Latest vulnerabilities [Monday, January 15, 2024 + weekend]

Latest vulnerabilities [Monday, January 15, 2024 + weekend]
{{titre}}

Last update performed on 01/15/2024 at 11:57:06 PM

(11) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : gitlab.com

Vulnerability ID : CVE-2023-7028

First published on : 12-01-2024 14:15:49
Last modified on : 12-01-2024 15:54:26

Description :
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.

CVE ID : CVE-2023-7028
Source : cve@gitlab.com
CVSS Score : 10.0

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/436084 | source : cve@gitlab.com
https://hackerone.com/reports/2293343 | source : cve@gitlab.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-5356

First published on : 12-01-2024 14:15:48
Last modified on : 12-01-2024 15:54:26

Description :
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.

CVE ID : CVE-2023-5356
Source : cve@gitlab.com
CVSS Score : 9.6

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/427154 | source : cve@gitlab.com
https://hackerone.com/reports/2188868 | source : cve@gitlab.com

Vulnerability : CWE-863


Source : juniper.net

Vulnerability ID : CVE-2024-21591

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.

CVE ID : CVE-2024-21591
Source : sirt@juniper.net
CVSS Score : 9.8

References :
https://supportportal.juniper.net/JSA75729 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-787


Source : bitdefender.com

Vulnerability ID : CVE-2023-49569

First published on : 12-01-2024 11:15:13
Last modified on : 12-01-2024 13:47:31

Description :
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli.

CVE ID : CVE-2023-49569
Source : cve-requests@bitdefender.com
CVSS Score : 9.8

References :
https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88 | source : cve-requests@bitdefender.com

Vulnerability : CWE-22


Source : cert.org.tw

Vulnerability ID : CVE-2024-0552

First published on : 15-01-2024 04:15:08
Last modified on : 15-01-2024 04:15:08

Description :
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server.

CVE ID : CVE-2024-0552
Source : twcert@cert.org.tw
CVSS Score : 9.8

References :
https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-74


Source : github.com

Vulnerability ID : CVE-2023-51698

First published on : 12-01-2024 21:15:10
Last modified on : 14-01-2024 21:42:17

Description :
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.

CVE ID : CVE-2023-51698
Source : security-advisories@github.com
CVSS Score : 9.6

References :
https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed | source : security-advisories@github.com
https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2 | source : security-advisories@github.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-22206

First published on : 12-01-2024 20:15:47
Last modified on : 14-01-2024 21:42:17

Description :
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.

CVE ID : CVE-2024-22206
Source : security-advisories@github.com
CVSS Score : 9.0

References :
https://clerk.com/changelog/2024-01-12 | source : security-advisories@github.com
https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3 | source : security-advisories@github.com
https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg | source : security-advisories@github.com

Vulnerability : CWE-284
Vulnerability : CWE-287
Vulnerability : CWE-639


Source : nvidia.com

Vulnerability ID : CVE-2023-31029

First published on : 12-01-2024 19:15:09
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31029
Source : psirt@nvidia.com
CVSS Score : 9.3

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-31030

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31030
Source : psirt@nvidia.com
CVSS Score : 9.3

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2023-31024

First published on : 12-01-2024 19:15:09
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31024
Source : psirt@nvidia.com
CVSS Score : 9.0

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-121


Source : hackerone.com

Vulnerability ID : CVE-2024-21887

First published on : 12-01-2024 17:15:10
Last modified on : 13-01-2024 02:00:00

Description :
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

CVE ID : CVE-2024-21887
Source : support@hackerone.com
CVSS Score : 9.1

References :
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US | source : support@hackerone.com

Vulnerability : CWE-77

Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*


(46) HIGH VULNERABILITIES [7.0, 8.9]

Source : krcert.or.kr

Vulnerability ID : CVE-2023-40250

First published on : 12-01-2024 02:15:44
Last modified on : 12-01-2024 13:47:31

Description :
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.

CVE ID : CVE-2023-40250
Source : vuln@krcert.or.kr
CVSS Score : 8.8

References :
https://www.hancom.com/cs_center/csDownload.do?gnb0=25gnb1=80 | source : vuln@krcert.or.kr

Vulnerability : CWE-120


Source : checkmk.com

Vulnerability ID : CVE-2023-31211

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 14:15:48

Description :
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials

CVE ID : CVE-2023-31211
Source : security@checkmk.com
CVSS Score : 8.8

References :
https://checkmk.com/werk/16227 | source : security@checkmk.com

Vulnerability : CWE-691


Vulnerability ID : CVE-2023-6735

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 14:15:49

Description :
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CVE ID : CVE-2023-6735
Source : security@checkmk.com
CVSS Score : 8.8

References :
https://checkmk.com/werk/16273 | source : security@checkmk.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-6740

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 14:15:49

Description :
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CVE ID : CVE-2023-6740
Source : security@checkmk.com
CVSS Score : 8.8

References :
https://checkmk.com/werk/16163 | source : security@checkmk.com

Vulnerability : CWE-427


Source : zoom.us

Vulnerability ID : CVE-2023-49647

First published on : 12-01-2024 22:15:45
Last modified on : 14-01-2024 21:42:17

Description :
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

CVE ID : CVE-2023-49647
Source : security@zoom.us
CVSS Score : 8.8

References :
https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/ | source : security@zoom.us

Vulnerability : CWE-284


Source : vuldb.com

Vulnerability ID : CVE-2024-0535

First published on : 15-01-2024 03:15:09
Last modified on : 15-01-2024 03:15:09

Description :
A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0535
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250705 | source : cna@vuldb.com
https://vuldb.com/?id.250705 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0536

First published on : 15-01-2024 04:15:07
Last modified on : 15-01-2024 04:15:07

Description :
A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0536
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250706 | source : cna@vuldb.com
https://vuldb.com/?id.250706 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0537

First published on : 15-01-2024 04:15:07
Last modified on : 15-01-2024 04:15:07

Description :
A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0537
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/jylsec/vuldb/blob/main/Tenda/W9/2/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250707 | source : cna@vuldb.com
https://vuldb.com/?id.250707 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0538

First published on : 15-01-2024 04:15:08
Last modified on : 15-01-2024 04:15:08

Description :
A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0538
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/jylsec/vuldb/blob/main/Tenda/W9/3/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250708 | source : cna@vuldb.com
https://vuldb.com/?id.250708 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0539

First published on : 15-01-2024 05:15:08
Last modified on : 15-01-2024 05:15:08

Description :
A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0539
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250709 | source : cna@vuldb.com
https://vuldb.com/?id.250709 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0541

First published on : 15-01-2024 05:15:08
Last modified on : 15-01-2024 05:15:08

Description :
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0541
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/jylsec/vuldb/blob/main/Tenda/W9/6/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250711 | source : cna@vuldb.com
https://vuldb.com/?id.250711 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0542

First published on : 15-01-2024 05:15:09
Last modified on : 15-01-2024 05:15:09

Description :
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0542
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/jylsec/vuldb/blob/main/Tenda/W9/7/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250712 | source : cna@vuldb.com
https://vuldb.com/?id.250712 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0474

First published on : 12-01-2024 23:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579.

CVE ID : CVE-2024-0474
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250579 | source : cna@vuldb.com
https://vuldb.com/?id.250579 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0479

First published on : 13-01-2024 07:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584.

CVE ID : CVE-2024-0479
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://note.zhaoj.in/share/Np0ZdyKEnVOV | source : cna@vuldb.com
https://vuldb.com/?ctiid.250584 | source : cna@vuldb.com
https://vuldb.com/?id.250584 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0480

First published on : 13-01-2024 08:15:07
Last modified on : 15-01-2024 15:15:08

Description :
A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability.

CVE ID : CVE-2024-0480
Source : cna@vuldb.com
CVSS Score : 7.3

References :
http://packetstormsecurity.com/files/176548/Taokeyun-SQL-Injection.html | source : cna@vuldb.com
https://note.zhaoj.in/share/0KtyJccrP3Ba | source : cna@vuldb.com
https://vuldb.com/?ctiid.250585 | source : cna@vuldb.com
https://vuldb.com/?id.250585 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0510

First published on : 13-01-2024 22:15:45
Last modified on : 15-01-2024 15:15:09

Description :
A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652.

