitored using the below command. user@host> show task memory detail | match patroot This issue affects: Juniper Networks Junos OS * All versions earlier than 21.2R3-S3; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-EVO; * 22.1 versions earlier than 22.1R3-EVO; * 22.2 versions earlier than 22.2R3-EVO.

CVE ID : CVE-2024-21613
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75754 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-401


Vulnerability ID : CVE-2024-21617

First published on : 12-01-2024 01:15:50
Last modified on : 12-01-2024 13:47:31

Description :
An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services. The memory usage can be monitored using the below commands. user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects: Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2. This issue does not affect Junos OS versions earlier than 20.4R3-S7.

CVE ID : CVE-2024-21617
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75758 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-459


Vulnerability ID : CVE-2024-21585

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition. This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable. When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.

CVE ID : CVE-2024-21585
Source : sirt@juniper.net
CVSS Score : 5.9

References :
https://supportportal.juniper.net/JSA75723 | source : sirt@juniper.net
https://supportportal.juniper.net/s/article/MX-GR-and-LLGR-capability-and-compatibility-changes-after-15-1-release | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-755


Vulnerability ID : CVE-2024-21601

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.

CVE ID : CVE-2024-21601
Source : sirt@juniper.net
CVSS Score : 5.9

References :
https://supportportal.juniper.net/JSA75742 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-362


Vulnerability ID : CVE-2024-21594

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

CVE ID : CVE-2024-21594
Source : sirt@juniper.net
CVSS Score : 5.5

References :
https://supportportal.juniper.net/JSA75733 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-122


Vulnerability ID : CVE-2024-21596

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR enabled. This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.

CVE ID : CVE-2024-21596
Source : sirt@juniper.net
CVSS Score : 5.3

References :
https://supportportal.juniper.net/JSA75735 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-122


Vulnerability ID : CVE-2024-21597

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

CVE ID : CVE-2024-21597
Source : sirt@juniper.net
CVSS Score : 5.3

References :
https://supportportal.juniper.net/JSA75738 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-668


Vulnerability ID : CVE-2024-21607

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.

CVE ID : CVE-2024-21607
Source : sirt@juniper.net
CVSS Score : 5.3

References :
https://supportportal.juniper.net/JSA75748 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-447


Source : redhat.com

Vulnerability ID : CVE-2023-6683

First published on : 12-01-2024 19:15:11
Last modified on : 12-01-2024 19:21:49

Description :
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

CVE ID : CVE-2023-6683
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-6683 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254825 | source : secalert@redhat.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2024-0443

First published on : 12-01-2024 00:15:45
Last modified on : 12-01-2024 13:47:31

Description :
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

CVE ID : CVE-2024-0443
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2024-0443 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2257968 | source : secalert@redhat.com
https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/ | source : secalert@redhat.com

Vulnerability : CWE-402


Source : vuldb.com

Vulnerability ID : CVE-2024-0460

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability.

CVE ID : CVE-2024-0460
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/2Faculty%20Management%20System-SQL.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250565 | source : cna@vuldb.com
https://vuldb.com/?id.250565 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0461

First published on : 12-01-2024 17:15:09
Last modified on : 12-01-2024 18:05:43

Description :
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0461
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250566 | source : cna@vuldb.com
https://vuldb.com/?id.250566 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0462

First published on : 12-01-2024 18:15:46
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567.

CVE ID : CVE-2024-0462
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250567 | source : cna@vuldb.com
https://vuldb.com/?id.250567 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0463

First published on : 12-01-2024 18:15:46
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568.

CVE ID : CVE-2024-0463
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250568 | source : cna@vuldb.com
https://vuldb.com/?id.250568 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0464

First published on : 12-01-2024 19:15:11
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability.

CVE ID : CVE-2024-0464
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250569 | source : cna@vuldb.com
https://vuldb.com/?id.250569 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0468

First published on : 12-01-2024 21:15:10
Last modified on : 12-01-2024 21:15:10

Description :
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability.

CVE ID : CVE-2024-0468
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/FIGHTING_COCK_INFORMATION_SYSTEM_File9docx.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250573 | source : cna@vuldb.com
https://vuldb.com/?id.250573 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0469

First published on : 12-01-2024 21:15:10
Last modified on : 12-01-2024 21:15:10

Description :
A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0469
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20update_personal_info.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250574 | source : cna@vuldb.com
https://vuldb.com/?id.250574 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0470

First published on : 12-01-2024 21:15:10
Last modified on : 12-01-2024 21:15:10

Description :
A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575.

