Latest vulnerabilities [Monday, February 05, 2024 + weekend]

Latest vulnerabilities [Monday, February 05, 2024 + weekend]
{{titre}}

Last update performed on 02/05/2024 at 11:57:06 PM

(14) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : us.ibm.com

Vulnerability ID : CVE-2023-47143

First published on : 02-02-2024 13:15:08
Last modified on : 02-02-2024 13:36:23

Description :
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.

CVE ID : CVE-2023-47143
Source : psirt@us.ibm.com
CVSS Score : 10.0

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270270 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105139 | source : psirt@us.ibm.com

Vulnerability : CWE-644


Vulnerability ID : CVE-2023-50940

First published on : 02-02-2024 01:15:08
Last modified on : 02-02-2024 16:10:43

Description :
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130.

CVE ID : CVE-2023-50940
Source : psirt@us.ibm.com
CVSS Score : 9.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275130 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-697

Vulnerability : CWE-942

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2024-22320

First published on : 02-02-2024 03:15:10
Last modified on : 02-02-2024 04:58:55

Description :
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.

CVE ID : CVE-2024-22320
Source : psirt@us.ibm.com
CVSS Score : 9.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7112382 | source : psirt@us.ibm.com

Vulnerability : CWE-502


Source : fortinet.com

Vulnerability ID : CVE-2024-23108

First published on : 05-02-2024 14:15:57
Last modified on : 05-02-2024 18:25:58

Description :
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

CVE ID : CVE-2024-23108
Source : psirt@fortinet.com
CVSS Score : 10.0

References :
https://fortiguard.com/psirt/FG-IR-23-130 | source : psirt@fortinet.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-23109

First published on : 05-02-2024 14:15:59
Last modified on : 05-02-2024 18:25:58

Description :
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

CVE ID : CVE-2024-23109
Source : psirt@fortinet.com
CVSS Score : 10.0

References :
https://fortiguard.com/psirt/FG-IR-23-130 | source : psirt@fortinet.com

Vulnerability : CWE-78


Source : hq.dhs.gov

Vulnerability ID : CVE-2024-21764

First published on : 02-02-2024 00:15:54
Last modified on : 02-02-2024 01:57:57

Description :
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port.

CVE ID : CVE-2024-21764
Source : ics-cert@hq.dhs.gov
CVSS Score : 9.8

References :
https://rapidscada.org/contact/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-798


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6675

First published on : 02-02-2024 13:15:09
Last modified on : 02-02-2024 13:36:23

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.This issue affects CyberMath: from v.1.4 before v.1.5.

CVE ID : CVE-2023-6675
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-24-0080 | source : iletisim@usom.gov.tr

Vulnerability : CWE-434


Source : ch.abb.com

Vulnerability ID : CVE-2024-0323

First published on : 05-02-2024 16:15:54
Last modified on : 05-02-2024 18:25:55

Description :
Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules). The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients. This issue affects Automation Runtime: from 14.0 before 14.93.

CVE ID : CVE-2024-0323
Source : cybersecurity@ch.abb.com
CVSS Score : 9.8

References :
https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf | source : cybersecurity@ch.abb.com

Vulnerability : CWE-327


Source : wordfence.com

Vulnerability ID : CVE-2023-6933

First published on : 05-02-2024 22:15:57
Last modified on : 05-02-2024 22:15:57

Description :
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVE ID : CVE-2023-6933
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/browser/better-search-replace/trunk/includes/class-bsr-db.php#L334 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3023674/better-search-replace/trunk/includes/class-bsr-db.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6989

First published on : 05-02-2024 22:15:58
Last modified on : 05-02-2024 22:15:58

Description :
The Shield Security โ€“ Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.

CVE ID : CVE-2023-6989
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3013699%40wp-simple-firewall&new=3013699%40wp-simple-firewall&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0709

First published on : 05-02-2024 22:16:04
Last modified on : 05-02-2024 22:16:04

Description :
The Cryptocurrency Widgets โ€“ Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2024-0709
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/browser/cryptocurrency-price-ticker-widget/trunk/includes/ccpw-db-helper.php?rev=3003658#L172 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0221

First published on : 05-02-2024 22:15:59
Last modified on : 05-02-2024 22:15:59

Description :
The Photo Gallery by 10Web โ€“ Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.

CVE ID : CVE-2024-0221
Source : security@wordfence.com
CVSS Score : 9.1

References :
https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve | source : security@wordfence.com


Source : emc.com

Vulnerability ID : CVE-2022-34381

First published on : 02-02-2024 16:15:45
Last modified on : 02-02-2024 16:30:16

Description :
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.

CVE ID : CVE-2022-34381
Source : security_alert@emc.com
CVSS Score : 9.1

References :
https://www.dell.com/support/kbdoc/en-us/000203278/dsa-2022-208-dell-bsafe-ssl-j-6-5-and-7-1-and-dell-bsafe-crypto-j-6-2-6-1-and-7-0-security-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-1329


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-45025

First published on : 02-02-2024 16:15:49
Last modified on : 02-02-2024 16:30:16

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-45025
Source : security@qnapsecurity.com.tw
CVSS Score : 9.0

References :
https://www.qnap.com/en/security-advisory/qsa-23-47 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-77
Vulnerability : CWE-78


(57) HIGH VULNERABILITIES [7.0, 8.9]

Source : us.ibm.com

Vulnerability ID : CVE-2023-50936

First published on : 02-02-2024 01:15:08
Last modified on : 02-02-2024 16:12:39

Description :
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.

CVE ID : CVE-2023-50936
Source : psirt@us.ibm.com
CVSS Score : 8.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275116 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-613

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-31004

First published on : 03-02-2024 01:15:08
Last modified on : 05-02-2024 02:09:43

Description :
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765.

CVE ID : CVE-2023-31004
Source : psirt@us.ibm.com
CVSS Score : 8.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254765 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-300


Vulnerability ID : CVE-2024-22319

First published on : 02-02-2024 03:15:10
Last modified on : 02-02-2024 04:58:55

Description :
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote attacker to conduct an LDAP injection. By sending a request with a specially crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter. IBM X-Force ID: 279145.

CVE ID : CVE-2024-22319
Source : psirt@us.ibm.com
CVSS Score : 8.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7112382 | source : psirt@us.ibm.com

Vulnerability : CWE-90


Vulnerability ID : CVE-2023-38019

First published on : 02-02-2024 04:15:07
Last modified on : 02-02-2024 04:58:55

Description :
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575.

CVE ID : CVE-2023-38019
Source : psirt@us.ibm.com
CVSS Score : 8.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260575 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7111679 | source : psirt@us.ibm.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-50939

First published on : 02-02-2024 00:15:54
Last modified on : 02-02-2024 16:14:59

Description :
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.

CVE ID : CVE-2023-50939
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275129 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-327

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-50326

First published on : 02-02-2024 01:15:07
Last modified on : 02-02-2024 16:14:50

Description :
IBM PowerSC 1.3, 2.0, and 2.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 275107.

CVE ID : CVE-2023-50326
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275107 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-307

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-50937

First published on : 02-02-2024 01:15:08
Last modified on : 02-02-2024 16:11:02

Description :
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.

CVE ID : CVE-2023-50937
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275117 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-327

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-47142

First published on : 02-02-2024 14:15:54
Last modified on : 02-02-2024 16:30:16

Description :
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.

CVE ID : CVE-2023-47142
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270267 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105139 | source : psirt@us.ibm.com

Vulnerability : CWE-264


Vulnerability ID : CVE-2023-38273

First published on : 02-02-2024 15:15:09
Last modified on : 02-02-2024 16:30:16

Description :
IBM Cloud Pak System 2.3.1.1, 2.3.2.0, and 2.3.3.7 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 260733.

CVE ID : CVE-2023-38273
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260733 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105357 | source : psirt@us.ibm.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2023-30999

First published on : 03-02-2024 01:15:07
Last modified on : 05-02-2024 02:09:43

Description :
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651.

CVE ID : CVE-2023-30999
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254651 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-43016

First published on : 03-02-2024 01:15:09
Last modified on : 05-02-2024 02:09:43

Description :
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154.

CVE ID : CVE-2023-43016
Source : psirt@us.ibm.com
CVSS Score : 7.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/266154 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-258


Vulnerability ID : CVE-2023-32327

First published on : 03-02-2024 01:15:08
Last modified on : 05-02-2024 02:09:43

Description :
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.

CVE ID : CVE-2023-32327
Source : psirt@us.ibm.com
CVSS Score : 7.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254783 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-611


Source : mitre.org

Vulnerability ID : CVE-2024-22779

First published on : 02-02-2024 02:15:17
Last modified on : 02-02-2024 04:58:55

Description :
Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java.

CVE ID : CVE-2024-22779
Source : cve@mitre.org
CVSS Score : 8.8

References :
https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed | source : cve@mitre.org
https://github.com/Kihron/ServerRPExposer/commit/8f7b829df633f59e828d677f736c53652d6f1b8f | source : cve@mitre.org
https://modrinth.com/mod/serverrpexposer | source : cve@mitre.org


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6676

First published on : 02-02-2024 13:15:09
Last modified on : 02-02-2024 13:36:23

Description :
Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery.This issue affects CyberMath: from v1.4 before v1.5.

CVE ID : CVE-2023-6676
Source : iletisim@usom.gov.tr
CVSS Score : 8.8

References :
https://www.usom.gov.tr/bildirim/tr-24-0080 | source : iletisim@usom.gov.tr

Vulnerability : CWE-352


Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-39297

First published on : 02-02-2024 16:15:46
Last modified on : 02-02-2024 16:30:16

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-39297
Source : security@qnapsecurity.com.tw
CVSS Score : 8.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-30 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-47568

First published on : 02-02-2024 16:15:52
Last modified on : 02-02-2024 16:30:16

Description :
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-47568
Source : security@qnapsecurity.com.tw
CVSS Score : 8.8

References :
https://www.qnap.com/en/security-advisory/qsa-24-05 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-47564

First published on : 02-02-2024 16:15:52
Last modified on : 02-02-2024 16:30:16

Description :
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later

CVE ID : CVE-2023-47564
Source : security@qnapsecurity.com.tw
CVSS Score : 8.0

References :
https://www.qnap.com/en/security-advisory/qsa-24-03 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-732


Vulnerability ID : CVE-2023-47562

First published on : 02-02-2024 16:15:52
Last modified on : 02-02-2024 16:30:16

Description :
An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later

CVE ID : CVE-2023-47562
Source : security@qnapsecurity.com.tw
CVSS Score : 7.4

References :
https://www.qnap.com/en/security-advisory/qsa-24-08 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-77
Vulnerability : CWE-78


Source : github.com

Vulnerability ID : CVE-2024-24760

First published on : 02-02-2024 16:15:56
Last modified on : 02-02-2024 16:30:16

Description :
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`.

CVE ID : CVE-2024-24760
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88 | source : security-advisories@github.com
https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6 | source : security-advisories@github.com

Vulnerability : CWE-610


Vulnerability ID : CVE-2023-52138

First published on : 05-02-2024 15:15:08
Last modified on : 05-02-2024 18:25:58

Description :
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.

CVE ID : CVE-2023-52138
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970 | source : security-advisories@github.com
https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v | source : security-advisories@github.com

Vulnerability : CWE-25


Vulnerability ID : CVE-2024-24757

First published on : 02-02-2024 16:15:55
Last modified on : 02-02-2024 16:30:16

Description :
open-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets.

CVE ID : CVE-2024-24757
Source : security-advisories@github.com
CVSS Score : 7.6

References :
https://github.com/Degamisu/open-irs/security/advisories/GHSA-7r69-3vwh-wcfr | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-23831

First published on : 02-02-2024 16:15:55
Last modified on : 02-02-2024 16:30:16

Description :
LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.

CVE ID : CVE-2024-23831
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165 | source : security-advisories@github.com
https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm | source : security-advisories@github.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-24762

First published on : 05-02-2024 15:15:09
Last modified on : 05-02-2024 18:25:55

Description :
FastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. It's a ReDoS(Regular expression Denial of Service), it only applies to those reading form data, using `python-multipart`. This vulnerability has been patched in version 0.109.0.

CVE ID : CVE-2024-24762
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc | source : security-advisories@github.com
https://github.com/tiangolo/fastapi/releases/tag/0.109.1 | source : security-advisories@github.com
https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389 | source : security-advisories@github.com

Vulnerability : CWE-400


Source : redhat.com

Vulnerability ID : CVE-2023-7216

First published on : 05-02-2024 15:15:08
Last modified on : 05-02-2024 18:25:55

Description :
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system.