CVE ID : CVE-2024-0510
Source : cna@vuldb.com
CVSS Score : 7.3

References :
http://packetstormsecurity.com/files/176547/HaoKeKeJi-YiQiNiu-Server-Side-Request-Forgery.html | source : cna@vuldb.com
https://note.zhaoj.in/share/gBtNhBb39u9u | source : cna@vuldb.com
https://vuldb.com/?ctiid.250652 | source : cna@vuldb.com
https://vuldb.com/?id.250652 | source : cna@vuldb.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2024-0531

First published on : 15-01-2024 02:15:15
Last modified on : 15-01-2024 02:15:15

Description :
A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0531
Source : cna@vuldb.com
CVSS Score : 7.2

References :
https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250701 | source : cna@vuldb.com
https://vuldb.com/?id.250701 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0532

First published on : 15-01-2024 02:15:15
Last modified on : 15-01-2024 02:15:15

Description :
A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0532
Source : cna@vuldb.com
CVSS Score : 7.2

References :
https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250702 | source : cna@vuldb.com
https://vuldb.com/?id.250702 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0533

First published on : 15-01-2024 03:15:08
Last modified on : 15-01-2024 03:15:08

Description :
A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0533
Source : cna@vuldb.com
CVSS Score : 7.2

References :
https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250703 | source : cna@vuldb.com
https://vuldb.com/?id.250703 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0534

First published on : 15-01-2024 03:15:08
Last modified on : 15-01-2024 03:15:08

Description :
A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0534
Source : cna@vuldb.com
CVSS Score : 7.2

References :
https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250704 | source : cna@vuldb.com
https://vuldb.com/?id.250704 | source : cna@vuldb.com

Vulnerability : CWE-121


Source : github.com

Vulnerability ID : CVE-2023-48297

First published on : 12-01-2024 21:15:09
Last modified on : 14-01-2024 21:42:17

Description :
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5.

CVE ID : CVE-2023-48297
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/discourse/discourse/security/advisories/GHSA-hf2v-r5xm-8p37 | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-50729

First published on : 15-01-2024 16:15:11
Last modified on : 15-01-2024 16:15:11

Description :
Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability.

CVE ID : CVE-2023-50729
Source : security-advisories@github.com
CVSS Score : 8.4

References :
https://github.com/traccar/traccar/security/advisories/GHSA-pqf7-8g85-vx2q | source : security-advisories@github.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2023-42463

First published on : 12-01-2024 21:15:09
Last modified on : 14-01-2024 21:42:17

Description :
Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.

CVE ID : CVE-2023-42463
Source : security-advisories@github.com
CVSS Score : 7.4

References :
https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r | source : security-advisories@github.com

Vulnerability : CWE-121


Source : hackerone.com

Vulnerability ID : CVE-2023-46805

First published on : 12-01-2024 17:15:09
Last modified on : 13-01-2024 02:00:00

Description :
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

CVE ID : CVE-2023-46805
Source : support@hackerone.com
CVSS Score : 8.2

References :
https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US | source : support@hackerone.com

Vulnerability : CWE-287

Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*
Vulnerable product(s) : cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*


Source : ubuntu.com

Vulnerability ID : CVE-2023-6040

First published on : 12-01-2024 02:15:44
Last modified on : 12-01-2024 13:47:31

Description :
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.

CVE ID : CVE-2023-6040
Source : security@ubuntu.com
CVSS Score : 7.8

References :
http://www.openwall.com/lists/oss-security/2024/01/12/1 | source : security@ubuntu.com
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2024/01/12/1 | source : security@ubuntu.com

Vulnerability : CWE-125


Source : cert.pl

Vulnerability ID : CVE-2023-42136

First published on : 15-01-2024 14:15:24
Last modified on : 15-01-2024 14:15:24

Description :
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability.

CVE ID : CVE-2023-42136
Source : cvd@cert.pl
CVSS Score : 7.8

References :
https://blog.stmcyber.com/pax-pos-cves-2023/ | source : cvd@cert.pl
https://cert.pl/en/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://ppn.paxengine.com/release/development | source : cvd@cert.pl

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-42137

First published on : 15-01-2024 14:15:24
Last modified on : 15-01-2024 14:15:24

Description :
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability.

CVE ID : CVE-2023-42137
Source : cvd@cert.pl
CVSS Score : 7.8

References :
https://blog.stmcyber.com/pax-pos-cves-2023/ | source : cvd@cert.pl
https://cert.pl/en/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://ppn.paxengine.com/release/development | source : cvd@cert.pl

Vulnerability : CWE-20


Source : redhat.com

Vulnerability ID : CVE-2024-0562

First published on : 15-01-2024 19:15:08
Last modified on : 15-01-2024 19:15:08

Description :
A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.

CVE ID : CVE-2024-0562
Source : secalert@redhat.com
CVSS Score : 7.8

References :
https://access.redhat.com/security/cve/CVE-2024-0562 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2258475 | source : secalert@redhat.com
https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/ | source : secalert@redhat.com

Vulnerability : CWE-416


Vulnerability ID : CVE-2024-0565

First published on : 15-01-2024 20:15:43
Last modified on : 15-01-2024 20:15:43

Description :
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

CVE ID : CVE-2024-0565
Source : secalert@redhat.com
CVSS Score : 7.1

References :
https://access.redhat.com/security/cve/CVE-2024-0565 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2258518 | source : secalert@redhat.com
https://www.spinics.net/lists/stable-commits/msg328851.html | source : secalert@redhat.com

Vulnerability : CWE-191


Source : gitlab.com

Vulnerability ID : CVE-2023-4812

First published on : 12-01-2024 14:15:48
Last modified on : 12-01-2024 15:54:26

Description :
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.

CVE ID : CVE-2023-4812
Source : cve@gitlab.com
CVSS Score : 7.6

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/424398 | source : cve@gitlab.com
https://hackerone.com/reports/2115574 | source : cve@gitlab.com

Vulnerability : CWE-284


Source : juniper.net

Vulnerability ID : CVE-2024-21595

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.

CVE ID : CVE-2024-21595
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://advisory.juniper.net/JSA75734 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-1286


Vulnerability ID : CVE-2024-21602

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS. This issue does not happen with IPv6 packets. This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L: * 21.4-EVO versions earlier than 21.4R3-S6-EVO; * 22.1-EVO versions earlier than 22.1R3-S5-EVO; * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.

CVE ID : CVE-2024-21602
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75743 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-476


Vulnerability ID : CVE-2024-21604

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring. The following log messages can be seen when this issue occurs: <host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet This issue affects Juniper Networks Junos OS Evolved: * All versions earlier than 20.4R3-S7-EVO; * 21.2R1-EVO and later versions; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S2-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO; * 22.4-EVO versions earlier than 22.4R2-EVO.

CVE ID : CVE-2024-21604
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75745 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-770


Vulnerability ID : CVE-2024-21606

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3.

CVE ID : CVE-2024-21606
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75747 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H | source : sirt@juniper.net

Vulnerability : CWE-415


Vulnerability ID : CVE-2024-21611

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1.

CVE ID : CVE-2024-21611
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75752 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-401


Vulnerability ID : CVE-2024-21612

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.

CVE ID : CVE-2024-21612
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75753 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-228


Vulnerability ID : CVE-2024-21614

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS * 22.2 versions earlier than 22.2R2-S2, 22.2R3; * 22.3 versions earlier than 22.3R2, 22.3R3. Juniper Networks Junos OS Evolved * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO. This issue does not affect Juniper Networks: Junos OS versions earlier than 22.2R1; Junos OS Evolved versions earlier than 22.2R1-EVO.

CVE ID : CVE-2024-21614
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75755 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-754


Vulnerability ID : CVE-2024-21616

First published on : 12-01-2024 01:15:50
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.

CVE ID : CVE-2024-21616
Source : sirt@juniper.net
CVSS Score : 7.5

References :
https://supportportal.juniper.net/JSA75757 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-1286


Vulnerability ID : CVE-2024-21589

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0.

CVE ID : CVE-2024-21589
Source : sirt@juniper.net
CVSS Score : 7.4

References :
https://supportportal.juniper.net/JSA75727 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-284


Source : vmware.com

Vulnerability ID : CVE-2023-34061

First published on : 12-01-2024 07:15:11
Last modified on : 12-01-2024 13:47:31

Description :
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

CVE ID : CVE-2023-34061
Source : security@vmware.com
CVSS Score : 7.5

References :
https://www.cloudfoundry.org/blog/cve-2023-34061-gorouter-route-pruning/ | source : security@vmware.com


Source : bitdefender.com

Vulnerability ID : CVE-2023-49568

First published on : 12-01-2024 11:15:12
Last modified on : 12-01-2024 13:47:31

Description :
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.

CVE ID : CVE-2023-49568
Source : cve-requests@bitdefender.com
CVSS Score : 7.5

References :
https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r | source : cve-requests@bitdefender.com

Vulnerability : CWE-20


Source : nvidia.com

Vulnerability ID : CVE-2023-31036

First published on : 12-01-2024 17:15:09
Last modified on : 12-01-2024 18:05:43

Description :
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVE ID : CVE-2023-31036
Source : psirt@nvidia.com
CVSS Score : 7.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5509 | source : psirt@nvidia.com

Vulnerability : CWE-23


Vulnerability ID : CVE-2023-31032

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.