CVE ID : CVE-2024-0470
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20inc_service_credits.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250575 | source : cna@vuldb.com
https://vuldb.com/?id.250575 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0471

First published on : 12-01-2024 21:15:11
Last modified on : 12-01-2024 21:15:11

Description :
A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576.

CVE ID : CVE-2024-0471
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20dec_service_credits.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250576 | source : cna@vuldb.com
https://vuldb.com/?id.250576 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0473

First published on : 12-01-2024 22:15:45
Last modified on : 12-01-2024 22:15:45

Description :
A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0473
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250578 | source : cna@vuldb.com
https://vuldb.com/?id.250578 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2022-4961

First published on : 12-01-2024 05:15:09
Last modified on : 12-01-2024 13:47:31

Description :
A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243.

CVE ID : CVE-2022-4961
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://gitee.com/fuyang_lipengjun/platform/issues/I5XC79 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250243 | source : cna@vuldb.com
https://vuldb.com/?id.250243 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0466

First published on : 12-01-2024 19:15:12
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571.

CVE ID : CVE-2024-0466
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250571 | source : cna@vuldb.com
https://vuldb.com/?id.250571 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0459

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564.

CVE ID : CVE-2024-0459
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250564 | source : cna@vuldb.com
https://vuldb.com/?id.250564 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2010-10011

First published on : 12-01-2024 20:15:46
Last modified on : 12-01-2024 20:15:46

Description :
A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability.

CVE ID : CVE-2010-10011
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.250446 | source : cna@vuldb.com
https://vuldb.com/?id.250446 | source : cna@vuldb.com
https://www.exploit-db.com/exploits/15445 | source : cna@vuldb.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2022-4962

First published on : 12-01-2024 22:15:44
Last modified on : 12-01-2024 22:15:44

Description :
** DISPUTED ** A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive.

CVE ID : CVE-2022-4962
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/apolloconfig/apollo/issues/4684 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250430 | source : cna@vuldb.com
https://vuldb.com/?id.250430 | source : cna@vuldb.com

Vulnerability : CWE-285


Source : 36106deb-8e95-420b-a0a0-e70af5d245df

Vulnerability ID : CVE-2024-0454

First published on : 12-01-2024 02:15:44
Last modified on : 12-01-2024 13:47:31

Description :
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

CVE ID : CVE-2024-0454
Source : 36106deb-8e95-420b-a0a0-e70af5d245df
CVSS Score : 6.0

References :
https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy | source : 36106deb-8e95-420b-a0a0-e70af5d245df

Vulnerability : CWE-290


Source : mongodb.com

Vulnerability ID : CVE-2023-0437

First published on : 12-01-2024 14:15:47
Last modified on : 12-01-2024 15:54:26

Description :
When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

CVE ID : CVE-2023-0437
Source : cna@mongodb.com
CVSS Score : 5.3

References :
https://jira.mongodb.org/browse/CDRIVER-4747 | source : cna@mongodb.com

Vulnerability : CWE-835


Source : asrg.io

Vulnerability ID : CVE-2023-28898

First published on : 12-01-2024 16:15:51
Last modified on : 12-01-2024 17:06:09

Description :
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met. Vulnerability discovered on ล koda Superb III (3V3) - 2.0 TDI manufactured in 2022.

CVE ID : CVE-2023-28898
Source : cve@asrg.io
CVSS Score : 5.3

References :
https://nonexistent.com | source : cve@asrg.io

Vulnerability : CWE-233


Vulnerability ID : CVE-2023-28899

First published on : 12-01-2024 17:15:09
Last modified on : 12-01-2024 18:05:43

Description :
By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected.

CVE ID : CVE-2023-28899
Source : cve@asrg.io
CVSS Score : 4.7

References :
https://asrg.io/security-advisories/cve-2023-28899 | source : cve@asrg.io


Vulnerability ID : CVE-2023-28897

First published on : 12-01-2024 16:15:51
Last modified on : 12-01-2024 17:06:09

Description :
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on ล koda Superb III (3V3) - 2.0 TDI manufactured in 2022.