CVE ID : CVE-2023-7216
Source : secalert@redhat.com
CVSS Score : 8.8

References :
https://access.redhat.com/security/cve/CVE-2023-7216 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2249901 | source : secalert@redhat.com

Vulnerability : CWE-59


Source : wordfence.com

Vulnerability ID : CVE-2023-6700

First published on : 05-02-2024 22:15:56
Last modified on : 05-02-2024 22:15:56

Description :
The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.

CVE ID : CVE-2023-6700
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/changeset/3028096/wp-gdpr-compliance/trunk?contextall=1&old=2865555&old_path=%2Fwp-gdpr-compliance%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/42a4ef37-c842-4925-b06a-3e6423337567?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6846

First published on : 05-02-2024 22:15:56
Last modified on : 05-02-2024 22:15:56

Description :
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.

CVE ID : CVE-2023-6846
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://gist.github.com/Kun19/046b2b305cac5f2edd38037984c2e8e3 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1e8e0257-a745-495f-a103-c032b95209fc?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6996

First published on : 05-02-2024 22:15:58
Last modified on : 05-02-2024 22:15:58

Description :
The Display custom fields in the frontend โ€“ Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code.

CVE ID : CVE-2023-6996
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e0662c3a-5b82-4b9a-aa69-147094930d1f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0869

First published on : 05-02-2024 22:16:06
Last modified on : 05-02-2024 22:16:06

Description :
The Instant Images โ€“ One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.

CVE ID : CVE-2024-0869
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php | source : security@wordfence.com
https://wordpress.org/plugins/instant-images/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0324

First published on : 05-02-2024 22:15:59
Last modified on : 05-02-2024 22:15:59

Description :
The User Profile Builder โ€“ Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles.

CVE ID : CVE-2024-0324
Source : security@wordfence.com
CVSS Score : 8.2

References :
https://github.com/WordpressPluginDirectory/profile-builder/blob/main/profile-builder/admin/admin-functions.php#L517 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3022354/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1072

First published on : 05-02-2024 22:16:07
Last modified on : 05-02-2024 22:16:07

Description :
The Website Builder by SeedProd โ€” Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.

CVE ID : CVE-2024-1072
Source : security@wordfence.com
CVSS Score : 8.2

References :
https://plugins.trac.wordpress.org/changeset/3029567/coming-soon/trunk/app/lpage.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/78d7920b-3e20-43c7-a522-72bac824c2cb?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0761

First published on : 05-02-2024 22:16:04
Last modified on : 05-02-2024 22:16:04

Description :
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.

CVE ID : CVE-2024-0761
Source : security@wordfence.com
CVSS Score : 8.1

References :
https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php | source : security@wordfence.com
https://wordpress.org/plugins/wp-file-manager/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6635

First published on : 05-02-2024 22:15:56
Last modified on : 05-02-2024 22:15:56

Description :
The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6635
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/block-options/tags/1.40.3/includes/addons/styles-manager/rest-api/gutenberghub-styles-import-export-controller.php#L100 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3010794/block-options | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4528f9a1-7027-4aa9-b006-bea84aa19c84?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6925

First published on : 05-02-2024 22:15:57
Last modified on : 05-02-2024 22:15:57

Description :
The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin (the default is editor role, but access can also be granted to contributor role), to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2023-6925
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://plugins.trac.wordpress.org/browser/unlimited-addons-for-wpbakery-page-builder/trunk/inc_php/layouts/unitecreator_layouts_exporter.class.php?rev=2900676#L703 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a78b76d6-4068-4141-9726-7db439aa6a9f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0428

First published on : 05-02-2024 22:16:01
Last modified on : 05-02-2024 22:16:01

Description :
The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0428
Source : security@wordfence.com
CVSS Score : 7.1

References :
https://plugins.trac.wordpress.org/changeset/3020958/mihdan-index-now/tags/2.6.4/src/Views/WPOSA.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91?source=cve | source : security@wordfence.com


Source : microsoft.com

Vulnerability ID : CVE-2024-21399

First published on : 02-02-2024 01:15:08
Last modified on : 02-02-2024 01:57:57

Description :
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE ID : CVE-2024-21399
Source : secure@microsoft.com
CVSS Score : 8.3

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21399 | source : secure@microsoft.com


Source : ch.abb.com

Vulnerability ID : CVE-2021-22282

First published on : 02-02-2024 07:15:08
Last modified on : 02-02-2024 13:36:31

Description :
Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.

CVE ID : CVE-2021-22282
Source : cybersecurity@ch.abb.com
CVSS Score : 8.3

References :
https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf | source : cybersecurity@ch.abb.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2020-24681

First published on : 02-02-2024 07:15:07
Last modified on : 02-02-2024 13:36:31

Description :
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.

CVE ID : CVE-2020-24681
Source : cybersecurity@ch.abb.com
CVSS Score : 8.2

References :
https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf | source : cybersecurity@ch.abb.com

Vulnerability : CWE-732


Vulnerability ID : CVE-2020-24682

First published on : 02-02-2024 08:15:45
Last modified on : 02-02-2024 13:36:31

Description :
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.

CVE ID : CVE-2020-24682
Source : cybersecurity@ch.abb.com
CVSS Score : 7.2

References :
https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf | source : cybersecurity@ch.abb.com

Vulnerability : CWE-428


Source : 0fc0942c-577d-436f-ae8e-945763c79b02

Vulnerability ID : CVE-2024-0253

First published on : 02-02-2024 13:15:09
Last modified on : 02-02-2024 13:36:23

Description :
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data.

CVE ID : CVE-2024-0253
Source : 0fc0942c-577d-436f-ae8e-945763c79b02
CVSS Score : 8.3

References :
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html | source : 0fc0942c-577d-436f-ae8e-945763c79b02


Vulnerability ID : CVE-2024-0269

First published on : 02-02-2024 13:15:09
Last modified on : 02-02-2024 13:36:23

Description :
ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271.

CVE ID : CVE-2024-0269
Source : 0fc0942c-577d-436f-ae8e-945763c79b02
CVSS Score : 8.3

References :
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html | source : 0fc0942c-577d-436f-ae8e-945763c79b02


Source : openharmony.io

Vulnerability ID : CVE-2024-21860

First published on : 02-02-2024 07:15:11
Last modified on : 02-02-2024 13:36:31

Description :
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.

CVE ID : CVE-2024-21860
Source : scy@openharmony.io
CVSS Score : 8.2

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | source : scy@openharmony.io

Vulnerability : CWE-416


Source : hashicorp.com

Vulnerability ID : CVE-2024-1052

First published on : 05-02-2024 21:15:11
Last modified on : 05-02-2024 21:15:11

Description :
Boundary and Boundary Enterprise (โ€œBoundaryโ€) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.

CVE ID : CVE-2024-1052
Source : security@hashicorp.com
CVSS Score : 8.0

References :
https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458 | source : security@hashicorp.com

Vulnerability : CWE-295


Source : hq.dhs.gov

Vulnerability ID : CVE-2024-22016

First published on : 02-02-2024 00:15:55
Last modified on : 02-02-2024 01:57:57

Description :
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.

CVE ID : CVE-2024-22016
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://rapidscada.org/contact/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-732


Source : incibe.es

Vulnerability ID : CVE-2024-1201

First published on : 02-02-2024 12:15:49
Last modified on : 02-02-2024 13:36:23

Description :
Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation.

CVE ID : CVE-2024-1201
Source : cve-coordination@incibe.es
CVSS Score : 7.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/panterasoft-hdd-health-search-path-or-unquoted-item-vulnerability | source : cve-coordination@incibe.es

Vulnerability : CWE-428


Vulnerability ID : CVE-2024-0338

First published on : 02-02-2024 10:15:08
Last modified on : 02-02-2024 13:36:23

Description :
A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).

CVE ID : CVE-2024-0338
Source : cve-coordination@incibe.es
CVSS Score : 7.3

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp | source : cve-coordination@incibe.es

Vulnerability : CWE-119


Vulnerability ID : CVE-2024-23895

First published on : 02-02-2024 10:15:08
Last modified on : 02-02-2024 13:36:23

Description :
A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.

CVE ID : CVE-2024-23895
Source : cve-coordination@incibe.es
CVSS Score : 7.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Source : puiterwijk.org

Vulnerability ID : CVE-2021-4435

First published on : 04-02-2024 20:15:45
Last modified on : 05-02-2024 02:09:37

Description :
An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.

CVE ID : CVE-2021-4435
Source : patrick@puiterwijk.org
CVSS Score : 7.7

References :
https://access.redhat.com/security/cve/CVE-2021-4435 | source : patrick@puiterwijk.org
https://bugzilla.redhat.com/show_bug.cgi?id=2262284 | source : patrick@puiterwijk.org
https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1 | source : patrick@puiterwijk.org
https://github.com/yarnpkg/yarn/releases/tag/v1.22.13 | source : patrick@puiterwijk.org

Vulnerability : CWE-426


Source : silabs.com

Vulnerability ID : CVE-2023-6387

First published on : 02-02-2024 16:15:53
Last modified on : 02-02-2024 16:30:16

Description :
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution

CVE ID : CVE-2023-6387
Source : product-security@silabs.com
CVSS Score : 7.5

References :
https://community.silabs.com/069Vm000000WNKuIAO | source : product-security@silabs.com
https://github.com/SiliconLabs/gecko_sdk/releases/tag/v4.4.0 | source : product-security@silabs.com

Vulnerability : CWE-131


Vulnerability ID : CVE-2023-6874

First published on : 05-02-2024 18:15:51
Last modified on : 05-02-2024 18:25:55

Description :
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number

CVE ID : CVE-2023-6874
Source : product-security@silabs.com
CVSS Score : 7.5

References :
https://community.silabs.com/069Vm000000WXaOIAW | source : product-security@silabs.com
https://github.com/SiliconLabs/gecko_sdk | source : product-security@silabs.com

Vulnerability : CWE-754


Source : gitlab.com

Vulnerability ID : CVE-2024-1064

First published on : 03-02-2024 09:15:11
Last modified on : 05-02-2024 02:09:37

Description :
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header

CVE ID : CVE-2024-1064
Source : cve@gitlab.com
CVSS Score : 7.5

References :
https://gitlab.com/crafty-controller/crafty-4/-/issues/327 | source : cve@gitlab.com

Vulnerability : CWE-644


Source : emc.com

Vulnerability ID : CVE-2020-29504

First published on : 02-02-2024 16:15:44
Last modified on : 02-02-2024 16:30:16

Description :
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.

CVE ID : CVE-2020-29504
Source : security_alert@emc.com
CVSS Score : 7.4

References :
https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-295


Source : vuldb.com

Vulnerability ID : CVE-2024-1197

First published on : 02-02-2024 23:15:08
Last modified on : 03-02-2024 00:07:57

Description :
A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695.

CVE ID : CVE-2024-1197
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://vuldb.com/?ctiid.252695 | source : cna@vuldb.com
https://vuldb.com/?id.252695 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-1225

First published on : 05-02-2024 13:15:58
Last modified on : 05-02-2024 13:54:19

Description :
A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1225
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://note.zhaoj.in/share/jDWk6INLzO12 | source : cna@vuldb.com
https://vuldb.com/?ctiid.252847 | source : cna@vuldb.com
https://vuldb.com/?id.252847 | source : cna@vuldb.com

Vulnerability : CWE-502


Source : patchstack.com

Vulnerability ID : CVE-2024-24866

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24.

CVE ID : CVE-2024-24866
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/biteship/wordpress-biteship-plugin-2-2-24-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24846

First published on : 05-02-2024 07:15:12
Last modified on : 05-02-2024 13:54:19

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3.

CVE ID : CVE-2024-24846
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/mighty-addons/wordpress-mighty-addons-for-elementor-plugin-1-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24847

First published on : 05-02-2024 07:15:13
Last modified on : 05-02-2024 13:54:19

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7.

CVE ID : CVE-2024-24847
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/calculatorpro-calculators/wordpress-calculatorpro-calculators-plugin-1-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24848

First published on : 05-02-2024 07:15:13
Last modified on : 05-02-2024 13:54:19

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups โ€“ Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups โ€“ Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4.