CVE ID : CVE-2023-31032
Source : psirt@nvidia.com
CVSS Score : 7.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-627


Vulnerability ID : CVE-2023-31035

First published on : 12-01-2024 19:15:11
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

CVE ID : CVE-2023-31035
Source : psirt@nvidia.com
CVSS Score : 7.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-20


Source : cert.org.tw

Vulnerability ID : CVE-2023-48383

First published on : 15-01-2024 03:15:07
Last modified on : 15-01-2024 03:15:07

Description :
NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

CVE ID : CVE-2023-48383
Source : twcert@cert.org.tw
CVSS Score : 7.5

References :
https://www.twcert.org.tw/tw/cp-132-7631-c6be3-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-22


Source : patchstack.com

Vulnerability ID : CVE-2024-22142

First published on : 13-01-2024 00:15:44
Last modified on : 14-01-2024 21:42:17

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.

CVE ID : CVE-2024-22142
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


(103) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : nvidia.com

Vulnerability ID : CVE-2023-31033

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31033
Source : psirt@nvidia.com
CVSS Score : 6.8

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-31034

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31034
Source : psirt@nvidia.com
CVSS Score : 6.6

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-190


Vulnerability ID : CVE-2023-31025

First published on : 12-01-2024 19:15:09
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.

CVE ID : CVE-2023-31025
Source : psirt@nvidia.com
CVSS Score : 6.5

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-90


Vulnerability ID : CVE-2023-31031

First published on : 12-01-2024 19:15:10
Last modified on : 12-01-2024 19:21:49

Description :
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.

CVE ID : CVE-2023-31031
Source : psirt@nvidia.com
CVSS Score : 4.2

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5510 | source : psirt@nvidia.com

Vulnerability : CWE-122


Source : cert.pl

Vulnerability ID : CVE-2023-42134

First published on : 15-01-2024 14:15:24
Last modified on : 15-01-2024 14:15:24

Description :
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability.

CVE ID : CVE-2023-42134
Source : cvd@cert.pl
CVSS Score : 6.8

References :
https://blog.stmcyber.com/pax-pos-cves-2023/ | source : cvd@cert.pl
https://cert.pl/en/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://ppn.paxengine.com/release/development | source : cvd@cert.pl

Vulnerability : CWE-912


Vulnerability ID : CVE-2023-42135

First published on : 15-01-2024 14:15:24
Last modified on : 15-01-2024 14:15:24

Description :
PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this vulnerability.

CVE ID : CVE-2023-42135
Source : cvd@cert.pl
CVSS Score : 6.8

References :
https://blog.stmcyber.com/pax-pos-cves-2023/ | source : cvd@cert.pl
https://cert.pl/en/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://ppn.paxengine.com/release/development | source : cvd@cert.pl

Vulnerability : CWE-20


Source : incibe.es

Vulnerability ID : CVE-2024-0316

First published on : 15-01-2024 16:15:13
Last modified on : 15-01-2024 16:15:13

Description :
Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.

CVE ID : CVE-2024-0316
Source : cve-coordination@incibe.es
CVSS Score : 6.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | source : cve-coordination@incibe.es

Vulnerability : CWE-460


Vulnerability ID : CVE-2024-0315

First published on : 15-01-2024 16:15:13
Last modified on : 15-01-2024 16:15:13

Description :
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.

CVE ID : CVE-2024-0315
Source : cve-coordination@incibe.es
CVSS Score : 6.6

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | source : cve-coordination@incibe.es

Vulnerability : CWE-98


Vulnerability ID : CVE-2024-0314

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.

CVE ID : CVE-2024-0314
Source : cve-coordination@incibe.es
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0317

First published on : 15-01-2024 17:15:08
Last modified on : 15-01-2024 17:15:08

Description :
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.

CVE ID : CVE-2024-0317
Source : cve-coordination@incibe.es
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0318

First published on : 15-01-2024 17:15:09
Last modified on : 15-01-2024 17:15:09

Description :
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded.

CVE ID : CVE-2024-0318
Source : cve-coordination@incibe.es
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0319

First published on : 15-01-2024 17:15:09
Last modified on : 15-01-2024 17:15:09

Description :
Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.

CVE ID : CVE-2024-0319
Source : cve-coordination@incibe.es
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | source : cve-coordination@incibe.es

Vulnerability : CWE-601


Vulnerability ID : CVE-2024-0320

First published on : 15-01-2024 17:15:09
Last modified on : 15-01-2024 17:15:09

Description :
Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.

CVE ID : CVE-2024-0320
Source : cve-coordination@incibe.es
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Source : gitlab.com

Vulnerability ID : CVE-2023-6955

First published on : 12-01-2024 14:15:49
Last modified on : 12-01-2024 15:54:26

Description :
An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

CVE ID : CVE-2023-6955
Source : cve@gitlab.com
CVSS Score : 6.6

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/432188 | source : cve@gitlab.com

Vulnerability : CWE-284


Source : juniper.net

Vulnerability ID : CVE-2023-36842

First published on : 12-01-2024 01:15:45
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R2.

CVE ID : CVE-2023-36842
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75730 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-703


Vulnerability ID : CVE-2024-21587

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation. user@junos> show system processes extensive | match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive | match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.

CVE ID : CVE-2024-21587
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75725 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-755


Vulnerability ID : CVE-2024-21599

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2.

CVE ID : CVE-2024-21599
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75740 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-401


Vulnerability ID : CVE-2024-21600

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover. Please note that this issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x. Other PTX Series devices and Line Cards (LC) are not affected. The following log message can be seen when the issue occurs: Cmerror Op Set: Host Loopback: HOST LOOPBACK WEDGE DETECTED IN PATH ID <id> (URI: /fpc/<fpc>/pfe/<pfe>/cm/<cm>/Host_Loopback/<cm>/HOST_LOOPBACK_MAKE_CMERROR_ID[<id>]) This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S8; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R2-S2, 22.1R3; * 22.2 versions earlier than 22.2R2-S1, 22.2R3.

CVE ID : CVE-2024-21600
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75741 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-76


Vulnerability ID : CVE-2024-21603

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU statistics are gathered by executing specific SNMP requests or CLI commands, a 'vmcore' for the RE kernel will be seen which leads to a device restart. Continued exploitation of this issue will lead to a sustained DoS. This issue only affects MX Series devices with MPC10, MPC11 or LC9600, and MX304. No other MX Series devices are affected. This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R2; * 22.3 versions earlier than 22.3R2.

CVE ID : CVE-2024-21603
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75744 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-754


Vulnerability ID : CVE-2024-21613

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can be monitored using the below command. user@host> show task memory detail | match patroot This issue affects: Juniper Networks Junos OS * All versions earlier than 21.2R3-S3; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-EVO; * 22.1 versions earlier than 22.1R3-EVO; * 22.2 versions earlier than 22.2R3-EVO.

CVE ID : CVE-2024-21613
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75754 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-401


Vulnerability ID : CVE-2024-21617

First published on : 12-01-2024 01:15:50
Last modified on : 12-01-2024 13:47:31

Description :
An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services. The memory usage can be monitored using the below commands. user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects: Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2. This issue does not affect Junos OS versions earlier than 20.4R3-S7.

CVE ID : CVE-2024-21617
Source : sirt@juniper.net
CVSS Score : 6.5

References :
https://supportportal.juniper.net/JSA75758 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-459


Vulnerability ID : CVE-2024-21585

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition. This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable. When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.

CVE ID : CVE-2024-21585
Source : sirt@juniper.net
CVSS Score : 5.9

References :
https://supportportal.juniper.net/JSA75723 | source : sirt@juniper.net
https://supportportal.juniper.net/s/article/MX-GR-and-LLGR-capability-and-compatibility-changes-after-15-1-release | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-755


Vulnerability ID : CVE-2024-21601

First published on : 12-01-2024 01:15:48
Last modified on : 12-01-2024 13:47:31

Description :
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.

CVE ID : CVE-2024-21601
Source : sirt@juniper.net
CVSS Score : 5.9

References :
https://supportportal.juniper.net/JSA75742 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | source : sirt@juniper.net

Vulnerability : CWE-362


Vulnerability ID : CVE-2024-21594

First published on : 12-01-2024 01:15:46
Last modified on : 12-01-2024 13:47:31

Description :
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

CVE ID : CVE-2024-21594
Source : sirt@juniper.net
CVSS Score : 5.5

References :
https://supportportal.juniper.net/JSA75733 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-122


Vulnerability ID : CVE-2024-21596

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR enabled. This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.

CVE ID : CVE-2024-21596
Source : sirt@juniper.net
CVSS Score : 5.3

References :
https://supportportal.juniper.net/JSA75735 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-122


Vulnerability ID : CVE-2024-21597

First published on : 12-01-2024 01:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

CVE ID : CVE-2024-21597
Source : sirt@juniper.net
CVSS Score : 5.3

References :
https://supportportal.juniper.net/JSA75738 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-668


Vulnerability ID : CVE-2024-21607

First published on : 12-01-2024 01:15:49
Last modified on : 12-01-2024 13:47:31

Description :
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.