CVE ID : CVE-2023-28897
Source : cve@asrg.io
CVSS Score : 4.0

References :
https://asrg.io/security-advisories/cve-2023-28897 | source : cve@asrg.io

Vulnerability : CWE-798


Source : github.com

Vulnerability ID : CVE-2024-21639

First published on : 12-01-2024 22:15:45
Last modified on : 12-01-2024 22:15:45

Description :
CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.

CVE ID : CVE-2024-21639
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b | source : security-advisories@github.com
https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-21654

First published on : 12-01-2024 21:15:11
Last modified on : 12-01-2024 21:15:11

Description :
Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.

CVE ID : CVE-2024-21654
Source : security-advisories@github.com
CVSS Score : 4.8

References :
https://github.com/rubygems/rubygems.org/commit/0b3272ac17b45748ee0d1867c49867c7deb26565 | source : security-advisories@github.com
https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4v23-vj8h-7jp2 | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2024-21655

First published on : 12-01-2024 21:15:11
Last modified on : 12-01-2024 21:15:11

Description :
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.

CVE ID : CVE-2024-21655
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-49801

First published on : 12-01-2024 21:15:09
Last modified on : 12-01-2024 21:15:09

Description :
Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.

CVE ID : CVE-2023-49801
Source : security-advisories@github.com
CVSS Score : 4.2

References :
https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb | source : security-advisories@github.com
https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f | source : security-advisories@github.com

Vulnerability : CWE-22
Vulnerability : CWE-23


Source : netapp.com

Vulnerability ID : CVE-2024-21982

First published on : 12-01-2024 00:15:45
Last modified on : 12-01-2024 13:47:31

Description :
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.

CVE ID : CVE-2024-21982
Source : security-alert@netapp.com
CVSS Score : 4.8

References :
https://security.netapp.com/advisory/ntap-20240111-0001/ | source : security-alert@netapp.com


(7) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2022-4960

First published on : 12-01-2024 03:15:08
Last modified on : 12-01-2024 13:47:31

Description :
A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250238 is the identifier assigned to this vulnerability.

CVE ID : CVE-2022-4960
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/cloudfavorites/favorites-web/issues/127 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250238 | source : cna@vuldb.com
https://vuldb.com/?id.250238 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0465

First published on : 12-01-2024 19:15:12
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0465
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250570 | source : cna@vuldb.com
https://vuldb.com/?id.250570 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2024-0467

First published on : 12-01-2024 20:15:47
Last modified on : 12-01-2024 20:15:47

Description :
A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572.

CVE ID : CVE-2024-0467
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250572 | source : cna@vuldb.com
https://vuldb.com/?id.250572 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0472

First published on : 12-01-2024 22:15:45
Last modified on : 12-01-2024 22:15:45

Description :
A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability.

CVE ID : CVE-2024-0472
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250577 | source : cna@vuldb.com
https://vuldb.com/?id.250577 | source : cna@vuldb.com

Vulnerability : CWE-200


Source : gitlab.com

Vulnerability ID : CVE-2023-2030

First published on : 12-01-2024 14:15:47
Last modified on : 12-01-2024 15:54:26

Description :
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

CVE ID : CVE-2023-2030
Source : cve@gitlab.com
CVSS Score : 3.5

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/407252 | source : cve@gitlab.com
https://hackerone.com/reports/1929929 | source : cve@gitlab.com

Vulnerability : CWE-345


Source : github.com

Vulnerability ID : CVE-2023-49098

First published on : 12-01-2024 21:15:09
Last modified on : 12-01-2024 21:15:09

Description :
Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.

CVE ID : CVE-2023-49098
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/discourse/discourse-reactions/commit/2c26939395177730e492640d71aac68423be84fc | source : security-advisories@github.com
https://github.com/discourse/discourse-reactions/security/advisories/GHSA-mq82-7v5x-rhv8 | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-49099

First published on : 12-01-2024 21:15:09
Last modified on : 12-01-2024 21:15:09

Description :
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.

CVE ID : CVE-2023-49099
Source : security-advisories@github.com
CVSS Score : 3.1

References :
https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53 | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4 | source : security-advisories@github.com

Vulnerability : CWE-284


(39) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-52339

First published on : 12-01-2024 02:15:44
Last modified on : 12-01-2024 13:47:31

Description :
In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.