CVE ID : CVE-2024-24848
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/ptoffice-sign-ups/wordpress-pt-sign-ups-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


(161) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-47566

First published on : 02-02-2024 16:15:52
Last modified on : 02-02-2024 16:30:16

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-47566
Source : security@qnapsecurity.com.tw
CVSS Score : 6.7

References :
https://www.qnap.com/en/security-advisory/qsa-24-04 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-39302

First published on : 02-02-2024 16:15:47
Last modified on : 02-02-2024 16:30:16

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-39302
Source : security@qnapsecurity.com.tw
CVSS Score : 6.6

References :
https://www.qnap.com/en/security-advisory/qsa-23-33 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-41273

First published on : 02-02-2024 16:15:47
Last modified on : 02-02-2024 16:30:16

Description :
A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41273
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-38 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120
Vulnerability : CWE-122


Vulnerability ID : CVE-2023-41274

First published on : 02-02-2024 16:15:47
Last modified on : 02-02-2024 16:30:16

Description :
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41274
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-38 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-41275

First published on : 02-02-2024 16:15:47
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41275
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-38 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120
Vulnerability : CWE-122


Vulnerability ID : CVE-2023-41276

First published on : 02-02-2024 16:15:48
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41276
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-38 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120
Vulnerability : CWE-122


Vulnerability ID : CVE-2023-41277

First published on : 02-02-2024 16:15:48
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41277
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-38 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120
Vulnerability : CWE-121


Vulnerability ID : CVE-2023-41278

First published on : 02-02-2024 16:15:48
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41278
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-38 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120
Vulnerability : CWE-121


Vulnerability ID : CVE-2023-41279

First published on : 02-02-2024 16:15:48
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41279
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-38 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120
Vulnerability : CWE-121


Vulnerability ID : CVE-2023-41280

First published on : 02-02-2024 16:15:48
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41280
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-38 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120
Vulnerability : CWE-121


Vulnerability ID : CVE-2023-41281

First published on : 02-02-2024 16:15:49
Last modified on : 02-02-2024 16:30:16

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41281
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-53 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-77
Vulnerability : CWE-78


Vulnerability ID : CVE-2023-41282

First published on : 02-02-2024 16:15:49
Last modified on : 02-02-2024 16:30:16

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41282
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-53 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-77
Vulnerability : CWE-78


Vulnerability ID : CVE-2023-41283

First published on : 02-02-2024 16:15:49
Last modified on : 02-02-2024 16:30:16

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41283
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-23-53 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-77
Vulnerability : CWE-78


Vulnerability ID : CVE-2023-45026

First published on : 02-02-2024 16:15:50
Last modified on : 02-02-2024 16:30:16

Description :
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-45026
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-24-02 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-45027

First published on : 02-02-2024 16:15:50
Last modified on : 02-02-2024 16:30:16

Description :
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-45027
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-24-02 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-45028

First published on : 02-02-2024 16:15:50
Last modified on : 02-02-2024 16:30:16

Description :
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-45028
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-24-02 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-400
Vulnerability : CWE-770


Vulnerability ID : CVE-2023-47561

First published on : 02-02-2024 16:15:51
Last modified on : 02-02-2024 16:30:16

Description :
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later

CVE ID : CVE-2023-47561
Source : security@qnapsecurity.com.tw
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-24-08 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-39303

First published on : 02-02-2024 16:15:47
Last modified on : 02-02-2024 16:30:16

Description :
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-39303
Source : security@qnapsecurity.com.tw
CVSS Score : 5.3

References :
https://www.qnap.com/en/security-advisory/qsa-23-33 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-32967

First published on : 02-02-2024 16:15:46
Last modified on : 02-02-2024 16:30:16

Description :
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later

CVE ID : CVE-2023-32967
Source : security@qnapsecurity.com.tw
CVSS Score : 5.0

References :
https://www.qnap.com/en/security-advisory/qsa-24-01 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-285
Vulnerability : CWE-863


Vulnerability ID : CVE-2023-47567

First published on : 02-02-2024 16:15:52
Last modified on : 02-02-2024 16:30:16

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-47567
Source : security@qnapsecurity.com.tw
CVSS Score : 4.7

References :
https://www.qnap.com/en/security-advisory/qsa-24-05 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-78


Source : wordfence.com

Vulnerability ID : CVE-2024-0668

First published on : 05-02-2024 22:16:03
Last modified on : 05-02-2024 22:16:03

Description :
The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVE ID : CVE-2024-0668
Source : security@wordfence.com
CVSS Score : 6.6

References :
https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L224 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L298 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3025980/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0699

First published on : 05-02-2024 22:16:04
Last modified on : 05-02-2024 22:16:04

Description :
The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2024-0699
Source : security@wordfence.com
CVSS Score : 6.6

References :
https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6985

First published on : 05-02-2024 22:15:58
Last modified on : 05-02-2024 22:15:58

Description :
The 10Web AI Assistant โ€“ AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.

CVE ID : CVE-2023-6985
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset/3027004/ai-assistant-by-10web/trunk/ai-assistant-by-10web.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/229245a5-468d-47b9-8f26-d23d593e91da?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0586

First published on : 05-02-2024 22:16:02
Last modified on : 05-02-2024 22:16:02

Description :
The Essential Addons for Elementor โ€“ Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0586
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Login_Register.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0678

First published on : 05-02-2024 22:16:03
Last modified on : 05-02-2024 22:16:03

Description :
The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0678
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/browser/order-delivery-date/trunk/order_delivery_date.php#L221 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1073

First published on : 02-02-2024 05:15:09
Last modified on : 02-02-2024 13:36:37

Description :
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1073
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/wp-slimstat/trunk/admin/index.php#L1004 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029858%40wp-slimstat&new=3029858%40wp-slimstat&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/33cba63c-4629-48fd-850f-f68dad626a67?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0963

First published on : 02-02-2024 12:15:49
Last modified on : 02-02-2024 13:36:23

Description :
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0963
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3029782/calculated-fields-form/trunk/inc/cpcff_main.inc.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6526

First published on : 05-02-2024 22:15:55
Last modified on : 05-02-2024 22:15:55

Description :
The Meta Box โ€“ WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6526
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030376%40meta-box&new=3030376%40meta-box&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2a6bfc87-6135-4d49-baa2-e8e6291148dc?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6701

First published on : 05-02-2024 22:15:56
Last modified on : 05-02-2024 22:15:56

Description :
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6701
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3022469/advanced-custom-fields | source : security@wordfence.com
https://www.advancedcustomfields.com/blog/acf-6-2-5-security-release/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e3593dfd-7b2a-4d01-8af0-725b444dc81b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6807

First published on : 05-02-2024 22:15:56
Last modified on : 05-02-2024 22:15:56

Description :
The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6807
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://generatepress.com/category/changelog/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9dcd48b8-ec9e-44b4-b531-95940adbd100?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6808

First published on : 05-02-2024 22:15:56
Last modified on : 05-02-2024 22:15:56

Description :
The Booking for Appointments and Events Calendar โ€“ Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6808
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.svn.wordpress.org/ameliabooking/trunk/view/frontend/events.inc.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3015149/ameliabooking/trunk/view/frontend/events.inc.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/aafb5402-3553-4c89-86e0-4dd556d86074?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6884

First published on : 05-02-2024 22:15:57
Last modified on : 05-02-2024 22:15:57

Description :
This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6884
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://advisory.abay.sh/cve-2023-6884 | source : security@wordfence.com
https://plugins.svn.wordpress.org/widget-google-reviews/tags/3.1/includes/class-feed-shortcode.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3018964%40widget-google-reviews&new=3018964%40widget-google-reviews&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a8971d54-b54e-4e62-9db2-fa87d2564599?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6982

First published on : 05-02-2024 22:15:58
Last modified on : 05-02-2024 22:15:58

Description :
The Display custom fields in the frontend โ€“ Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6982
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3077b84e-87af-4307-83c5-0e4b15d07ff1?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-7029

First published on : 05-02-2024 22:15:59
Last modified on : 05-02-2024 22:15:59

Description :
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6.

CVE ID : CVE-2023-7029
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3024075/maxbuttons | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/bca0e8a0-d837-42d8-a9d3-35e0c820eb43?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0254

First published on : 05-02-2024 22:15:59
Last modified on : 05-02-2024 22:15:59

Description :
The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0254
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/guest-author-name/trunk/sfly-guest-author.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0255

First published on : 05-02-2024 22:15:59
Last modified on : 05-02-2024 22:15:59

Description :
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0255
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php#L52 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0382

First published on : 05-02-2024 22:16:01
Last modified on : 05-02-2024 22:16:01

Description :
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0382
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/class-wprm-shortcode-helper.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0384

First published on : 05-02-2024 22:16:01
Last modified on : 05-02-2024 22:16:01

Description :
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0384
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0448

First published on : 05-02-2024 22:16:01
Last modified on : 05-02-2024 22:16:01

Description :
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0448
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/services/content.php#L20 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/team-members/style1.php#L17 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3026261%40addons-for-elementor%2Ftrunk&old=3022220%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0508

First published on : 05-02-2024 22:16:02
Last modified on : 05-02-2024 22:16:02

Description :
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0508
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1010 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1019 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3021959/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0834

First published on : 05-02-2024 22:16:05
Last modified on : 05-02-2024 22:16:05

Description :
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0834
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/price-table/widgets/price-table.php#L784 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031349%40addon-elements-for-elementor-page-builder&new=3031349%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebb5654-ba3e-4f18-8720-a6595a771964?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0954

First published on : 05-02-2024 22:16:06
Last modified on : 05-02-2024 22:16:06

Description :
The Essential Addons for Elementor โ€“ Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0954
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3029928/essential-addons-for-elementor-lite/tags/5.9.8/assets/front-end/js/view/wrapper-link.js | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/875db71d-c799-40b9-95e1-74d53046b0a9?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0961

First published on : 05-02-2024 22:16:06
Last modified on : 05-02-2024 22:16:06

Description :
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0961
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/so-widgets-bundle/trunk/widgets/button/button.php#L355 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1046

First published on : 05-02-2024 22:16:06
Last modified on : 05-02-2024 22:16:06

Description :
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content โ€“ ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1046
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3030229/wp-user-avatar/trunk/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7911c774-3fb0-4d6c-a847-101e5ad8637a?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0509

First published on : 05-02-2024 22:16:02
Last modified on : 05-02-2024 22:16:02

Description :
The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the โ€˜requestโ€™ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2024-0509
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/changeset/3031134/wp-404-auto-redirect-to-similar-post/trunk/includes/ajax.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0660

First published on : 05-02-2024 22:16:03
Last modified on : 05-02-2024 22:16:03

Description :
The Formidable Forms โ€“ Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0660
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/changeset/3026901/formidable/tags/6.8/classes/controllers/FrmFormsController.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0685

First published on : 02-02-2024 05:15:08
Last modified on : 02-02-2024 13:36:37

Description :
The Ninja Forms Contact Form โ€“ The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.

CVE ID : CVE-2024-0685
Source : security@wordfence.com
CVSS Score : 5.9

References :
https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0659

First published on : 05-02-2024 22:16:03
Last modified on : 05-02-2024 22:16:03

Description :
The Easy Digital Downloads โ€“ Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0659
Source : security@wordfence.com
CVSS Score : 5.5

References :
https://plugins.trac.wordpress.org/changeset?old_path=/easy-digital-downloads/tags/3.2.6&old=3030600&new_path=/easy-digital-downloads/tags/3.2.7&new=3030600&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0691

First published on : 05-02-2024 22:16:04
Last modified on : 05-02-2024 22:16:04

Description :
The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import.

CVE ID : CVE-2024-0691
Source : security@wordfence.com
CVSS Score : 5.5

References :
https://plugins.trac.wordpress.org/changeset/3023924/filebird | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0895

First published on : 03-02-2024 06:15:47
Last modified on : 05-02-2024 02:09:43

Description :
The PDF Flipbook, 3D Flipbook โ€“ DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0895
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/3d-flipbook-dflip-lite/trunk/inc/metaboxes.php#L483 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0380

First published on : 05-02-2024 22:16:01
Last modified on : 05-02-2024 22:16:01

Description :
The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting.

CVE ID : CVE-2024-0380
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0585

First published on : 05-02-2024 22:16:02
Last modified on : 05-02-2024 22:16:02

Description :
The Essential Addons for Elementor โ€“ Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0585
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Filterable_Gallery.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0790

First published on : 05-02-2024 22:16:04
Last modified on : 05-02-2024 22:16:04

Description :
The WOLF โ€“ WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request.