CVE ID : CVE-2024-21607
Source : sirt@juniper.net
CVSS Score : 5.3

References :
https://supportportal.juniper.net/JSA75748 | source : sirt@juniper.net
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | source : sirt@juniper.net

Vulnerability : CWE-447


Source : redhat.com

Vulnerability ID : CVE-2023-6683

First published on : 12-01-2024 19:15:11
Last modified on : 12-01-2024 19:21:49

Description :
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

CVE ID : CVE-2023-6683
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-6683 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254825 | source : secalert@redhat.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-6915

First published on : 15-01-2024 10:15:26
Last modified on : 15-01-2024 10:15:26

Description :
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.

CVE ID : CVE-2023-6915
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/security/cve/CVE-2023-6915 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254982 | source : secalert@redhat.com
https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a | source : secalert@redhat.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-4001

First published on : 15-01-2024 11:15:08
Last modified on : 15-01-2024 12:15:43

Description :
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.

CVE ID : CVE-2023-4001
Source : secalert@redhat.com
CVSS Score : 5.6

References :
https://access.redhat.com/security/cve/CVE-2023-4001 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2224951 | source : secalert@redhat.com
https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/ | source : secalert@redhat.com

Vulnerability : CWE-290


Vulnerability ID : CVE-2024-0443

First published on : 12-01-2024 00:15:45
Last modified on : 14-01-2024 15:15:46

Description :
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

CVE ID : CVE-2024-0443
Source : secalert@redhat.com
CVSS Score : 5.5

References :
https://access.redhat.com/errata/RHSA-2023:7077 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-0443 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2257968 | source : secalert@redhat.com
https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/ | source : secalert@redhat.com

Vulnerability : CWE-402


Source : patchstack.com

Vulnerability ID : CVE-2024-22137

First published on : 13-01-2024 00:15:44
Last modified on : 14-01-2024 21:42:17

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11.

CVE ID : CVE-2024-22137
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/constant-contact-forms-by-mailmunch/wordpress-constant-contact-forms-by-mailmunch-plugin-2-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : github.com

Vulnerability ID : CVE-2024-22209

First published on : 13-01-2024 08:15:07
Last modified on : 14-01-2024 21:42:17

Description :
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.

CVE ID : CVE-2024-22209
Source : security-advisories@github.com
CVSS Score : 6.4

References :
https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052ee1ac8/lms/djangoapps/courseware/block_render.py#L752-L775 | source : security-advisories@github.com
https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0c2b3735e | source : security-advisories@github.com
https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fm | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-21640

First published on : 13-01-2024 08:15:07
Last modified on : 14-01-2024 21:42:17

Description :
Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.

CVE ID : CVE-2024-21640
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b | source : security-advisories@github.com
https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-21639

First published on : 12-01-2024 22:15:45
Last modified on : 14-01-2024 21:42:17

Description :
CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.

CVE ID : CVE-2024-21639
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b | source : security-advisories@github.com
https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg | source : security-advisories@github.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2024-22207

First published on : 15-01-2024 16:15:13
Last modified on : 15-01-2024 16:15:13

Description :
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.

CVE ID : CVE-2024-22207
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7 | source : security-advisories@github.com
https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4 | source : security-advisories@github.com

Vulnerability : CWE-1188


Vulnerability ID : CVE-2024-21654

First published on : 12-01-2024 21:15:11
Last modified on : 14-01-2024 21:42:17

Description :
Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.

CVE ID : CVE-2024-21654
Source : security-advisories@github.com
CVSS Score : 4.8

References :
https://github.com/rubygems/rubygems.org/commit/0b3272ac17b45748ee0d1867c49867c7deb26565 | source : security-advisories@github.com
https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4v23-vj8h-7jp2 | source : security-advisories@github.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2024-21655

First published on : 12-01-2024 21:15:11
Last modified on : 14-01-2024 21:42:17

Description :
Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.

CVE ID : CVE-2024-21655
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2023-49801

First published on : 12-01-2024 21:15:09
Last modified on : 14-01-2024 21:42:17

Description :
Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.

CVE ID : CVE-2023-49801
Source : security-advisories@github.com
CVSS Score : 4.2

References :
https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb | source : security-advisories@github.com
https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-3v77-pvqq-qg3f | source : security-advisories@github.com

Vulnerability : CWE-22
Vulnerability : CWE-23


Source : vuldb.com

Vulnerability ID : CVE-2024-0460

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability.

CVE ID : CVE-2024-0460
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/2Faculty%20Management%20System-SQL.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250565 | source : cna@vuldb.com
https://vuldb.com/?id.250565 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0461

First published on : 12-01-2024 17:15:09
Last modified on : 12-01-2024 18:05:43

Description :
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0461
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250566 | source : cna@vuldb.com
https://vuldb.com/?id.250566 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0462

First published on : 12-01-2024 18:15:46
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567.

CVE ID : CVE-2024-0462
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250567 | source : cna@vuldb.com
https://vuldb.com/?id.250567 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0463

First published on : 12-01-2024 18:15:46
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568.

CVE ID : CVE-2024-0463
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250568 | source : cna@vuldb.com
https://vuldb.com/?id.250568 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0464

First published on : 12-01-2024 19:15:11
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability.

CVE ID : CVE-2024-0464
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250569 | source : cna@vuldb.com
https://vuldb.com/?id.250569 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0468

First published on : 12-01-2024 21:15:10
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability.

CVE ID : CVE-2024-0468
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/BxYQ/vul/blob/main/FIGHTING_COCK_INFORMATION_SYSTEM_File9docx.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250573 | source : cna@vuldb.com
https://vuldb.com/?id.250573 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0469

First published on : 12-01-2024 21:15:10
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0469
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20update_personal_info.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250574 | source : cna@vuldb.com
https://vuldb.com/?id.250574 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0470

First published on : 12-01-2024 21:15:10
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575.

CVE ID : CVE-2024-0470
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20inc_service_credits.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250575 | source : cna@vuldb.com
https://vuldb.com/?id.250575 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0471

First published on : 12-01-2024 21:15:11
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576.

CVE ID : CVE-2024-0471
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20dec_service_credits.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250576 | source : cna@vuldb.com
https://vuldb.com/?id.250576 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0473

First published on : 12-01-2024 22:15:45
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0473
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250578 | source : cna@vuldb.com
https://vuldb.com/?id.250578 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0475

First published on : 13-01-2024 00:15:43
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580.

CVE ID : CVE-2024-0475
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250580 | source : cna@vuldb.com
https://vuldb.com/?id.250580 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0477

First published on : 13-01-2024 06:15:49
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250582 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0477
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL5.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250582 | source : cna@vuldb.com
https://vuldb.com/?id.250582 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0478

First published on : 13-01-2024 07:15:07
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/edit_chicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250583.

CVE ID : CVE-2024-0478
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL8.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250583 | source : cna@vuldb.com
https://vuldb.com/?id.250583 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0481

First published on : 13-01-2024 09:15:07
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in Taokeyun up to 1.0.5. It has been rated as critical. Affected by this issue is the function shopGoods of the file application/index/controller/app/store/Goods.php of the component HTTP POST Request Handler. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250586 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0481
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/TKWDqowIoLqs | source : cna@vuldb.com
https://vuldb.com/?ctiid.250586 | source : cna@vuldb.com
https://vuldb.com/?id.250586 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0482

First published on : 13-01-2024 10:15:07
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. This affects the function index of the file application/index/controller/app/Video.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250587.

CVE ID : CVE-2024-0482
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/MuWxURhTIYTP | source : cna@vuldb.com
https://vuldb.com/?ctiid.250587 | source : cna@vuldb.com
https://vuldb.com/?id.250587 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0483

First published on : 13-01-2024 10:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability classified as critical was found in Taokeyun up to 1.0.5. This vulnerability affects the function index of the file application/index/controller/app/Task.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250588.

CVE ID : CVE-2024-0483
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/dm5VSyxmQIdl | source : cna@vuldb.com
https://vuldb.com/?ctiid.250588 | source : cna@vuldb.com
https://vuldb.com/?id.250588 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0484

First published on : 13-01-2024 11:15:12
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250589 was assigned to this vulnerability.

CVE ID : CVE-2024-0484
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL6.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250589 | source : cna@vuldb.com
https://vuldb.com/?id.250589 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0485

First published on : 13-01-2024 11:15:12
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0485
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL7.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250590 | source : cna@vuldb.com
https://vuldb.com/?id.250590 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0486

First published on : 13-01-2024 12:15:41
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/add_con.php. The manipulation of the argument chicken leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250591.

CVE ID : CVE-2024-0486
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL1.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250591 | source : cna@vuldb.com
https://vuldb.com/?id.250591 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0487

First published on : 13-01-2024 13:15:07
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250592.