CVE ID : CVE-2023-52339
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Matroska-Org/libebml/blob/v1.x/NEWS.md | source : cve@mitre.org
https://github.com/Matroska-Org/libebml/compare/release-1.4.4...release-1.4.5 | source : cve@mitre.org
https://github.com/Matroska-Org/libebml/issues/147 | source : cve@mitre.org
https://github.com/Matroska-Org/libebml/pull/148 | source : cve@mitre.org


Vulnerability ID : CVE-2016-20021

First published on : 12-01-2024 03:15:08
Last modified on : 12-01-2024 13:47:31

Description :
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification.

CVE ID : CVE-2016-20021
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.gentoo.org/597800 | source : cve@mitre.org
https://gitweb.gentoo.org/proj/portage.git/tree/NEWS | source : cve@mitre.org
https://wiki.gentoo.org/wiki/Portage | source : cve@mitre.org


Vulnerability ID : CVE-2022-48619

First published on : 12-01-2024 03:15:08
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.

CVE ID : CVE-2022-48619
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.10 | source : cve@mitre.org
https://github.com/torvalds/linux/commit/409353cbe9fe48f6bc196114c442b1cff05a39bc | source : cve@mitre.org


Vulnerability ID : CVE-2022-48620

First published on : 12-01-2024 04:15:08
Last modified on : 12-01-2024 13:47:31

Description :
uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

CVE ID : CVE-2022-48620
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9 | source : cve@mitre.org
https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1 | source : cve@mitre.org
https://github.com/troglobit/libuev/issues/27 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23171

First published on : 12-01-2024 05:15:10
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).

CVE ID : CVE-2024-23171
Source : cve@mitre.org
CVSS Score : /

References :
https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6 | source : cve@mitre.org
https://phabricator.wikimedia.org/T348343 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23172

First published on : 12-01-2024 05:15:10
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

CVE ID : CVE-2024-23172
Source : cve@mitre.org
CVSS Score : /

References :
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179 | source : cve@mitre.org
https://phabricator.wikimedia.org/T347708 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23173

First published on : 12-01-2024 05:15:10
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.

CVE ID : CVE-2024-23173
Source : cve@mitre.org
CVSS Score : /

References :
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214 | source : cve@mitre.org
https://phabricator.wikimedia.org/T348687 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23174

First published on : 12-01-2024 05:15:10
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message.

CVE ID : CVE-2024-23174
Source : cve@mitre.org
CVSS Score : /

References :
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177 | source : cve@mitre.org
https://phabricator.wikimedia.org/T347704 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23177

First published on : 12-01-2024 06:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.

CVE ID : CVE-2024-23177
Source : cve@mitre.org
CVSS Score : /

References :
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ | source : cve@mitre.org
https://phabricator.wikimedia.org/T348979 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23178

First published on : 12-01-2024 06:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.

CVE ID : CVE-2024-23178
Source : cve@mitre.org
CVSS Score : /

References :
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ | source : cve@mitre.org
https://phabricator.wikimedia.org/T349312 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23179

First published on : 12-01-2024 06:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.

CVE ID : CVE-2024-23179
Source : cve@mitre.org
CVSS Score : /

References :
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ | source : cve@mitre.org
https://phabricator.wikimedia.org/T347746 | source : cve@mitre.org


Vulnerability ID : CVE-2023-37117

First published on : 12-01-2024 07:15:12
Last modified on : 12-01-2024 13:47:31

Description :
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.

CVE ID : CVE-2023-37117
Source : cve@mitre.org
CVSS Score : /

References :
http://lists.live555.com/pipermail/live-devel/2023-June/022331.html | source : cve@mitre.org
http://www.live555.com/liveMedia/public/changelog.txt | source : cve@mitre.org


Vulnerability ID : CVE-2023-40362

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.

CVE ID : CVE-2023-40362
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ally-petitt/CVE-2023-40362 | source : cve@mitre.org
https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach | source : cve@mitre.org


Vulnerability ID : CVE-2023-50919

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

CVE ID : CVE-2023-50919
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50920

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

CVE ID : CVE-2023-50920
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass-seesion-ID.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-30014

First published on : 12-01-2024 09:15:43
Last modified on : 12-01-2024 13:47:31

Description :
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.