CVE ID : CVE-2024-0790
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6c48f94b-d193-429a-9383-628ae12bfdf3?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0823

First published on : 05-02-2024 22:16:05
Last modified on : 05-02-2024 22:16:05

Description :
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0823
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/elements/logo-carousel/logo-carousel.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1047

First published on : 02-02-2024 06:15:45
Last modified on : 02-02-2024 13:36:31

Description :
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys.

CVE ID : CVE-2024-1047
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0909

First published on : 03-02-2024 06:15:48
Last modified on : 05-02-2024 02:09:43

Description :
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.

CVE ID : CVE-2024-0909
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail= | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6557

First published on : 05-02-2024 22:15:55
Last modified on : 05-02-2024 22:15:55

Description :
The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts.

CVE ID : CVE-2023-6557
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010104%40the-events-calendar%2Ftags%2F6.2.9&old=3010096%40the-events-calendar%2Ftags%2F6.2.9 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/fc40196e-c0f3-4bc6-ac4b-b866902def61?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6963

First published on : 05-02-2024 22:15:57
Last modified on : 05-02-2024 22:15:57

Description :
The Getwid โ€“ Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.

CVE ID : CVE-2023-6963
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset/3022982 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-7014

First published on : 05-02-2024 22:15:58
Last modified on : 05-02-2024 22:15:58

Description :
The Author Box, Guest Author and Co-Authors for Your Posts โ€“ Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable.

CVE ID : CVE-2023-7014
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset/3019084/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/538e9ce3-2d48-44ad-bd08-8eead3ef15c3?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0701

First published on : 05-02-2024 22:16:04
Last modified on : 05-02-2024 22:16:04

Description :
The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.

CVE ID : CVE-2024-0701
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0969

First published on : 05-02-2024 22:16:06
Last modified on : 05-02-2024 22:16:06

Description :
The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content.

CVE ID : CVE-2024-0969
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset/3030044/armember-membership/trunk/core/classes/class.arm_restriction.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1121

First published on : 05-02-2024 22:16:07
Last modified on : 05-02-2024 22:16:07

Description :
The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.

CVE ID : CVE-2024-1121
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031007%40advanced-forms&new=3031007%40advanced-forms&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1177

First published on : 05-02-2024 22:16:07
Last modified on : 05-02-2024 22:16:07

Description :
The WP Club Manager โ€“ WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs

CVE ID : CVE-2024-1177
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030843%40wp-club-manager&new=3030843%40wp-club-manager&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1208

First published on : 05-02-2024 22:16:07
Last modified on : 05-02-2024 22:16:07

Description :
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.

CVE ID : CVE-2024-1208
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210 | source : security@wordfence.com
https://www.learndash.com/release-notes/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ae735117-e68b-448e-ad41-258d1be3aebc?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1209

First published on : 05-02-2024 22:16:08
Last modified on : 05-02-2024 22:16:08

Description :
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.

CVE ID : CVE-2024-1209
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://github.com/karlemilnikka/CVE-2024-1209 | source : security@wordfence.com
https://www.learndash.com/release-notes/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7191955e-0db1-4ad1-878b-74f90ca59c91?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1210

First published on : 05-02-2024 22:16:08
Last modified on : 05-02-2024 22:16:08

Description :
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.

CVE ID : CVE-2024-1210
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210 | source : security@wordfence.com
https://www.learndash.com/release-notes/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/61ca5ab6-5fe9-4313-9b0d-8736663d0e89?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6953

First published on : 05-02-2024 22:15:57
Last modified on : 05-02-2024 22:15:57

Description :
The PDF Generator For Fluent Forms โ€“ The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.

CVE ID : CVE-2023-6953
Source : security@wordfence.com
CVSS Score : 4.9

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3023486%40fluentforms-pdf%2Ftrunk&old=2929799%40fluentforms-pdf%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b6675c48-43d4-4394-a4a3-f753bdaa5c4e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0844

First published on : 02-02-2024 12:15:49
Last modified on : 02-02-2024 13:36:23

Description :
The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other โ€œsafeโ€ file types can be uploaded and included.

CVE ID : CVE-2024-0844
Source : security@wordfence.com
CVSS Score : 4.7

References :
https://plugins.trac.wordpress.org/browser/popup-more/trunk/classes/Ajax.php#L184 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0597

First published on : 05-02-2024 22:16:02
Last modified on : 05-02-2024 22:16:02

Description :
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0597
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset/3023398/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0612

First published on : 05-02-2024 22:16:03
Last modified on : 05-02-2024 22:16:03

Description :
The Content Views โ€“ Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0612
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset/3024861/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0630

First published on : 05-02-2024 22:16:03
Last modified on : 05-02-2024 22:16:03

Description :
The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0630
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset/3026269/wp-rss-aggregator | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1162

First published on : 02-02-2024 06:15:45
Last modified on : 02-02-2024 13:36:31

Description :
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-1162
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-4637

First published on : 05-02-2024 22:15:55
Last modified on : 05-02-2024 22:15:55

Description :
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.

CVE ID : CVE-2023-4637
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/trunk/includes/class-wpvivid.php#L3736 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/trunk/includes/class-wpvivid.php#L3943 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3023214/wpvivid-backuprestore/trunk/includes/class-wpvivid.php?contextall=1&old=3007861&old_path=%2Fwpvivid-backuprestore%2Ftrunk%2Fincludes%2Fclass-wpvivid.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/bad0bd6b-9c88-4d31-90b5-92d3ceb8c0af?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6959

First published on : 05-02-2024 22:15:57
Last modified on : 05-02-2024 22:15:57

Description :
The Getwid โ€“ Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.

CVE ID : CVE-2023-6959
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3022982 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/774c00fb-82cd-44ca-bf96-3f6dfd1977d0?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6983

First published on : 05-02-2024 22:15:58
Last modified on : 05-02-2024 22:15:58

Description :
The Display custom fields in the frontend โ€“ Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta.

CVE ID : CVE-2023-6983
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/08d43c67-df40-4f1a-a351-803e59edee13?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0366

First published on : 05-02-2024 22:16:00
Last modified on : 05-02-2024 22:16:00

Description :
The Starbox โ€“ the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.

CVE ID : CVE-2024-0366
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0370

First published on : 05-02-2024 22:16:00
Last modified on : 05-02-2024 22:16:00

Description :
The Views for WPForms โ€“ Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.

CVE ID : CVE-2024-0370
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0371

First published on : 05-02-2024 22:16:00
Last modified on : 05-02-2024 22:16:00

Description :
The Views for WPForms โ€“ Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.

CVE ID : CVE-2024-0371
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0372

First published on : 05-02-2024 22:16:00
Last modified on : 05-02-2024 22:16:00

Description :
The Views for WPForms โ€“ Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.

CVE ID : CVE-2024-0372
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0373

First published on : 05-02-2024 22:16:00
Last modified on : 05-02-2024 22:16:00

Description :
The Views for WPForms โ€“ Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0373
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0374

First published on : 05-02-2024 22:16:01
Last modified on : 05-02-2024 22:16:01

Description :
The Views for WPForms โ€“ Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0374
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0791

First published on : 05-02-2024 22:16:05
Last modified on : 05-02-2024 22:16:05

Description :
The WOLF โ€“ WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms.

CVE ID : CVE-2024-0791
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/13c66a8f-b35f-4943-8880-0799b0d150f7?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0796

First published on : 05-02-2024 22:16:05
Last modified on : 05-02-2024 22:16:05

Description :
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0796
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0797

First published on : 05-02-2024 22:16:05
Last modified on : 05-02-2024 22:16:05

Description :
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.

CVE ID : CVE-2024-0797
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0835

First published on : 05-02-2024 22:16:05
Last modified on : 05-02-2024 22:16:05

Description :
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.

CVE ID : CVE-2024-0835
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail= | source : security@wordfence.com
https://wordpress.org/themes/royal-elementor-kit/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0859

First published on : 05-02-2024 22:16:06
Last modified on : 05-02-2024 22:16:06

Description :
The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0859
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/affiliates-manager/trunk/classes/ListAffiliatesTable.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3028484/affiliates-manager/trunk?contextall=1&old=3015278&old_path=%2Faffiliates-manager%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1092

First published on : 05-02-2024 22:16:07
Last modified on : 05-02-2024 22:16:07

Description :
The RSS Aggregator by Feedzy โ€“ Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.

CVE ID : CVE-2024-1092
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3030538%40feedzy-rss-feeds%2Ftrunk&old=3028200%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/98053141-fe97-4bd4-b820-b6cca3426109?source=cve | source : security@wordfence.com


Source : hq.dhs.gov

Vulnerability ID : CVE-2024-22096

First published on : 02-02-2024 00:15:55
Last modified on : 02-02-2024 01:57:57

Description :
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.

CVE ID : CVE-2024-22096
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.5

References :
https://rapidscada.org/contact/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-23


Vulnerability ID : CVE-2024-21869

First published on : 02-02-2024 00:15:55
Last modified on : 02-02-2024 01:57:57

Description :
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.

CVE ID : CVE-2024-21869
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.2

References :
https://rapidscada.org/contact/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-256


Vulnerability ID : CVE-2024-21794

First published on : 02-02-2024 00:15:54
Last modified on : 02-02-2024 01:57:57

Description :
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page.

CVE ID : CVE-2024-21794
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.4

References :
https://rapidscada.org/contact/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-601


Vulnerability ID : CVE-2024-21866

First published on : 02-02-2024 00:15:55
Last modified on : 02-02-2024 01:57:57

Description :
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.

CVE ID : CVE-2024-21866
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.3

References :
https://rapidscada.org/contact/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-209


Source : us.ibm.com

Vulnerability ID : CVE-2023-32333

First published on : 02-02-2024 02:15:16
Last modified on : 02-02-2024 04:58:55

Description :
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.

CVE ID : CVE-2023-32333
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/255073 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7112388 | source : psirt@us.ibm.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-50935

First published on : 02-02-2024 02:15:17
Last modified on : 02-02-2024 15:13:16

Description :
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.

CVE ID : CVE-2023-50935
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275115 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-425

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-38263

First published on : 02-02-2024 04:15:08
Last modified on : 02-02-2024 04:58:55

Description :
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577.

CVE ID : CVE-2023-38263
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260577 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7111679 | source : psirt@us.ibm.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-31006

First published on : 03-02-2024 01:15:08
Last modified on : 05-02-2024 02:09:43

Description :
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to a denial of service attacks on the DSC server. IBM X-Force ID: 254776.

CVE ID : CVE-2023-31006
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254776 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-31005

First published on : 03-02-2024 01:15:08
Last modified on : 05-02-2024 02:09:43

Description :
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767.

CVE ID : CVE-2023-31005
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254767 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-32329

First published on : 03-02-2024 01:15:08
Last modified on : 05-02-2024 02:09:43

Description :
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972.

CVE ID : CVE-2023-32329
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254972 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-345


Vulnerability ID : CVE-2023-50933

First published on : 02-02-2024 01:15:08
Last modified on : 02-02-2024 16:12:52

Description :
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113.

CVE ID : CVE-2023-50933
Source : psirt@us.ibm.com
CVSS Score : 6.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275113 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-79

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-47144

First published on : 02-02-2024 13:15:08
Last modified on : 02-02-2024 13:36:23

Description :
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271.

CVE ID : CVE-2023-47144
Source : psirt@us.ibm.com
CVSS Score : 6.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270271 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105139 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50962

First published on : 02-02-2024 02:15:17
Last modified on : 02-02-2024 04:58:55

Description :
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.

CVE ID : CVE-2023-50962
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/276004 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-50941

First published on : 02-02-2024 02:15:17
Last modified on : 02-02-2024 15:11:50

Description :
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.

CVE ID : CVE-2023-50941
Source : psirt@us.ibm.com
CVSS Score : 5.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275131 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-384

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-50947

First published on : 04-02-2024 01:15:25
Last modified on : 05-02-2024 02:09:37

Description :
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.

CVE ID : CVE-2023-50947
Source : psirt@us.ibm.com
CVSS Score : 5.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275665 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7114419 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7114430 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50327

First published on : 02-02-2024 01:15:07
Last modified on : 02-02-2024 16:13:22

Description :
IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109.

CVE ID : CVE-2023-50327
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275109 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-436

Vulnerability : CWE-650

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-50328

First published on : 02-02-2024 02:15:16
Last modified on : 02-02-2024 15:14:08

Description :
IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110.

CVE ID : CVE-2023-50328
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275110 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-668

Vulnerability : CWE-598

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-50934

First published on : 02-02-2024 02:15:16
Last modified on : 02-02-2024 15:13:45

Description :
IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114.