CVE ID : CVE-2024-0487
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL2.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250592 | source : cna@vuldb.com
https://vuldb.com/?id.250592 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0488

First published on : 13-01-2024 13:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument type_feed leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250593 was assigned to this vulnerability.

CVE ID : CVE-2024-0488
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL4.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250593 | source : cna@vuldb.com
https://vuldb.com/?id.250593 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0489

First published on : 13-01-2024 14:15:45
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0489
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL3.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250594 | source : cna@vuldb.com
https://vuldb.com/?id.250594 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0492

First published on : 13-01-2024 15:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250597 was assigned to this vulnerability.

CVE ID : CVE-2024-0492
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20sql.docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250597 | source : cna@vuldb.com
https://vuldb.com/?id.250597 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0493

First published on : 13-01-2024 16:15:44
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of the argument customer_details leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250598 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0493
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(5).docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250598 | source : cna@vuldb.com
https://vuldb.com/?id.250598 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0494

First published on : 13-01-2024 16:15:44
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file material_bill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250599.

CVE ID : CVE-2024-0494
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(3).docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250599 | source : cna@vuldb.com
https://vuldb.com/?id.250599 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0495

First published on : 13-01-2024 17:15:07
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250600.

CVE ID : CVE-2024-0495
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(2).docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250600 | source : cna@vuldb.com
https://vuldb.com/?id.250600 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0496

First published on : 13-01-2024 17:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250601 was assigned to this vulnerability.

CVE ID : CVE-2024-0496
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(1).docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250601 | source : cna@vuldb.com
https://vuldb.com/?id.250601 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0497

First published on : 13-01-2024 18:15:43
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250602 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0497
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/heishou/blob/main/SQL%20injection%20exists%20in%20student%20information%20system%20.docx | source : cna@vuldb.com
https://vuldb.com/?ctiid.250602 | source : cna@vuldb.com
https://vuldb.com/?id.250602 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0498

First published on : 13-01-2024 18:15:44
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250603.

CVE ID : CVE-2024-0498
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc | source : cna@vuldb.com
https://vuldb.com/?ctiid.250603 | source : cna@vuldb.com
https://vuldb.com/?id.250603 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0523

First published on : 14-01-2024 23:15:28
Last modified on : 14-01-2024 23:15:28

Description :
A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0523
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250693 | source : cna@vuldb.com
https://vuldb.com/?id.250693 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0527

First published on : 15-01-2024 01:15:42
Last modified on : 15-01-2024 01:15:42

Description :
A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0527
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/6bz65C2dfgUk | source : cna@vuldb.com
https://vuldb.com/?ctiid.250697 | source : cna@vuldb.com
https://vuldb.com/?id.250697 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0540

First published on : 15-01-2024 05:15:08
Last modified on : 15-01-2024 05:15:08

Description :
A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0540
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/jylsec/vuldb/blob/main/Tenda/W9/5/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250710 | source : cna@vuldb.com
https://vuldb.com/?id.250710 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-0543

First published on : 15-01-2024 06:15:07
Last modified on : 15-01-2024 06:15:07

Description :
A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability.

CVE ID : CVE-2024-0543
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250713 | source : cna@vuldb.com
https://vuldb.com/?id.250713 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2022-4961

First published on : 12-01-2024 05:15:09
Last modified on : 12-01-2024 13:47:31

Description :
A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243.

CVE ID : CVE-2022-4961
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://gitee.com/fuyang_lipengjun/platform/issues/I5XC79 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250243 | source : cna@vuldb.com
https://vuldb.com/?id.250243 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0466

First published on : 12-01-2024 19:15:12
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571.

CVE ID : CVE-2024-0466
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250571 | source : cna@vuldb.com
https://vuldb.com/?id.250571 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0505

First published on : 13-01-2024 22:15:44
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619.

CVE ID : CVE-2024-0505
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250619 | source : cna@vuldb.com
https://vuldb.com/?id.250619 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0524

First published on : 15-01-2024 00:15:37
Last modified on : 15-01-2024 00:15:37

Description :
A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0524
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://note.zhaoj.in/share/GdpwiaItePFq | source : cna@vuldb.com
https://vuldb.com/?ctiid.250694 | source : cna@vuldb.com
https://vuldb.com/?id.250694 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0525

First published on : 15-01-2024 00:15:37
Last modified on : 15-01-2024 00:15:37

Description :
A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/long_s_short.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0525
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://note.zhaoj.in/share/9tjcunCPidgI | source : cna@vuldb.com
https://vuldb.com/?ctiid.250695 | source : cna@vuldb.com
https://vuldb.com/?id.250695 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0526

First published on : 15-01-2024 00:15:37
Last modified on : 15-01-2024 00:15:37

Description :
A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/short_to_long.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0526
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://note.zhaoj.in/share/Zezf8fmoq7lk | source : cna@vuldb.com
https://vuldb.com/?ctiid.250696 | source : cna@vuldb.com
https://vuldb.com/?id.250696 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0528

First published on : 15-01-2024 01:15:42
Last modified on : 15-01-2024 01:15:42

Description :
A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250698 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0528
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://note.zhaoj.in/share/grOgvdMgn0wg | source : cna@vuldb.com
https://vuldb.com/?ctiid.250698 | source : cna@vuldb.com
https://vuldb.com/?id.250698 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0529

First published on : 15-01-2024 02:15:14
Last modified on : 15-01-2024 02:15:14

Description :
A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250699. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0529
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://note.zhaoj.in/share/neURUa2NSxzd | source : cna@vuldb.com
https://vuldb.com/?ctiid.250699 | source : cna@vuldb.com
https://vuldb.com/?id.250699 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0530

First published on : 15-01-2024 02:15:15
Last modified on : 15-01-2024 02:15:15

Description :
A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250700. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0530
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://note.zhaoj.in/share/HUxa372VNwad | source : cna@vuldb.com
https://vuldb.com/?ctiid.250700 | source : cna@vuldb.com
https://vuldb.com/?id.250700 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0490

First published on : 13-01-2024 14:15:46
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595.

CVE ID : CVE-2024-0490
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250595 | source : cna@vuldb.com
https://vuldb.com/?id.250595 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-0491

First published on : 13-01-2024 15:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596.

CVE ID : CVE-2024-0491
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250596 | source : cna@vuldb.com
https://vuldb.com/?id.250596 | source : cna@vuldb.com

Vulnerability : CWE-640


Vulnerability ID : CVE-2024-0545

First published on : 15-01-2024 06:15:08
Last modified on : 15-01-2024 06:15:08

Description :
A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0545
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.250714 | source : cna@vuldb.com
https://vuldb.com/?id.250714 | source : cna@vuldb.com

Vulnerability : CWE-601


Vulnerability ID : CVE-2024-0546

First published on : 15-01-2024 06:15:08
Last modified on : 15-01-2024 06:15:08

Description :
A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715.

CVE ID : CVE-2024-0546
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.250715 | source : cna@vuldb.com
https://vuldb.com/?id.250715 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0547

First published on : 15-01-2024 07:15:08
Last modified on : 15-01-2024 07:15:08

Description :
A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250717 was assigned to this vulnerability.

CVE ID : CVE-2024-0547
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.250717 | source : cna@vuldb.com
https://vuldb.com/?id.250717 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0548

First published on : 15-01-2024 07:15:09
Last modified on : 15-01-2024 07:15:09

Description :
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250718 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0548
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.250718 | source : cna@vuldb.com
https://vuldb.com/?id.250718 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0459

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564.

CVE ID : CVE-2024-0459
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250564 | source : cna@vuldb.com
https://vuldb.com/?id.250564 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0502

First published on : 13-01-2024 20:15:45
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0502
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://drive.google.com/file/d/1DGb371-evTgstf42t3u2dOM4KBEt5mPw/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250610 | source : cna@vuldb.com
https://vuldb.com/?id.250610 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0558

First published on : 15-01-2024 17:15:10
Last modified on : 15-01-2024 17:15:10

Description :
A vulnerability has been found in DedeBIZ 6.3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/makehtml_freelist_action.php. The manipulation of the argument startid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250726 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0558
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20sqli%201/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250726 | source : cna@vuldb.com
https://vuldb.com/?id.250726 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2010-10011

First published on : 12-01-2024 20:15:46
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability.

CVE ID : CVE-2010-10011
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.250446 | source : cna@vuldb.com
https://vuldb.com/?id.250446 | source : cna@vuldb.com
https://www.exploit-db.com/exploits/15445 | source : cna@vuldb.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2022-4962

First published on : 12-01-2024 22:15:44
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive.