CVE ID : CVE-2023-30014
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-30015

First published on : 12-01-2024 09:15:44
Last modified on : 12-01-2024 13:47:31

Description :
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.

CVE ID : CVE-2023-30015
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-30016

First published on : 12-01-2024 09:15:44
Last modified on : 12-01-2024 13:47:31

Description :
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.

CVE ID : CVE-2023-30016
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-2.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-48909

First published on : 12-01-2024 09:15:44
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.

CVE ID : CVE-2023-48909
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/Dollhouse-18/288b4774bc296722c9e3c60bafa392bf | source : cve@mitre.org
https://github.com/Dollhouse-18/jave-core-Command-execution-vulnerability | source : cve@mitre.org


Vulnerability ID : CVE-2023-51790

First published on : 12-01-2024 13:15:11
Last modified on : 12-01-2024 13:47:31

Description :
Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.

CVE ID : CVE-2023-51790
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Piwigo/AdminTools/issues/21 | source : cve@mitre.org
https://github.com/Piwigo/Piwigo/issues/2069 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51806

First published on : 12-01-2024 13:15:11
Last modified on : 12-01-2024 13:47:31

Description :
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.

CVE ID : CVE-2023-51806
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ujcms/ujcms | source : cve@mitre.org
https://github.com/ujcms/ujcms/issues/8 | source : cve@mitre.org
https://www.ujcms.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52026

First published on : 12-01-2024 13:15:11
Last modified on : 12-01-2024 13:47:31

Description :
TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface

CVE ID : CVE-2023-52026
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setTelnetCfg/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51949

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller

CVE ID : CVE-2023-51949
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/security/blob/main/Added%20CSRF%20in%20Role%20Controller.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51978

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection.

CVE ID : CVE-2023-51978
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/hackerhijeck/Exploited/blob/main/Art_Gallary/SQL_Injection.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22492

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.

CVE ID : CVE-2024-22492
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/security/blob/main/%28JFinalcms%20contact%20para%29A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20Jfinalcms%20contact%20para.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22493

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.

CVE ID : CVE-2024-22493
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/security/blob/main/%28JFinalcms%20content%20para%29A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20Jfinalcms%20content%20para.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22494

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.

CVE ID : CVE-2024-22494
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/security/blob/main/%28JFinalcms%20moblie%20para%29A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20Jfinalcms%20moblie%20para.md | source : cve@mitre.org


Source : rapid7.con

Vulnerability ID : CVE-2024-0393

First published on : 12-01-2024 06:15:47
Last modified on : 12-01-2024 06:15:47

Description :
Rejected reason: This CVE ID was unused by the CNA.

CVE ID : CVE-2024-0393
Source : cve@rapid7.con
CVSS Score : /

References :


Source : jpcert.or.jp

Vulnerability ID : CVE-2024-22027

First published on : 12-01-2024 07:15:12
Last modified on : 12-01-2024 13:47:31

Description :
Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.

CVE ID : CVE-2024-22027
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN37326856/ | source : vultures@jpcert.or.jp
https://wordpress.org/plugins/quiz-maker/ | source : vultures@jpcert.or.jp


Source : cert.pl

Vulnerability ID : CVE-2023-49253

First published on : 12-01-2024 15:15:08
Last modified on : 12-01-2024 15:54:26

Description :
Root user password is hardcoded into the device and cannot be changed in the user interface.

CVE ID : CVE-2023-49253
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-49254

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.

CVE ID : CVE-2023-49254
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-49255

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated one. If the logged in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password.

CVE ID : CVE-2023-49255
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-49256

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.

CVE ID : CVE-2023-49256
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-49257

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.

CVE ID : CVE-2023-49257
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-732


Vulnerability ID : CVE-2023-49258

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter.

CVE ID : CVE-2023-49258
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49259

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.

CVE ID : CVE-2023-49259
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-327


Vulnerability ID : CVE-2023-49260

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255.

CVE ID : CVE-2023-49260
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49261

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
The "tokenKey" value used in user authorization is visible in the HTML source of the login page.

CVE ID : CVE-2023-49261
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-49262

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.

CVE ID : CVE-2023-49262
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-287


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.