CVE ID : CVE-2023-50934
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275114 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-287

Vulnerability : CWE-308

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-47148

First published on : 02-02-2024 13:15:08
Last modified on : 02-02-2024 13:36:23

Description :
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.

CVE ID : CVE-2023-47148
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270599 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7096482 | source : psirt@us.ibm.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-33851

First published on : 04-02-2024 01:15:24
Last modified on : 05-02-2024 02:09:37

Description :
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135.

CVE ID : CVE-2023-33851
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/257135 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7114491 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2022-40744

First published on : 02-02-2024 04:15:07
Last modified on : 02-02-2024 04:58:55

Description :
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.

CVE ID : CVE-2022-40744
Source : psirt@us.ibm.com
CVSS Score : 4.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/236441 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7111778 | source : psirt@us.ibm.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-50938

First published on : 02-02-2024 02:15:17
Last modified on : 02-02-2024 15:12:44

Description :
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.

CVE ID : CVE-2023-50938
Source : psirt@us.ibm.com
CVSS Score : 4.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/275128 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7113759 | source : psirt@us.ibm.com

Vulnerability : CWE-451

Vulnerable product(s) : cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*


Vulnerability ID : CVE-2023-38020

First published on : 02-02-2024 04:15:08
Last modified on : 02-02-2024 04:58:55

Description :
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576.

CVE ID : CVE-2023-38020
Source : psirt@us.ibm.com
CVSS Score : 4.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/260576 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7111679 | source : psirt@us.ibm.com

Vulnerability : CWE-117


Source : snyk.io

Vulnerability ID : CVE-2024-21485

First published on : 02-02-2024 05:15:09
Last modified on : 02-02-2024 13:36:37

Description :
Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. **Note:** This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user.

CVE ID : CVE-2024-21485
Source : report@snyk.io
CVSS Score : 6.5

References :
https://github.com/plotly/dash/commit/9920073c9a8619ae8f90fcec1924f2f3a4332a8c | source : report@snyk.io
https://github.com/plotly/dash/issues/2729 | source : report@snyk.io
https://github.com/plotly/dash/pull/2732 | source : report@snyk.io
https://github.com/plotly/dash/releases/tag/v2.15.0 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-DASHCORECOMPONENTS-6183084 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-DASHHTMLCOMPONENTS-6226337 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-PYTHON-DASH-6226335 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-PYTHON-DASHCORECOMPONENTS-6226334 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-PYTHON-DASHHTMLCOMPONENTS-6226336 | source : report@snyk.io

Vulnerability : CWE-79


Source : hcl.com

Vulnerability ID : CVE-2023-37528

First published on : 03-02-2024 06:15:46
Last modified on : 05-02-2024 02:09:43

Description :
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report.

CVE ID : CVE-2023-37528
Source : psirt@hcl.com
CVSS Score : 6.5

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 | source : psirt@hcl.com


Vulnerability ID : CVE-2024-23550

First published on : 03-02-2024 06:15:48
Last modified on : 05-02-2024 02:09:43

Description :
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.

CVE ID : CVE-2024-23550
Source : psirt@hcl.com
CVSS Score : 6.2

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110334 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-37527

First published on : 02-02-2024 19:15:07
Last modified on : 02-02-2024 21:13:53

Description :
A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page.

CVE ID : CVE-2023-37527
Source : psirt@hcl.com
CVSS Score : 5.4

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 | source : psirt@hcl.com


Source : redhat.com

Vulnerability ID : CVE-2023-6240

First published on : 04-02-2024 14:15:47
Last modified on : 05-02-2024 02:09:37

Description :
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.

CVE ID : CVE-2023-6240
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-6240 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2250843 | source : secalert@redhat.com
https://people.redhat.com/~hkario/marvin/ | source : secalert@redhat.com
https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/ | source : secalert@redhat.com

Vulnerability : CWE-402


Vulnerability ID : CVE-2023-50781

First published on : 05-02-2024 21:15:10
Last modified on : 05-02-2024 21:15:10

Description :
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVE ID : CVE-2023-50781
Source : secalert@redhat.com
CVSS Score : 5.9

References :
https://access.redhat.com/security/cve/CVE-2023-50781 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254426 | source : secalert@redhat.com

Vulnerability : CWE-208


Vulnerability ID : CVE-2023-50782

First published on : 05-02-2024 21:15:11
Last modified on : 05-02-2024 21:15:11

Description :
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVE ID : CVE-2023-50782
Source : secalert@redhat.com
CVSS Score : 5.9

References :
https://access.redhat.com/security/cve/CVE-2023-50782 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | source : secalert@redhat.com

Vulnerability : CWE-208


Source : patchstack.com

Vulnerability ID : CVE-2023-51504

First published on : 05-02-2024 06:15:46
Last modified on : 05-02-2024 13:54:33

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.

CVE ID : CVE-2023-51504
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/dans-gcal/wordpress-dan-s-embedder-for-google-calendar-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24870

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10.

CVE ID : CVE-2024-24870
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/advanced-iframe/wordpress-advanced-iframe-plugin-2023-10-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24838

First published on : 05-02-2024 07:15:10
Last modified on : 05-02-2024 13:54:33

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.

CVE ID : CVE-2024-24838
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/good-reviews-wp/wordpress-five-star-restaurant-reviews-plugin-2-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24839

First published on : 05-02-2024 07:15:10
Last modified on : 05-02-2024 13:54:19

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Bรถhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1.

CVE ID : CVE-2024-24839
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/structured-content/wordpress-structured-content-json-ld-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24865

First published on : 05-02-2024 07:15:14
Last modified on : 05-02-2024 13:54:19

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3.

CVE ID : CVE-2024-24865
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/dreamgrow-scroll-triggered-box/wordpress-scroll-triggered-box-plugin-2-3-cross-site-scripting-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24841

First published on : 05-02-2024 07:15:11
Last modified on : 05-02-2024 13:54:19

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7.

CVE ID : CVE-2024-24841
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/add-customer-for-woocommerce/wordpress-add-customer-for-woocommerce-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2024-24768

First published on : 05-02-2024 15:15:09
Last modified on : 05-02-2024 18:25:55

Description :
1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.

CVE ID : CVE-2024-24768
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5 | source : security-advisories@github.com
https://github.com/1Panel-dev/1Panel/pull/3817 | source : security-advisories@github.com
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h | source : security-advisories@github.com

Vulnerability : CWE-315


Vulnerability ID : CVE-2024-22208

First published on : 05-02-2024 21:15:11
Last modified on : 05-02-2024 21:15:11

Description :
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5.

CVE ID : CVE-2024-22208
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg | source : security-advisories@github.com

Vulnerability : CWE-863


Vulnerability ID : CVE-2024-24574

First published on : 05-02-2024 21:15:12
Last modified on : 05-02-2024 21:15:12

Description :
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.

CVE ID : CVE-2024-24574
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5 | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/pull/2827 | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx | source : security-advisories@github.com

Vulnerability : CWE-79
Vulnerability : CWE-80


Vulnerability ID : CVE-2024-23635

First published on : 02-02-2024 17:15:11
Last modified on : 02-02-2024 21:13:53

Description :
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later.

CVE ID : CVE-2024-23635
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/nahsra/antisamy/security/advisories/GHSA-2mrq-w8pv-5pvq | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-22202

First published on : 05-02-2024 20:15:55
Last modified on : 05-02-2024 20:15:55

Description :
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.

CVE ID : CVE-2024-22202
Source : security-advisories@github.com
CVSS Score : 5.7

References :
https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35 | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-23824

First published on : 02-02-2024 16:15:55
Last modified on : 02-02-2024 16:30:16

Description :
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.

CVE ID : CVE-2024-23824
Source : security-advisories@github.com
CVSS Score : 4.7

References :
https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack | source : security-advisories@github.com
https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed | source : security-advisories@github.com
https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7 | source : security-advisories@github.com

Vulnerability : CWE-400


Source : netapp.com

Vulnerability ID : CVE-2023-27318

First published on : 05-02-2024 21:15:10
Last modified on : 05-02-2024 21:15:10

Description :
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.

CVE ID : CVE-2023-27318
Source : security-alert@netapp.com
CVSS Score : 6.5

References :
https://security.netapp.com/advisory/NTAP-20240202-0012/ | source : security-alert@netapp.com

Vulnerability : CWE-248


Source : ch.abb.com

Vulnerability ID : CVE-2021-22281

First published on : 02-02-2024 08:15:46
Last modified on : 02-02-2024 13:36:31

Description :
: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.

CVE ID : CVE-2021-22281
Source : cybersecurity@ch.abb.com
CVSS Score : 6.3

References :
https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf | source : cybersecurity@ch.abb.com

Vulnerability : CWE-23


Vulnerability ID : CVE-2023-6028

First published on : 05-02-2024 18:15:51
Last modified on : 05-02-2024 18:25:55

Description :
A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked userโ€™s browser session.

CVE ID : CVE-2023-6028
Source : cybersecurity@ch.abb.com
CVSS Score : 6.1

References :
https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf | source : cybersecurity@ch.abb.com

Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2024-1198

First published on : 03-02-2024 00:15:44
Last modified on : 05-02-2024 02:09:43

Description :
A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696.

CVE ID : CVE-2024-1198
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/qFXZZfp1NLa3 | source : cna@vuldb.com
https://vuldb.com/?ctiid.252696 | source : cna@vuldb.com
https://vuldb.com/?id.252696 | source : cna@vuldb.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2024-1195

First published on : 02-02-2024 22:15:25
Last modified on : 05-02-2024 02:09:43

Description :
A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1195
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://vuldb.com/?ctiid.252685 | source : cna@vuldb.com
https://vuldb.com/?id.252685 | source : cna@vuldb.com
https://www.youtube.com/watch?v=JdQMINPVJd8 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2019-25159

First published on : 04-02-2024 06:15:07
Last modified on : 05-02-2024 02:09:37

Description :
A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability.

CVE ID : CVE-2019-25159
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/mpedraza2020/IESMONTEROSOINTRANET/commit/678190bee1dfd64b54a2b0e88abfd009e78adce8 | source : cna@vuldb.com
https://github.com/mpedraza2020/IESMONTEROSOINTRANET/releases/tag/v4.51.0 | source : cna@vuldb.com
https://vuldb.com/?ctiid.252717 | source : cna@vuldb.com
https://vuldb.com/?id.252717 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-1199

First published on : 03-02-2024 00:15:44
Last modified on : 05-02-2024 02:09:43

Description :
A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability.

CVE ID : CVE-2024-1199
Source : cna@vuldb.com
CVSS Score : 5.4

References :
https://docs.qq.com/doc/DYnhIWEdkZXViTXdD | source : cna@vuldb.com
https://vuldb.com/?ctiid.252697 | source : cna@vuldb.com
https://vuldb.com/?id.252697 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1189

First published on : 02-02-2024 19:15:08
Last modified on : 02-02-2024 21:13:53

Description :
A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written.

CVE ID : CVE-2024-1189
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://fitoxs.com/vuldb/15-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252679 | source : cna@vuldb.com
https://vuldb.com/?id.252679 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1200

First published on : 03-02-2024 02:15:52
Last modified on : 05-02-2024 02:09:43

Description :
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-1200
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.252698 | source : cna@vuldb.com
https://vuldb.com/?id.252698 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-1196

First published on : 02-02-2024 22:15:25
Last modified on : 03-02-2024 00:07:59

Description :
A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-1196
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.252694 | source : cna@vuldb.com
https://vuldb.com/?id.252694 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2018-25098

First published on : 04-02-2024 17:15:07
Last modified on : 05-02-2024 02:09:37

Description :
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE ID : CVE-2018-25098
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/blockmason/credit-protocol/commit/082e01f18707ef995e80ebe97fcedb229a55efc5 | source : cna@vuldb.com
https://github.com/blockmason/credit-protocol/pull/33 | source : cna@vuldb.com
https://vuldb.com/?ctiid.252799 | source : cna@vuldb.com
https://vuldb.com/?id.252799 | source : cna@vuldb.com

Vulnerability : CWE-404


Source : axis.com

Vulnerability ID : CVE-2023-5677

First published on : 05-02-2024 06:15:46
Last modified on : 05-02-2024 13:54:33

Description :
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE ID : CVE-2023-5677
Source : product-security@axis.com
CVSS Score : 6.3

References :
https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf | source : product-security@axis.com


Vulnerability ID : CVE-2023-5800

First published on : 05-02-2024 06:15:46
Last modified on : 05-02-2024 13:54:33

Description :
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVE ID : CVE-2023-5800
Source : product-security@axis.com
CVSS Score : 5.4

References :
https://www.axis.com/dam/public/89/d9/99/cve-2023-5800-en-US-424339.pdf | source : product-security@axis.com


Source : usom.gov.tr

Vulnerability ID : CVE-2023-6673

First published on : 02-02-2024 13:15:09
Last modified on : 02-02-2024 13:36:23

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before v.1.5.