CVE ID : CVE-2022-4962
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/apolloconfig/apollo/issues/4684 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250430 | source : cna@vuldb.com
https://vuldb.com/?id.250430 | source : cna@vuldb.com

Vulnerability : CWE-285


Vulnerability ID : CVE-2024-0522

First published on : 14-01-2024 23:15:27
Last modified on : 14-01-2024 23:15:27

Description :
A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure.

CVE ID : CVE-2024-0522
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://vuldb.com/?ctiid.250692 | source : cna@vuldb.com
https://vuldb.com/?id.250692 | source : cna@vuldb.com

Vulnerability : CWE-352


Source : wordfence.com

Vulnerability ID : CVE-2024-0251

First published on : 13-01-2024 08:15:06
Last modified on : 14-01-2024 21:42:17

Description :
The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed.

CVE ID : CVE-2024-0251
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L287 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.97/includes/class-aws-integrations.php#L2104 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve | source : security@wordfence.com


Source : 36106deb-8e95-420b-a0a0-e70af5d245df

Vulnerability ID : CVE-2024-0454

First published on : 12-01-2024 02:15:44
Last modified on : 12-01-2024 13:47:31

Description :
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

CVE ID : CVE-2024-0454
Source : 36106deb-8e95-420b-a0a0-e70af5d245df
CVSS Score : 6.0

References :
https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy | source : 36106deb-8e95-420b-a0a0-e70af5d245df

Vulnerability : CWE-290


Source : adobe.com

Vulnerability ID : CVE-2024-20709

First published on : 15-01-2024 13:15:07
Last modified on : 15-01-2024 13:15:07

Description :
Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2024-20709
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20709 | source : psirt@adobe.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2024-20721

First published on : 15-01-2024 13:15:08
Last modified on : 15-01-2024 13:15:08

Description :
Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2024-20721
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721 | source : psirt@adobe.com

Vulnerability : CWE-20


Source : mongodb.com

Vulnerability ID : CVE-2023-0437

First published on : 12-01-2024 14:15:47
Last modified on : 12-01-2024 15:54:26

Description :
When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.

CVE ID : CVE-2023-0437
Source : cna@mongodb.com
CVSS Score : 5.3

References :
https://jira.mongodb.org/browse/CDRIVER-4747 | source : cna@mongodb.com

Vulnerability : CWE-835


Source : asrg.io

Vulnerability ID : CVE-2023-28898

First published on : 12-01-2024 16:15:51
Last modified on : 12-01-2024 17:06:09

Description :
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met. Vulnerability discovered on ล koda Superb III (3V3) - 2.0 TDI manufactured in 2022.

CVE ID : CVE-2023-28898
Source : cve@asrg.io
CVSS Score : 5.3

References :
https://nonexistent.com | source : cve@asrg.io

Vulnerability : CWE-233


Vulnerability ID : CVE-2023-28899

First published on : 12-01-2024 17:15:09
Last modified on : 12-01-2024 18:05:43

Description :
By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected.

CVE ID : CVE-2023-28899
Source : cve@asrg.io
CVSS Score : 4.7

References :
https://asrg.io/security-advisories/cve-2023-28899 | source : cve@asrg.io


Vulnerability ID : CVE-2023-28897

First published on : 12-01-2024 16:15:51
Last modified on : 12-01-2024 17:06:09

Description :
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on ล koda Superb III (3V3) - 2.0 TDI manufactured in 2022.

CVE ID : CVE-2023-28897
Source : cve@asrg.io
CVSS Score : 4.0

References :
https://asrg.io/security-advisories/cve-2023-28897 | source : cve@asrg.io

Vulnerability : CWE-798


Source : nozominetworks.com

Vulnerability ID : CVE-2023-5253

First published on : 15-01-2024 11:15:08
Last modified on : 15-01-2024 11:15:08

Description :
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information.

CVE ID : CVE-2023-5253
Source : prodsec@nozominetworks.com
CVSS Score : 5.3

References :
https://security.nozominetworks.com/NN-2023:12-01 | source : prodsec@nozominetworks.com

Vulnerability : CWE-306


Source : netapp.com

Vulnerability ID : CVE-2024-21982

First published on : 12-01-2024 00:15:45
Last modified on : 12-01-2024 13:47:31

Description :
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.

CVE ID : CVE-2024-21982
Source : security-alert@netapp.com
CVSS Score : 4.8

References :
https://security.netapp.com/advisory/ntap-20240111-0001/ | source : security-alert@netapp.com


(14) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2022-4960

First published on : 12-01-2024 03:15:08
Last modified on : 12-01-2024 13:47:31

Description :
A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250238 is the identifier assigned to this vulnerability.

CVE ID : CVE-2022-4960
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/cloudfavorites/favorites-web/issues/127 | source : cna@vuldb.com
https://vuldb.com/?ctiid.250238 | source : cna@vuldb.com
https://vuldb.com/?id.250238 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0465

First published on : 12-01-2024 19:15:12
Last modified on : 12-01-2024 19:21:49

Description :
A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0465
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250570 | source : cna@vuldb.com
https://vuldb.com/?id.250570 | source : cna@vuldb.com

Vulnerability : CWE-24


Vulnerability ID : CVE-2024-0467

First published on : 12-01-2024 20:15:47
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572.

CVE ID : CVE-2024-0467
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250572 | source : cna@vuldb.com
https://vuldb.com/?id.250572 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0472

First published on : 12-01-2024 22:15:45
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability.

CVE ID : CVE-2024-0472
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.250577 | source : cna@vuldb.com
https://vuldb.com/?id.250577 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-0503

First published on : 13-01-2024 21:15:07
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611.

CVE ID : CVE-2024-0503
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/file/d/1n9Zas-iSOfKVMN3UzPyVGgQgCmig2A5I/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250611 | source : cna@vuldb.com
https://vuldb.com/?id.250611 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0504

First published on : 13-01-2024 21:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250618 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0504
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250618 | source : cna@vuldb.com
https://vuldb.com/?id.250618 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0476

First published on : 13-01-2024 06:15:48
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability.

CVE ID : CVE-2024-0476
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250581 | source : cna@vuldb.com
https://vuldb.com/?id.250581 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0499

First published on : 13-01-2024 19:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607.

CVE ID : CVE-2024-0499
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://drive.google.com/file/d/1DTGd_IWdS_tMOQN0Pt1-MeZ4Yv3tXiRt/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250607 | source : cna@vuldb.com
https://vuldb.com/?id.250607 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0500

First published on : 13-01-2024 19:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608.

CVE ID : CVE-2024-0500
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://drive.google.com/file/d/1z30nTAfoX58NqwIMXyHb3LB6Pv2bEm5v/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250608 | source : cna@vuldb.com
https://vuldb.com/?id.250608 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0501

First published on : 13-01-2024 20:15:45
Last modified on : 14-01-2024 21:42:17

Description :
A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability.

CVE ID : CVE-2024-0501
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://drive.google.com/file/d/1xEenTDcXwNYdOxY8kdQ142nRnbcHrTRv/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.250609 | source : cna@vuldb.com
https://vuldb.com/?id.250609 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0557

First published on : 15-01-2024 17:15:09
Last modified on : 15-01-2024 17:15:09

Description :
A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250725 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0557
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20StoredXSS/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.250725 | source : cna@vuldb.com
https://vuldb.com/?id.250725 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : gitlab.com

Vulnerability ID : CVE-2023-2030

First published on : 12-01-2024 14:15:47
Last modified on : 12-01-2024 15:54:26

Description :
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

CVE ID : CVE-2023-2030
Source : cve@gitlab.com
CVSS Score : 3.5

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/407252 | source : cve@gitlab.com
https://hackerone.com/reports/1929929 | source : cve@gitlab.com

Vulnerability : CWE-345


Source : github.com

Vulnerability ID : CVE-2023-49098

First published on : 12-01-2024 21:15:09
Last modified on : 14-01-2024 21:42:17

Description :
Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.

CVE ID : CVE-2023-49098
Source : security-advisories@github.com
CVSS Score : 3.5

References :
https://github.com/discourse/discourse-reactions/commit/2c26939395177730e492640d71aac68423be84fc | source : security-advisories@github.com
https://github.com/discourse/discourse-reactions/security/advisories/GHSA-mq82-7v5x-rhv8 | source : security-advisories@github.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-49099

First published on : 12-01-2024 21:15:09
Last modified on : 14-01-2024 21:42:17

Description :
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.

CVE ID : CVE-2023-49099
Source : security-advisories@github.com
CVSS Score : 3.1

References :
https://github.com/discourse/discourse/commit/1b288236387fc0a823e4f15f1aea8dde81b49d53 | source : security-advisories@github.com
https://github.com/discourse/discourse/security/advisories/GHSA-j67x-x6mq-pwv4 | source : security-advisories@github.com

Vulnerability : CWE-284


(78) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-52339

First published on : 12-01-2024 02:15:44
Last modified on : 12-01-2024 13:47:31

Description :
In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.