CVE ID : CVE-2023-6673
Source : iletisim@usom.gov.tr
CVSS Score : 6.1

References :
https://www.usom.gov.tr/bildirim/tr-24-0080 | source : iletisim@usom.gov.tr

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-6672

First published on : 02-02-2024 13:15:08
Last modified on : 02-02-2024 13:36:23

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS.This issue affects CyberMath: from v1.4 before v1.5.

CVE ID : CVE-2023-6672
Source : iletisim@usom.gov.tr
CVSS Score : 5.4

References :
https://www.usom.gov.tr/bildirim/tr-24-0080 | source : iletisim@usom.gov.tr

Vulnerability : CWE-79


Source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c

Vulnerability ID : CVE-2024-24595

First published on : 05-02-2024 22:16:08
Last modified on : 05-02-2024 22:16:08

Description :
Allegro AIโ€™s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.

CVE ID : CVE-2024-24595
Source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c
CVSS Score : 6.0

References :
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c

Vulnerability : CWE-522


Source : emc.com

Vulnerability ID : CVE-2021-21575

First published on : 02-02-2024 16:15:45
Last modified on : 02-02-2024 16:30:16

Description :
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

CVE ID : CVE-2021-21575
Source : security_alert@emc.com
CVSS Score : 5.9

References :
https://www.dell.com/support/kbdoc/en-us/000189462/dsa-2021-131-dell-bsafetm-micro-edition-suite-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-208


Source : puiterwijk.org

Vulnerability ID : CVE-2024-0202

First published on : 05-02-2024 21:15:11
Last modified on : 05-02-2024 21:15:11

Description :
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate.

CVE ID : CVE-2024-0202
Source : patrick@puiterwijk.org
CVSS Score : 5.9

References :
https://bugzilla.redhat.com/show_bug.cgi?id=2256518 | source : patrick@puiterwijk.org

Vulnerability : CWE-208


Source : wdc.com

Vulnerability ID : CVE-2023-22817

First published on : 05-02-2024 22:15:54
Last modified on : 05-02-2024 22:15:54

Description :
Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.

CVE ID : CVE-2023-22817
Source : psirt@wdc.com
CVSS Score : 5.5

References :
https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update | source : psirt@wdc.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-22819

First published on : 05-02-2024 22:15:55
Last modified on : 05-02-2024 22:15:55

Description :
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.

CVE ID : CVE-2023-22819
Source : psirt@wdc.com
CVSS Score : 4.9

References :
https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update | source : psirt@wdc.com

Vulnerability : CWE-400


Source : openanolis.org

Vulnerability ID : CVE-2024-22386

First published on : 05-02-2024 08:15:43
Last modified on : 05-02-2024 13:54:19

Description :
A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

CVE ID : CVE-2024-22386
Source : security@openanolis.org
CVSS Score : 5.3

References :
https://bugzilla.openanolis.cn/show_bug.cgi?id=8147 | source : security@openanolis.org

Vulnerability : CWE-362


Vulnerability ID : CVE-2024-23196

First published on : 05-02-2024 08:15:44
Last modified on : 05-02-2024 13:54:19

Description :
A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

CVE ID : CVE-2024-23196
Source : security@openanolis.org
CVSS Score : 5.3

References :
https://bugzilla.openanolis.cn/show_bug.cgi?id=8148 | source : security@openanolis.org

Vulnerability : CWE-362


Vulnerability ID : CVE-2024-24864

First published on : 05-02-2024 08:15:45
Last modified on : 05-02-2024 13:54:19

Description :
A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

CVE ID : CVE-2024-24864
Source : security@openanolis.org
CVSS Score : 5.3

References :
https://bugzilla.openanolis.cn/show_bug.cgi?id=8178 | source : security@openanolis.org

Vulnerability : CWE-362


Vulnerability ID : CVE-2024-24855

First published on : 05-02-2024 08:15:44
Last modified on : 05-02-2024 13:54:19

Description :
A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

CVE ID : CVE-2024-24855
Source : security@openanolis.org
CVSS Score : 5.0

References :
https://bugzilla.openanolis.cn/show_bug.cgi?id=8149 | source : security@openanolis.org

Vulnerability : CWE-362


Vulnerability ID : CVE-2024-24857

First published on : 05-02-2024 08:15:44
Last modified on : 05-02-2024 13:54:19

Description :
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

CVE ID : CVE-2024-24857
Source : security@openanolis.org
CVSS Score : 4.6

References :
https://bugzilla.openanolis.cn/show_bug.cgi?id=8155 | source : security@openanolis.org

Vulnerability : CWE-362


Vulnerability ID : CVE-2024-24858

First published on : 05-02-2024 08:15:44
Last modified on : 05-02-2024 13:54:19

Description :
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

CVE ID : CVE-2024-24858
Source : security@openanolis.org
CVSS Score : 4.6

References :
https://bugzilla.openanolis.cn/show_bug.cgi?id=8154 | source : security@openanolis.org

Vulnerability : CWE-362


Vulnerability ID : CVE-2024-24859

First published on : 05-02-2024 08:15:44
Last modified on : 05-02-2024 13:54:19

Description :
A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

CVE ID : CVE-2024-24859
Source : security@openanolis.org
CVSS Score : 4.6

References :
https://bugzilla.openanolis.cn/show_bug.cgi?id=8153 | source : security@openanolis.org

Vulnerability : CWE-362


Vulnerability ID : CVE-2024-24860

First published on : 05-02-2024 08:15:45
Last modified on : 05-02-2024 13:54:19

Description :
A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

CVE ID : CVE-2024-24860
Source : security@openanolis.org
CVSS Score : 4.6

References :
https://bugzilla.openanolis.cn/show_bug.cgi?id=8151 | source : security@openanolis.org

Vulnerability : CWE-362


Source : openharmony.io

Vulnerability ID : CVE-2024-0285

First published on : 02-02-2024 07:15:09
Last modified on : 02-02-2024 13:36:31

Description :
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.

CVE ID : CVE-2024-0285
Source : scy@openharmony.io
CVSS Score : 4.7

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | source : scy@openharmony.io

Vulnerability : CWE-20


Vulnerability ID : CVE-2024-21863

First published on : 02-02-2024 07:15:12
Last modified on : 02-02-2024 13:36:31

Description :
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.

CVE ID : CVE-2024-21863
Source : scy@openharmony.io
CVSS Score : 4.7

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | source : scy@openharmony.io

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-45734

First published on : 02-02-2024 07:15:09
Last modified on : 02-02-2024 13:36:31

Description :
in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.

CVE ID : CVE-2023-45734
Source : scy@openharmony.io
CVSS Score : 4.2

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | source : scy@openharmony.io

Vulnerability : CWE-787


Source : vmware.com

Vulnerability ID : CVE-2023-34042

First published on : 05-02-2024 22:15:55
Last modified on : 05-02-2024 22:15:55

Description :
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of โ€œCWE-732: Incorrect Permission Assignment for Critical Resourceโ€ and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.

CVE ID : CVE-2023-34042
Source : security@vmware.com
CVSS Score : 4.1

References :
https://spring.io/security/cve-2023-34042 | source : security@vmware.com


(26) LOW VULNERABILITIES [0.1, 3.9]

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-41292

First published on : 02-02-2024 16:15:49
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-41292
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-46 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45035

First published on : 02-02-2024 16:15:50
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-45035
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-46 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45036

First published on : 02-02-2024 16:15:51
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-45036
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-46 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-45037

First published on : 02-02-2024 16:15:51
Last modified on : 02-02-2024 16:30:16

Description :
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2023-45037
Source : security@qnapsecurity.com.tw
CVSS Score : 3.8

References :
https://www.qnap.com/en/security-advisory/qsa-23-46 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-120


Vulnerability ID : CVE-2023-50359

First published on : 02-02-2024 16:15:53
Last modified on : 02-02-2024 16:30:16

Description :
An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later

CVE ID : CVE-2023-50359
Source : security@qnapsecurity.com.tw
CVSS Score : 3.4

References :
https://www.qnap.com/en/security-advisory/qsa-24-07 | source : security@qnapsecurity.com.tw

Vulnerability : CWE-252


Source : github.com

Vulnerability ID : CVE-2024-24560

First published on : 02-02-2024 17:15:11
Last modified on : 02-02-2024 21:13:53

Description :
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned.

CVE ID : CVE-2024-24560
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686 | source : security-advisories@github.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2024-24559

First published on : 05-02-2024 21:15:12
Last modified on : 05-02-2024 21:15:12

Description :
Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available.

CVE ID : CVE-2024-24559
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586 | source : security-advisories@github.com
https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv | source : security-advisories@github.com

Vulnerability : CWE-327


Vulnerability ID : CVE-2024-24807

First published on : 05-02-2024 21:15:12
Last modified on : 05-02-2024 21:15:12

Description :
Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12.

CVE ID : CVE-2024-24807
Source : security-advisories@github.com
CVSS Score : 2.7

References :
https://github.com/sulu/sulu/releases/tag/2.4.16 | source : security-advisories@github.com
https://github.com/sulu/sulu/releases/tag/2.5.12 | source : security-advisories@github.com
https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv | source : security-advisories@github.com

Vulnerability : CWE-80


Source : vuldb.com

Vulnerability ID : CVE-2015-10129

First published on : 04-02-2024 05:15:49
Last modified on : 05-02-2024 02:09:37

Description :
A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716.

CVE ID : CVE-2015-10129
Source : cna@vuldb.com
CVSS Score : 3.7

References :
https://github.com/samwilson/planet-freo/commit/6ad38c58a45642eb8c7844e2f272ef199f59550d | source : cna@vuldb.com
https://vuldb.com/?ctiid.252716 | source : cna@vuldb.com
https://vuldb.com/?id.252716 | source : cna@vuldb.com

Vulnerability : CWE-697


Vulnerability ID : CVE-2024-1215

First published on : 03-02-2024 16:16:00
Last modified on : 05-02-2024 02:09:37

Description :
A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-1215
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/PrecursorYork/crud-without-refresh-reload-Reflected_XSS-POC/blob/main/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.252782 | source : cna@vuldb.com
https://vuldb.com/?id.252782 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-1184

First published on : 02-02-2024 13:15:10
Last modified on : 02-02-2024 13:36:23

Description :
A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1184
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/10-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252674 | source : cna@vuldb.com
https://vuldb.com/?id.252674 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1185

First published on : 02-02-2024 16:15:53
Last modified on : 02-02-2024 16:30:16

Description :
A vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252675. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1185
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/11-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252675 | source : cna@vuldb.com
https://vuldb.com/?id.252675 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1186

First published on : 02-02-2024 17:15:11
Last modified on : 02-02-2024 21:13:53

Description :
A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1186
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/12-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252676 | source : cna@vuldb.com
https://vuldb.com/?id.252676 | source : cna@vuldb.com
https://www.exploit-db.com/exploits/45884 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1187

First published on : 02-02-2024 18:15:32
Last modified on : 02-02-2024 21:13:53

Description :
A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1187
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/13-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252677 | source : cna@vuldb.com
https://vuldb.com/?id.252677 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1188

First published on : 02-02-2024 18:15:32
Last modified on : 02-02-2024 21:13:53

Description :
A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1188
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/14-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252678 | source : cna@vuldb.com
https://vuldb.com/?id.252678 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1190

First published on : 02-02-2024 19:15:08
Last modified on : 02-02-2024 21:13:53

Description :
A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1190
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/16-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252680 | source : cna@vuldb.com
https://vuldb.com/?id.252680 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1193

First published on : 02-02-2024 21:15:08
Last modified on : 05-02-2024 02:09:43

Description :
A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1193
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/24-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252683 | source : cna@vuldb.com
https://vuldb.com/?id.252683 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1194

First published on : 02-02-2024 21:15:08
Last modified on : 05-02-2024 02:09:43

Description :
A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1194
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/25-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252684 | source : cna@vuldb.com
https://vuldb.com/?id.252684 | source : cna@vuldb.com

Vulnerability : CWE-404


Source : wordfence.com

Vulnerability ID : CVE-2024-1075

First published on : 05-02-2024 22:16:07
Last modified on : 05-02-2024 22:16:07

Description :
The Minimal Coming Soon โ€“ Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden.

CVE ID : CVE-2024-1075
Source : security@wordfence.com
CVSS Score : 3.7

References :
https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php#L67 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3031149/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/78203b98-15bc-4d8e-9278-c472b518be07?source=cve | source : security@wordfence.com


Source : openanolis.org

Vulnerability ID : CVE-2024-24861

First published on : 05-02-2024 08:15:45
Last modified on : 05-02-2024 13:54:19

Description :
A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.

CVE ID : CVE-2024-24861
Source : security@openanolis.org
CVSS Score : 3.3

References :
https://bugzilla.openanolis.cn/show_bug.cgi?id=8150 | source : security@openanolis.org

Vulnerability : CWE-362


Source : hcl.com

Vulnerability ID : CVE-2024-23553

First published on : 02-02-2024 21:15:08
Last modified on : 05-02-2024 02:09:43

Description :
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute.

CVE ID : CVE-2024-23553
Source : psirt@hcl.com
CVSS Score : 3.0

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 | source : psirt@hcl.com


Source : openharmony.io

Vulnerability ID : CVE-2023-43756

First published on : 02-02-2024 07:15:08
Last modified on : 02-02-2024 13:36:31

Description :
in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.

CVE ID : CVE-2023-43756
Source : scy@openharmony.io
CVSS Score : 2.9

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | source : scy@openharmony.io

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-49118

First published on : 02-02-2024 07:15:09
Last modified on : 02-02-2024 13:36:31

Description :
in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.

CVE ID : CVE-2023-49118
Source : scy@openharmony.io
CVSS Score : 2.9

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | source : scy@openharmony.io

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-21845

First published on : 02-02-2024 07:15:10
Last modified on : 02-02-2024 13:36:31

Description :
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.

CVE ID : CVE-2024-21845
Source : scy@openharmony.io
CVSS Score : 2.9

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | source : scy@openharmony.io

Vulnerability : CWE-190


Vulnerability ID : CVE-2024-21851

First published on : 02-02-2024 07:15:11
Last modified on : 02-02-2024 13:36:31

Description :
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.

CVE ID : CVE-2024-21851
Source : scy@openharmony.io
CVSS Score : 2.9

References :
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | source : scy@openharmony.io

Vulnerability : CWE-190


Source : us.ibm.com

Vulnerability ID : CVE-2023-46159

First published on : 02-02-2024 03:15:09
Last modified on : 02-02-2024 04:58:55

Description :
IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.

CVE ID : CVE-2023-46159
Source : psirt@us.ibm.com
CVSS Score : 2.6

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/268906 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7112263 | source : psirt@us.ibm.com

Vulnerability : CWE-20


(79) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-46344

First published on : 02-02-2024 02:15:16
Last modified on : 02-02-2024 04:58:55

Description :
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks.

CVE ID : CVE-2023-46344
Source : cve@mitre.org
CVSS Score : /

References :
http://solar-log.com | source : cve@mitre.org
https://github.com/vinnie1717/CVE-2023-46344/blob/main/Solar-Log%20XSS | source : cve@mitre.org


Vulnerability ID : CVE-2023-48792

First published on : 02-02-2024 02:15:16
Last modified on : 02-02-2024 04:58:55

Description :
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.

CVE ID : CVE-2023-48792
Source : cve@mitre.org
CVSS Score : /

References :
https://manageengine.com | source : cve@mitre.org
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-48793

First published on : 02-02-2024 02:15:16
Last modified on : 02-02-2024 04:58:55

Description :
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.

CVE ID : CVE-2023-48793
Source : cve@mitre.org
CVSS Score : /

References :
https://manageengine.com | source : cve@mitre.org
https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-22899

First published on : 02-02-2024 02:15:18
Last modified on : 02-02-2024 04:58:55

Description :
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.

CVE ID : CVE-2024-22899
Source : cve@mitre.org
CVSS Score : /

References :
http://vinchin.com | source : cve@mitre.org
https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | source : cve@mitre.org
https://seclists.org/fulldisclosure/2024/Jan/29 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22900

First published on : 02-02-2024 02:15:18
Last modified on : 02-02-2024 04:58:55

Description :
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.

CVE ID : CVE-2024-22900
Source : cve@mitre.org
CVSS Score : /

References :
http://vinchin.com | source : cve@mitre.org
https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | source : cve@mitre.org
https://seclists.org/fulldisclosure/2024/Jan/29 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22901

First published on : 02-02-2024 02:15:18
Last modified on : 02-02-2024 04:58:55

Description :
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.

CVE ID : CVE-2024-22901
Source : cve@mitre.org
CVSS Score : /

References :
http://vinchin.com | source : cve@mitre.org
https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | source : cve@mitre.org
https://seclists.org/fulldisclosure/2024/Jan/30 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22902

First published on : 02-02-2024 02:15:18
Last modified on : 02-02-2024 04:58:55

Description :
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.

CVE ID : CVE-2024-22902
Source : cve@mitre.org
CVSS Score : /

References :
http://default.com | source : cve@mitre.org
http://vinchin.com | source : cve@mitre.org
https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | source : cve@mitre.org
https://seclists.org/fulldisclosure/2024/Jan/31 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22903

First published on : 02-02-2024 02:15:18
Last modified on : 02-02-2024 04:58:55

Description :
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.

CVE ID : CVE-2024-22903
Source : cve@mitre.org
CVSS Score : /

References :
http://vinchin.com | source : cve@mitre.org
https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | source : cve@mitre.org
https://seclists.org/fulldisclosure/2024/Jan/32 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23746

First published on : 02-02-2024 02:15:18
Last modified on : 02-02-2024 04:58:55

Description :
Miro Desktop 0.8.18 on macOS allows Electron code injection.

CVE ID : CVE-2024-23746
Source : cve@mitre.org
CVSS Score : /

References :
https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection | source : cve@mitre.org
https://github.com/louiselalanne/CVE-2024-23746 | source : cve@mitre.org
https://miro.com/about/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-22533

First published on : 02-02-2024 03:15:11
Last modified on : 02-02-2024 04:58:55

Description :
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.

CVE ID : CVE-2024-22533
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/xiandafu/beetl/issues/I8RU01 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24482

First published on : 02-02-2024 05:15:10
Last modified on : 02-02-2024 13:36:37

Description :
Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal.

CVE ID : CVE-2024-24482
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-vgwr-4w3p-xmjv | source : cve@mitre.org


Vulnerability ID : CVE-2023-46045

First published on : 02-02-2024 06:15:45
Last modified on : 02-02-2024 13:36:37

Description :
Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

CVE ID : CVE-2023-46045
Source : cve@mitre.org
CVSS Score : /

References :
https://gitlab.com/graphviz/graphviz/-/issues/2441 | source : cve@mitre.org
https://seclists.org/fulldisclosure/2024/Jan/73 | source : cve@mitre.org
https://www.openwall.com/lists/oss-security/2024/02/01/2 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24524

First published on : 02-02-2024 08:15:46
Last modified on : 02-02-2024 13:36:31

Description :
Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component.

CVE ID : CVE-2024-24524
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/harryrabbit5651/cms/blob/main/1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-48645

First published on : 02-02-2024 09:15:37
Last modified on : 02-02-2024 13:36:31

Description :
An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.

CVE ID : CVE-2023-48645
Source : cve@mitre.org
CVSS Score : /

References :
https://excellium-services.com/cert-xlm-advisory/CVE-2023-48645 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22851

First published on : 02-02-2024 09:15:37
Last modified on : 02-02-2024 13:36:31

Description :
Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.

CVE ID : CVE-2024-22851
Source : cve@mitre.org
CVSS Score : /

References :
https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851 | source : cve@mitre.org


Vulnerability ID : CVE-2023-39611

First published on : 02-02-2024 10:15:08
Last modified on : 02-02-2024 13:36:23

Description :
An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.

CVE ID : CVE-2023-39611
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/%40arielbreisacher/my-chart-fx-7-software-investigation-journey-leading-to-a-directory-traversal-vulnerability-067cdcd3f2e9 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50488

First published on : 02-02-2024 10:15:08
Last modified on : 02-02-2024 13:36:23

Description :
An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.

CVE ID : CVE-2023-50488
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/roman-mueller/PoC/tree/master/CVE-2023-50488 | source : cve@mitre.org
https://infosec.rm-it.de/2024/02/01/blurams-lumi-security-camera-analysis/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51072

First published on : 02-02-2024 10:15:08
Last modified on : 02-02-2024 13:36:23

Description :
A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators.

CVE ID : CVE-2023-51072
Source : cve@mitre.org
CVSS Score : /

References :
https://www.nagios.com/products/security/#nagios-xi | source : cve@mitre.org


Vulnerability ID : CVE-2023-51820

First published on : 02-02-2024 10:15:08
Last modified on : 02-02-2024 13:36:23

Description :
An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code.

CVE ID : CVE-2023-51820
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/roman-mueller/PoC/tree/master/CVE-2023-51820 | source : cve@mitre.org
https://infosec.rm-it.de/2024/02/01/blurams-lumi-security-camera-analysis/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-24388

First published on : 02-02-2024 10:15:08
Last modified on : 02-02-2024 13:36:23

Description :
Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login.

CVE ID : CVE-2024-24388
Source : cve@mitre.org
CVSS Score : /

References :
https://www.cnblogs.com/rxtycc/p/17948379 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51838

First published on : 02-02-2024 16:15:53
Last modified on : 02-02-2024 16:30:16

Description :
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.

CVE ID : CVE-2023-51838
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Ylianst/MeshCentral/tree/master | source : cve@mitre.org
https://github.com/tianjk99/Cryptographic-Misuses/blob/main/Bug_MeshCentral.md | source : cve@mitre.org
https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51838.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22107

First published on : 02-02-2024 16:15:55
Last modified on : 02-02-2024 16:30:16

Description :
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.

CVE ID : CVE-2024-22107
Source : cve@mitre.org
CVSS Score : /

References :
https://adepts.of0x.cc/gtbcc-pwned/ | source : cve@mitre.org
https://x-c3ll.github.io/cves.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-22108

First published on : 02-02-2024 16:15:55
Last modified on : 02-02-2024 16:30:16

Description :
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value.

CVE ID : CVE-2024-22108
Source : cve@mitre.org
CVSS Score : /

References :
https://adepts.of0x.cc/gtbcc-pwned/ | source : cve@mitre.org
https://x-c3ll.github.io/cves.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-24029

First published on : 02-02-2024 16:15:55
Last modified on : 02-02-2024 16:30:16

Description :
JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data.

CVE ID : CVE-2024-24029
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/heyewei/JFinalcms/issues/I8VE52 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24160

First published on : 02-02-2024 16:15:55
Last modified on : 02-02-2024 16:30:16

Description :
MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do.

CVE ID : CVE-2024-24160
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/wy876/cve/issues/1 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24161

First published on : 02-02-2024 16:15:55
Last modified on : 02-02-2024 16:30:16

Description :
MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.

CVE ID : CVE-2024-24161
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/wy876/cve/issues/2 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24470

First published on : 02-02-2024 16:15:55
Last modified on : 02-02-2024 16:30:16

Description :
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component.

CVE ID : CVE-2024-24470
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tang-0717/cms/blob/main/1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43183

First published on : 03-02-2024 09:15:11
Last modified on : 05-02-2024 02:09:37

Description :
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account.

CVE ID : CVE-2023-43183
Source : cve@mitre.org
CVSS Score : /

References :
http://seclists.org/fulldisclosure/2024/Jan/43 | source : cve@mitre.org
https://packetstormsecurity.com/files/176841/Reprise-License-Manager-15.1-Privilege-Escalation-File-Write.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-44031

First published on : 03-02-2024 09:15:11
Last modified on : 05-02-2024 02:09:37

Description :
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.

CVE ID : CVE-2023-44031
Source : cve@mitre.org
CVSS Score : /

References :
http://seclists.org/fulldisclosure/2024/Jan/43 | source : cve@mitre.org
https://packetstormsecurity.com/files/176841/Reprise-License-Manager-15.1-Privilege-Escalation-File-Write.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-49950

First published on : 03-02-2024 09:15:11
Last modified on : 05-02-2024 02:09:37

Description :
The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure.