CVE ID : CVE-2023-52339
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Matroska-Org/libebml/blob/v1.x/NEWS.md | source : cve@mitre.org
https://github.com/Matroska-Org/libebml/compare/release-1.4.4...release-1.4.5 | source : cve@mitre.org
https://github.com/Matroska-Org/libebml/issues/147 | source : cve@mitre.org
https://github.com/Matroska-Org/libebml/pull/148 | source : cve@mitre.org


Vulnerability ID : CVE-2016-20021

First published on : 12-01-2024 03:15:08
Last modified on : 12-01-2024 13:47:31

Description :
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification.

CVE ID : CVE-2016-20021
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.gentoo.org/597800 | source : cve@mitre.org
https://gitweb.gentoo.org/proj/portage.git/tree/NEWS | source : cve@mitre.org
https://wiki.gentoo.org/wiki/Portage | source : cve@mitre.org


Vulnerability ID : CVE-2022-48619

First published on : 12-01-2024 03:15:08
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.

CVE ID : CVE-2022-48619
Source : cve@mitre.org
CVSS Score : /

References :
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.10 | source : cve@mitre.org
https://github.com/torvalds/linux/commit/409353cbe9fe48f6bc196114c442b1cff05a39bc | source : cve@mitre.org


Vulnerability ID : CVE-2022-48620

First published on : 12-01-2024 04:15:08
Last modified on : 12-01-2024 13:47:31

Description :
uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

CVE ID : CVE-2022-48620
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9 | source : cve@mitre.org
https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1 | source : cve@mitre.org
https://github.com/troglobit/libuev/issues/27 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23171

First published on : 12-01-2024 05:15:10
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).

CVE ID : CVE-2024-23171
Source : cve@mitre.org
CVSS Score : /

References :
https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6 | source : cve@mitre.org
https://phabricator.wikimedia.org/T348343 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23172

First published on : 12-01-2024 05:15:10
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

CVE ID : CVE-2024-23172
Source : cve@mitre.org
CVSS Score : /

References :
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179 | source : cve@mitre.org
https://phabricator.wikimedia.org/T347708 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23173

First published on : 12-01-2024 05:15:10
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.

CVE ID : CVE-2024-23173
Source : cve@mitre.org
CVSS Score : /

References :
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214 | source : cve@mitre.org
https://phabricator.wikimedia.org/T348687 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23174

First published on : 12-01-2024 05:15:10
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message.

CVE ID : CVE-2024-23174
Source : cve@mitre.org
CVSS Score : /

References :
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177 | source : cve@mitre.org
https://phabricator.wikimedia.org/T347704 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23177

First published on : 12-01-2024 06:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.

CVE ID : CVE-2024-23177
Source : cve@mitre.org
CVSS Score : /

References :
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ | source : cve@mitre.org
https://phabricator.wikimedia.org/T348979 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23178

First published on : 12-01-2024 06:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.

CVE ID : CVE-2024-23178
Source : cve@mitre.org
CVSS Score : /

References :
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ | source : cve@mitre.org
https://phabricator.wikimedia.org/T349312 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23179

First published on : 12-01-2024 06:15:47
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.

CVE ID : CVE-2024-23179
Source : cve@mitre.org
CVSS Score : /

References :
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ | source : cve@mitre.org
https://phabricator.wikimedia.org/T347746 | source : cve@mitre.org


Vulnerability ID : CVE-2023-37117

First published on : 12-01-2024 07:15:12
Last modified on : 12-01-2024 13:47:31

Description :
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.

CVE ID : CVE-2023-37117
Source : cve@mitre.org
CVSS Score : /

References :
http://lists.live555.com/pipermail/live-devel/2023-June/022331.html | source : cve@mitre.org
http://www.live555.com/liveMedia/public/changelog.txt | source : cve@mitre.org


Vulnerability ID : CVE-2023-40362

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.

CVE ID : CVE-2023-40362
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ally-petitt/CVE-2023-40362 | source : cve@mitre.org
https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach | source : cve@mitre.org


Vulnerability ID : CVE-2023-50919

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

CVE ID : CVE-2023-50919
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50920

First published on : 12-01-2024 08:15:43
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

CVE ID : CVE-2023-50920
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Authentication-bypass-seesion-ID.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-30014

First published on : 12-01-2024 09:15:43
Last modified on : 12-01-2024 13:47:31

Description :
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.

CVE ID : CVE-2023-30014
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-30015

First published on : 12-01-2024 09:15:44
Last modified on : 12-01-2024 13:47:31

Description :
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.

CVE ID : CVE-2023-30015
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-30016

First published on : 12-01-2024 09:15:44
Last modified on : 12-01-2024 13:47:31

Description :
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.

CVE ID : CVE-2023-30016
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Pings1031/cve_report/blob/main/judging-management-system/SQLi-2.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-48909

First published on : 12-01-2024 09:15:44
Last modified on : 12-01-2024 13:47:31

Description :
An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.

CVE ID : CVE-2023-48909
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/Dollhouse-18/288b4774bc296722c9e3c60bafa392bf | source : cve@mitre.org
https://github.com/Dollhouse-18/jave-core-Command-execution-vulnerability | source : cve@mitre.org


Vulnerability ID : CVE-2023-51790

First published on : 12-01-2024 13:15:11
Last modified on : 12-01-2024 13:47:31

Description :
Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.

CVE ID : CVE-2023-51790
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Piwigo/AdminTools/issues/21 | source : cve@mitre.org
https://github.com/Piwigo/Piwigo/issues/2069 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51806

First published on : 12-01-2024 13:15:11
Last modified on : 12-01-2024 13:47:31

Description :
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.

CVE ID : CVE-2023-51806
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ujcms/ujcms | source : cve@mitre.org
https://github.com/ujcms/ujcms/issues/8 | source : cve@mitre.org
https://www.ujcms.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52026

First published on : 12-01-2024 13:15:11
Last modified on : 12-01-2024 13:47:31

Description :
TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface

CVE ID : CVE-2023-52026
Source : cve@mitre.org
CVSS Score : /

References :
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B2022031setTelnetCfg/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51949

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller

CVE ID : CVE-2023-51949
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/security/blob/main/Added%20CSRF%20in%20Role%20Controller.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51978

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection.

CVE ID : CVE-2023-51978
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/hackerhijeck/Exploited/blob/main/Art_Gallary/SQL_Injection.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22492

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.

CVE ID : CVE-2024-22492
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/security/blob/main/%28JFinalcms%20contact%20para%29A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20Jfinalcms%20contact%20para.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22493

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.

CVE ID : CVE-2024-22493
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/security/blob/main/%28JFinalcms%20content%20para%29A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20Jfinalcms%20content%20para.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22494

First published on : 12-01-2024 16:15:52
Last modified on : 12-01-2024 17:06:09

Description :
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.

CVE ID : CVE-2024-22494
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cui2shark/security/blob/main/%28JFinalcms%20moblie%20para%29A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20Jfinalcms%20moblie%20para.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-48166

First published on : 12-01-2024 23:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.

CVE ID : CVE-2023-48166
Source : cve@mitre.org
CVSS Score : /

References :
https://labs.integrity.pt/advisories/cve-2023-48166/ | source : cve@mitre.org
https://networks.unify.com/security/advisories/OBSO-2401-01.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2024-23301

First published on : 12-01-2024 23:15:10
Last modified on : 14-01-2024 21:42:17

Description :
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

CVE ID : CVE-2024-23301
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/rear/rear/issues/3122 | source : cve@mitre.org
https://github.com/rear/rear/pull/3123 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50072

First published on : 13-01-2024 01:15:38
Last modified on : 14-01-2024 21:42:17

Description :
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS.

CVE ID : CVE-2023-50072
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ahrixia/CVE-2023-50072 | source : cve@mitre.org


Vulnerability ID : CVE-2023-33472

First published on : 13-01-2024 02:15:07
Last modified on : 14-01-2024 21:42:17

Description :
An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function.

CVE ID : CVE-2023-33472
Source : cve@mitre.org
CVSS Score : /

References :
https://hev0x.github.io/posts/scadalts-cve-2023-33472/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46942

First published on : 13-01-2024 02:15:07
Last modified on : 14-01-2024 21:42:17

Description :
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.

CVE ID : CVE-2023-46942
Source : cve@mitre.org
CVSS Score : /

References :
https://devhub.checkmarx.com/cve-details/CVE-2023-46942/ | source : cve@mitre.org
https://devhub.checkmarx.com/cve-details/Cx00cea2d5-d2c5/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46943

First published on : 13-01-2024 02:15:07
Last modified on : 14-01-2024 21:42:17

Description :
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.

CVE ID : CVE-2023-46943
Source : cve@mitre.org
CVSS Score : /

References :
https://devhub.checkmarx.com/cve-details/CVE-2023-46943/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51804

First published on : 13-01-2024 02:15:07
Last modified on : 14-01-2024 21:42:17

Description :
An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.