CVE ID : CVE-2023-49950
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/shrikeinfosec/cve-2023-49950/blob/main/cve-2023-49950.md | source : cve@mitre.org
https://servicedesk.logpoint.com/hc/en-us/articles/14124495377437-Stored-XSS-Vulnerability-in-Alerts-via-Log-Injection | source : cve@mitre.org


Vulnerability ID : CVE-2024-25062

First published on : 04-02-2024 16:15:45
Last modified on : 05-02-2024 02:09:37

Description :
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

CVE ID : CVE-2024-25062
Source : cve@mitre.org
CVSS Score : /

References :
https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 | source : cve@mitre.org
https://gitlab.gnome.org/GNOME/libxml2/-/tags | source : cve@mitre.org


Vulnerability ID : CVE-2020-36773

First published on : 04-02-2024 18:16:00
Last modified on : 05-02-2024 02:09:37

Description :
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).

CVE ID : CVE-2020-36773
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.ghostscript.com/show_bug.cgi?id=702229 | source : cve@mitre.org
https://bugzilla.opensuse.org/show_bug.cgi?id=1177922 | source : cve@mitre.org
https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874 | source : cve@mitre.org
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52425

First published on : 04-02-2024 20:15:46
Last modified on : 05-02-2024 02:09:37

Description :
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

CVE ID : CVE-2023-52425
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/libexpat/libexpat/pull/789 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52426

First published on : 04-02-2024 20:15:46
Last modified on : 05-02-2024 02:09:37

Description :
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

CVE ID : CVE-2023-52426
Source : cve@mitre.org
CVSS Score : /

References :
https://cwe.mitre.org/data/definitions/776.html | source : cve@mitre.org
https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404 | source : cve@mitre.org
https://github.com/libexpat/libexpat/pull/777 | source : cve@mitre.org


Vulnerability ID : CVE-2021-46902

First published on : 04-02-2024 21:15:07
Last modified on : 05-02-2024 02:09:37

Description :
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.

CVE ID : CVE-2021-46902
Source : cve@mitre.org
CVSS Score : /

References :
https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-03-meinberg-lantime-firmware-v7-04-008-und-v6-24-029.htm | source : cve@mitre.org


Vulnerability ID : CVE-2021-46903

First published on : 04-02-2024 21:15:07
Last modified on : 05-02-2024 02:09:37

Description :
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).

CVE ID : CVE-2021-46903
Source : cve@mitre.org
CVSS Score : /

References :
https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-03-meinberg-lantime-firmware-v7-04-008-und-v6-24-029.htm | source : cve@mitre.org


Vulnerability ID : CVE-2024-25089

First published on : 04-02-2024 22:15:23
Last modified on : 05-02-2024 02:09:37

Description :
Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes.

CVE ID : CVE-2024-25089
Source : cve@mitre.org
CVSS Score : /

References :
https://hackerone.com/reports/2300061 | source : cve@mitre.org
https://www.binisoft.org/changelog.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-22667

First published on : 05-02-2024 08:15:44
Last modified on : 05-02-2024 13:54:19

Description :
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.

CVE ID : CVE-2024-22667
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt | source : cve@mitre.org
https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47355

First published on : 05-02-2024 16:15:54
Last modified on : 05-02-2024 18:25:55

Description :
The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation.

CVE ID : CVE-2023-47355
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.eypcnnapps.quickreboot/blob/main/CWE-925.md | source : cve@mitre.org
https://play.google.com/store/apps/details?id=com.eypcnnapps.quickreboot | source : cve@mitre.org


Vulnerability ID : CVE-2024-23054

First published on : 05-02-2024 16:15:55
Last modified on : 05-02-2024 18:25:55

Description :
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).

CVE ID : CVE-2024-23054
Source : cve@mitre.org
CVSS Score : /

References :
http://plone.com | source : cve@mitre.org
http://ploneorg.com | source : cve@mitre.org
https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-23054/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24397

First published on : 05-02-2024 16:15:55
Last modified on : 05-02-2024 18:25:55

Description :
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.

CVE ID : CVE-2024-24397
Source : cve@mitre.org
CVSS Score : /

References :
http://stimulsoft.com | source : cve@mitre.org
https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R | source : cve@mitre.org
https://cves.at/posts/cve-2024-24397/writeup/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-24468

First published on : 05-02-2024 16:15:55
Last modified on : 05-02-2024 18:25:55

Description :
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.

CVE ID : CVE-2024-24468
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tang-0717/cms/blob/main/3.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24469

First published on : 05-02-2024 16:15:55
Last modified on : 05-02-2024 18:25:55

Description :
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.

CVE ID : CVE-2024-24469
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/tang-0717/cms/blob/main/2.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24258

First published on : 05-02-2024 18:15:52
Last modified on : 05-02-2024 18:25:55

Description :
mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.

CVE ID : CVE-2024-24258
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24259

First published on : 05-02-2024 18:15:52
Last modified on : 05-02-2024 18:25:55

Description :
mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.

CVE ID : CVE-2024-24259
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24260

First published on : 05-02-2024 18:15:52
Last modified on : 05-02-2024 18:25:55

Description :
media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c.

CVE ID : CVE-2024-24260
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yinluming13579/media-server_defects/blob/main/media-server_1.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24262

First published on : 05-02-2024 18:15:52
Last modified on : 05-02-2024 18:25:55

Description :
media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c.

CVE ID : CVE-2024-24262
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/LuMingYinDetect/media-server_detect/blob/main/media_server_detect_1.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24263

First published on : 05-02-2024 18:15:52
Last modified on : 05-02-2024 18:25:55

Description :
Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c.

CVE ID : CVE-2024-24263
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/LuMingYinDetect/lotos_detects/blob/main/lotos_detect_1.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24265

First published on : 05-02-2024 18:15:52
Last modified on : 05-02-2024 18:25:55

Description :
gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.

CVE ID : CVE-2024-24265
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24266

First published on : 05-02-2024 18:15:52
Last modified on : 05-02-2024 18:25:55

Description :
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.

CVE ID : CVE-2024-24266
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24267

First published on : 05-02-2024 18:15:52
Last modified on : 05-02-2024 18:25:55

Description :
gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.

CVE ID : CVE-2024-24267
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24396

First published on : 05-02-2024 19:15:08
Last modified on : 05-02-2024 19:15:08

Description :
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.

CVE ID : CVE-2024-24396
Source : cve@mitre.org
CVSS Score : /

References :
http://stimulsoft.com | source : cve@mitre.org
https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R | source : cve@mitre.org
https://cves.at/posts/cve-2024-24396/writeup/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-22567

First published on : 05-02-2024 20:15:55
Last modified on : 05-02-2024 20:15:55

Description :
File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.

CVE ID : CVE-2024-22567
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/h3ak/MCMS-CVE-Request/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51951

First published on : 05-02-2024 21:15:11
Last modified on : 05-02-2024 21:15:11

Description :
SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.

CVE ID : CVE-2023-51951
Source : cve@mitre.org
CVSS Score : /

References :
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2023-004 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24543

First published on : 05-02-2024 21:15:12
Last modified on : 05-02-2024 21:15:12

Description :
Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.

CVE ID : CVE-2024-24543
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0130/setSchedWifi.md | source : cve@mitre.org


Source : linecorp.com

Vulnerability ID : CVE-2024-1143

First published on : 02-02-2024 06:15:45
Last modified on : 02-02-2024 13:36:31

Description :
Central Dogma versions prior to 0.64.0 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.

CVE ID : CVE-2024-1143
Source : dl_cve@linecorp.com
CVSS Score : /

References :
https://github.com/line/centraldogma/commit/8edcf913b88101aff70008156b0881850e005783 | source : dl_cve@linecorp.com


Source : jpcert.or.jp

Vulnerability ID : CVE-2024-21780

First published on : 02-02-2024 07:15:10
Last modified on : 02-02-2024 13:36:31

Description :
Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.

CVE ID : CVE-2024-21780
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU93740658/ | source : vultures@jpcert.or.jp
https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-23978

First published on : 02-02-2024 07:15:12
Last modified on : 02-02-2024 13:36:31

Description :
Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.

CVE ID : CVE-2024-23978
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU93740658/ | source : vultures@jpcert.or.jp
https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-25001

First published on : 02-02-2024 09:15:37
Last modified on : 02-02-2024 09:15:37

Description :
Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID. ConsultIDs: none. Reason: This CVE ID is unused by its CNA. Notes: none.

CVE ID : CVE-2024-25001
Source : vultures@jpcert.or.jp
CVSS Score : /

References :


Source : 2499f714-1537-4658-8207-48ae4bb9eae9

Vulnerability ID : CVE-2024-0853

First published on : 03-02-2024 14:15:50
Last modified on : 05-02-2024 02:09:37

Description :
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.

CVE ID : CVE-2024-0853
Source : 2499f714-1537-4658-8207-48ae4bb9eae9
CVSS Score : /

References :
https://curl.se/docs/CVE-2024-0853.html | source : 2499f714-1537-4658-8207-48ae4bb9eae9
https://curl.se/docs/CVE-2024-0853.json | source : 2499f714-1537-4658-8207-48ae4bb9eae9
https://hackerone.com/reports/2298922 | source : 2499f714-1537-4658-8207-48ae4bb9eae9


Source : gallagher.com

Vulnerability ID : CVE-2023-47170

First published on : 05-02-2024 05:15:07
Last modified on : 05-02-2024 05:15:07

Description :
Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2023.

CVE ID : CVE-2023-47170
Source : disclosures@gallagher.com
CVSS Score : /

References :


Source : mediatek.com

Vulnerability ID : CVE-2024-20001

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.

CVE ID : CVE-2024-20001
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20002

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715.

CVE ID : CVE-2024-20002
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20003

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).

CVE ID : CVE-2024-20003
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20004

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985).

CVE ID : CVE-2024-20004
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20006

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.

CVE ID : CVE-2024-20006
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20007

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.

CVE ID : CVE-2024-20007
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20009

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150.

CVE ID : CVE-2024-20009
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20010

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.

CVE ID : CVE-2024-20010
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20011

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.

CVE ID : CVE-2024-20011
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20012

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.

CVE ID : CVE-2024-20012
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20013

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.

CVE ID : CVE-2024-20013
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20015

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419.

CVE ID : CVE-2024-20015
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Vulnerability ID : CVE-2024-20016

First published on : 05-02-2024 06:15:47
Last modified on : 05-02-2024 13:54:33

Description :
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901.

CVE ID : CVE-2024-20016
Source : security@mediatek.com
CVSS Score : /

References :
https://corp.mediatek.com/product-security-bulletin/February-2024 | source : security@mediatek.com


Source : cyber.jp.nec.com

Vulnerability ID : CVE-2023-7077

First published on : 05-02-2024 07:15:09
Last modified on : 05-02-2024 13:54:33

Description :
Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.

CVE ID : CVE-2023-7077
Source : psirt-info@cyber.jp.nec.com
CVSS Score : /

References :
https://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html | source : psirt-info@cyber.jp.nec.com

Vulnerability : CWE-22


Source : wpscan.com

Vulnerability ID : CVE-2021-4436

First published on : 05-02-2024 09:15:43
Last modified on : 05-02-2024 13:54:19

Description :
The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.

CVE ID : CVE-2021-4436
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c46ecd0d-a132-4ad6-b936-8acde3a09282/ | source : contact@wpscan.com


Source : arm.com

Vulnerability ID : CVE-2023-5249

First published on : 05-02-2024 10:15:08
Last modified on : 05-02-2024 13:54:19

Description :
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the systemโ€™s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Bifrost GPU Kernel Driver: from r35p0 through r40p0; Valhall GPU Kernel Driver: from r35p0 through r40p0.

CVE ID : CVE-2023-5249
Source : arm-security@arm.com
CVSS Score : /

References :
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities | source : arm-security@arm.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2023-5643

First published on : 05-02-2024 10:15:08
Last modified on : 05-02-2024 13:54:19

Description :
Out-of-bounds Write vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. Depending on the configuration of the Mali GPU Kernel Driver, and if the systemโ€™s memory is carefully prepared by the user, then this in turn could write to memory outside of buffer bounds.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r45p0; Valhall GPU Kernel Driver: from r41p0 through r45p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r45p0.

CVE ID : CVE-2023-5643
Source : arm-security@arm.com
CVSS Score : /

References :
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities | source : arm-security@arm.com

Vulnerability : CWE-787


Source : mozilla.org

Vulnerability ID : CVE-2024-0953

First published on : 05-02-2024 17:15:09
Last modified on : 05-02-2024 18:25:55

Description :
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.

CVE ID : CVE-2024-0953
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1837916 | source : security@mozilla.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.