CVE ID : CVE-2023-51804
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/rymcu/forest/issues/149 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51805

First published on : 13-01-2024 02:15:07
Last modified on : 14-01-2024 21:42:17

Description :
SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file.

CVE ID : CVE-2023-51805
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/TDuckCloud/tduck-platform/issues/22 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51062

First published on : 13-01-2024 04:15:07
Last modified on : 14-01-2024 21:42:17

Description :
An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command.

CVE ID : CVE-2023-51062
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51062.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51063

First published on : 13-01-2024 04:15:07
Last modified on : 14-01-2024 21:42:17

Description :
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.

CVE ID : CVE-2023-51063
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51063.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51064

First published on : 13-01-2024 04:15:07
Last modified on : 14-01-2024 21:42:17

Description :
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table.

CVE ID : CVE-2023-51064
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51064.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51065

First published on : 13-01-2024 04:15:07
Last modified on : 14-01-2024 21:42:17

Description :
Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server.

CVE ID : CVE-2023-51065
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51065.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51066

First published on : 13-01-2024 04:15:07
Last modified on : 14-01-2024 21:42:17

Description :
An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands.

CVE ID : CVE-2023-51066
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51066.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51067

First published on : 13-01-2024 04:15:08
Last modified on : 14-01-2024 21:42:17

Description :
An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.

CVE ID : CVE-2023-51067
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51067.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51068

First published on : 13-01-2024 04:15:08
Last modified on : 14-01-2024 21:42:17

Description :
An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.

CVE ID : CVE-2023-51068
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51068.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51070

First published on : 13-01-2024 04:15:08
Last modified on : 14-01-2024 21:42:17

Description :
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.

CVE ID : CVE-2023-51070
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51070.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51071

First published on : 13-01-2024 04:15:08
Last modified on : 14-01-2024 21:42:17

Description :
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link.

CVE ID : CVE-2023-51071
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Oracle-Security/CVEs/blob/main/QStar%20Archive%20Solutions/CVE-2023-51071.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-52288

First published on : 13-01-2024 04:15:08
Last modified on : 14-01-2024 21:42:17

Description :
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files.

CVE ID : CVE-2023-52288
Source : cve@mitre.org
CVSS Score : /

References :
https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-52289

First published on : 13-01-2024 04:15:08
Last modified on : 14-01-2024 21:42:17

Description :
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.

CVE ID : CVE-2023-52289
Source : cve@mitre.org
CVSS Score : /

References :
https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2020-36770

First published on : 15-01-2024 07:15:07
Last modified on : 15-01-2024 07:15:07

Description :
pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.

CVE ID : CVE-2020-36770
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.gentoo.org/631552 | source : cve@mitre.org


Source : rapid7.con

Vulnerability ID : CVE-2024-0393

First published on : 12-01-2024 06:15:47
Last modified on : 12-01-2024 06:15:47

Description :
Rejected reason: This CVE ID was unused by the CNA.

CVE ID : CVE-2024-0393
Source : cve@rapid7.con
CVSS Score : /

References :


Source : jpcert.or.jp

Vulnerability ID : CVE-2024-22027

First published on : 12-01-2024 07:15:12
Last modified on : 12-01-2024 13:47:31

Description :
Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.

CVE ID : CVE-2024-22027
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN37326856/ | source : vultures@jpcert.or.jp
https://wordpress.org/plugins/quiz-maker/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-22028

First published on : 15-01-2024 07:15:09
Last modified on : 15-01-2024 07:15:09

Description :
Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.

CVE ID : CVE-2024-22028
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://3rrr-btob.jp/archives/news/23624 | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN96240417/ | source : vultures@jpcert.or.jp


Source : cert.pl

Vulnerability ID : CVE-2023-49253

First published on : 12-01-2024 15:15:08
Last modified on : 12-01-2024 15:54:26

Description :
Root user password is hardcoded into the device and cannot be changed in the user interface.

CVE ID : CVE-2023-49253
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-49254

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.

CVE ID : CVE-2023-49254
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-49255

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated one. If the logged in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password.

CVE ID : CVE-2023-49255
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-306


Vulnerability ID : CVE-2023-49256

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.

CVE ID : CVE-2023-49256
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-798


Vulnerability ID : CVE-2023-49257

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.

CVE ID : CVE-2023-49257
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-732


Vulnerability ID : CVE-2023-49258

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter.

CVE ID : CVE-2023-49258
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49259

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.

CVE ID : CVE-2023-49259
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-327


Vulnerability ID : CVE-2023-49260

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255.

CVE ID : CVE-2023-49260
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-49261

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
The "tokenKey" value used in user authorization is visible in the HTML source of the login page.

CVE ID : CVE-2023-49261
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-49262

First published on : 12-01-2024 15:15:09
Last modified on : 12-01-2024 15:54:26

Description :
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.

CVE ID : CVE-2023-49262
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-49253/ | source : cvd@cert.pl

Vulnerability : CWE-287


Vulnerability ID : CVE-2023-4818

First published on : 15-01-2024 14:15:25
Last modified on : 15-01-2024 14:15:25

Description :
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability.

CVE ID : CVE-2023-4818
Source : cvd@cert.pl
CVSS Score : /

References :
https://blog.stmcyber.com/pax-pos-cves-2023/ | source : cvd@cert.pl
https://cert.pl/en/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://cert.pl/posts/2024/01/CVE-2023-4818/ | source : cvd@cert.pl
https://ppn.paxengine.com/release/development | source : cvd@cert.pl

Vulnerability : CWE-20


Source : apple.com

Vulnerability ID : CVE-2024-0230

First published on : 12-01-2024 23:15:08
Last modified on : 14-01-2024 21:42:17

Description :
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.

CVE ID : CVE-2024-0230
Source : product-security@apple.com
CVSS Score : /

References :
https://support.apple.com/en-us/HT214050 | source : product-security@apple.com


Source : apache.org

Vulnerability ID : CVE-2023-46749

First published on : 15-01-2024 10:15:26
Last modified on : 15-01-2024 10:15:26

Description :
Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).

CVE ID : CVE-2023-46749
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm | source : security@apache.org

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-50290

First published on : 15-01-2024 10:15:26
Last modified on : 15-01-2024 10:15:26

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess. The Solr Metrics API is protected by the "metrics-read" permission. Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission. This issue affects Apache Solr: from 9.0.0 before 9.3.0. Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.

CVE ID : CVE-2023-50290
Source : security@apache.org
CVSS Score : /

References :
https://solr.apache.org/security.html#cve-2023-50290-apache-solr-allows-read-access-to-host-environment-variables | source : security@apache.org

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-46226

First published on : 15-01-2024 11:15:07
Last modified on : 15-01-2024 15:15:08

Description :
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

CVE ID : CVE-2023-46226
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/15/1 | source : security@apache.org
https://lists.apache.org/thread/293b4ob65ftnfwyf62fb9zh8gwdy38hg | source : security@apache.org


Source : wpscan.com

Vulnerability ID : CVE-2023-4925

First published on : 15-01-2024 16:15:11
Last modified on : 15-01-2024 16:15:11

Description :
The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVE ID : CVE-2023-4925
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/0b094cba-9288-4c9c-87a9-bdce286fe8b6 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-5905

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.

CVE ID : CVE-2023-5905
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/f94e91ef-1773-476c-9945-37e89ceefd3f | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6029

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.

CVE ID : CVE-2023-6029
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6048

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset

CVE ID : CVE-2023-6048
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/74cb07fe-fc82-472f-8c52-859c176d9e51 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6049

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog

CVE ID : CVE-2023-6049
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/8cfd8c1f-2834-4a94-a3fa-c0cfbe78a8b7 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6050

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE ID : CVE-2023-6050
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/c08e0f24-bd61-4e83-a555-363568cf0e6e | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6066

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.

CVE ID : CVE-2023-6066
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/f8f84d47-49aa-4258-a8a6-3de8e7342623 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6163

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-6163
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7ed6de4d-0a37-497f-971d-b6711893c557 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6620

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.

CVE ID : CVE-2023-6620
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/ab5c42ca-ee7d-4344-bd88-0d727ed3d9c4 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6623

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

CVE ID : CVE-2023-6623
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/ | source : contact@wpscan.com
https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6843

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.

CVE ID : CVE-2023-6843
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/41508340-8caf-4dca-bd88-350b63b78ab0 | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6941

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

CVE ID : CVE-2023-6941
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/58f7c9aa-5e59-468f-aba9-b15e7942fd37/ | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6991

First published on : 15-01-2024 16:15:12
Last modified on : 15-01-2024 16:15:12

Description :
The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.

CVE ID : CVE-2023-6991
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/0b92becb-8a47-48fd-82e8-f7641cf5c9bc | source : contact@wpscan.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.