Last update performed on 03/11/2024 at 11:57:06 PM

(3) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2024-21899

First published on : 08-03-2024 17:15:22
Last modified on : 08-03-2024 21:19:43

Description :
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2024-21899
Source : [email protected]
CVSS Score : 9.8

References :
https://www.qnap.com/en/security-advisory/qsa-24-09 | source : [email protected]

Vulnerability : CWE-287

Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability ID : CVE-2024-2184

First published on : 11-03-2024 01:15:50
Last modified on : 11-03-2024 01:32:29

Description :
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe.

CVE ID : CVE-2024-2184
Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS Score : 9.8

References :
https://psirt.canon/advisory-information/cp2024-002/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability : CWE-787

Source : incibe.es

Vulnerability ID : CVE-2024-2370

First published on : 11-03-2024 13:15:52
Last modified on : 11-03-2024 13:15:52

Description :
Unrestricted file upload vulnerability in ManageEngine Desktop Central affecting version 9, build 90055. This vulnerability could allow a remote attacker to upload a malicious file to the system without any credentials provided.

CVE ID : CVE-2024-2370
Source : [email protected]
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central | source : [email protected]

Vulnerability : CWE-434

(16) HIGH VULNERABILITIES [7.0, 8.9]

Source : vuldb.com

Vulnerability ID : CVE-2024-2353

First published on : 10-03-2024 08:15:05
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2353
Source : [email protected]
CVSS Score : 8.8

References :
https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md | source : [email protected]
https://vuldb.com/?ctiid.256313 | source : [email protected]
https://vuldb.com/?id.256313 | source : [email protected]

Vulnerability : CWE-78

Vulnerability ID : CVE-2024-2282

First published on : 08-03-2024 02:15:51
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2282
Source : [email protected]
CVSS Score : 7.3

References :
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20Login.md | source : [email protected]
https://vuldb.com/?ctiid.256049 | source : [email protected]
https://vuldb.com/?id.256049 | source : [email protected]

Vulnerability : CWE-89

Source : checkmk.com

Vulnerability ID : CVE-2024-0670

First published on : 11-03-2024 15:15:47
Last modified on : 11-03-2024 15:15:47

Description :
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges

CVE ID : CVE-2024-0670
Source : [email protected]
CVSS Score : 8.8

References :
https://checkmk.com/werk/16361 | source : [email protected]

Vulnerability : CWE-427

Source : f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Vulnerability ID : CVE-2024-2338

First published on : 08-03-2024 20:15:45
Last modified on : 08-03-2024 21:19:43

Description :
PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.

CVE ID : CVE-2024-2338
Source : f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
CVSS Score : 8.0

References :
https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/f55daadba3fa8226029687964aa8889d01a79778 | source : f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2339

First published on : 08-03-2024 20:15:46
Last modified on : 08-03-2024 21:19:43

Description :
PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3.

CVE ID : CVE-2024-2339
Source : f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
CVSS Score : 8.0

References :
https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/e517b38e62e50871b04011598e73a7308bdae9d9 | source : f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Vulnerability : CWE-20

Source : emc.com

Vulnerability ID : CVE-2024-25951

First published on : 09-03-2024 06:15:50
Last modified on : 11-03-2024 01:32:39

Description :
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

CVE ID : CVE-2024-25951
Source : [email protected]
CVSS Score : 8.0

References :
https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability | source : [email protected]

Vulnerability : CWE-1288

Source : ni.com

Vulnerability ID : CVE-2024-23608

First published on : 11-03-2024 16:15:07
Last modified on : 11-03-2024 16:15:07

Description :
An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE ID : CVE-2024-23608
Source : [email protected]
CVSS Score : 7.8

References :
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html | source : [email protected]

Vulnerability : CWE-787

Vulnerability ID : CVE-2024-23609

First published on : 11-03-2024 16:15:08
Last modified on : 11-03-2024 16:15:08

Description :
An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVE ID : CVE-2024-23609
Source : [email protected]
CVSS Score : 7.8

References :
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html | source : [email protected]

Vulnerability : CWE-755

Vulnerability ID : CVE-2024-23610

First published on : 11-03-2024 16:15:08
Last modified on : 11-03-2024 16:15:08

CVE ID : CVE-2024-23610
Source : [email protected]
CVSS Score : 7.8

Vulnerability : CWE-787

Vulnerability ID : CVE-2024-23611

First published on : 11-03-2024 16:15:08
Last modified on : 11-03-2024 16:15:08

CVE ID : CVE-2024-23611
Source : [email protected]
CVSS Score : 7.8

Vulnerability : CWE-787

Vulnerability ID : CVE-2024-23612

First published on : 11-03-2024 16:15:08
Last modified on : 11-03-2024 16:15:08

CVE ID : CVE-2024-23612
Source : [email protected]
CVSS Score : 7.8

References :
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html | source : [email protected]

Vulnerability : CWE-755

Source : hq.dhs.gov

Vulnerability ID : CVE-2024-1696

First published on : 11-03-2024 17:15:46
Last modified on : 11-03-2024 17:15:46

Description :
In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.

CVE ID : CVE-2024-1696
Source : [email protected]
CVSS Score : 7.8

References :
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 | source : [email protected]

Vulnerability : CWE-787

Source : github.com

Vulnerability ID : CVE-2024-28197

First published on : 11-03-2024 20:15:07
Last modified on : 11-03-2024 20:15:07

Description :
Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent (browser) and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and provide a malicious link hosted on the subdomain to the user to gain access to the victim’s account in certain scenarios. A possible victim would need to login through the malicious link for this exploit to work. If the possible victim already had the cookie present, the attack would not succeed. The attack would further only be possible if there was an initial vulnerability on the subdomain. This could either be the attacker being able to control DNS or a XSS vulnerability in an application hosted on a subdomain. Versions 2.46.0, 2.45.1, and 2.44.3 have been patched. Zitadel recommends upgrading to the latest versions available in due course. Note that applying the patch will invalidate the current cookie and thus users will need to start a new session and existing sessions (user selection) will be empty. For self-hosted environments unable to upgrade to a patched version, prevent setting the following cookie name on subdomains of your Zitadel instance (e.g. within your WAF): `__Secure-zitadel-useragent`.

CVE ID : CVE-2024-28197
Source : [email protected]
CVSS Score : 7.5

References :
https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr | source : [email protected]

Vulnerability : CWE-269

Vulnerability ID : CVE-2024-28184

First published on : 09-03-2024 01:15:07
Last modified on : 11-03-2024 01:32:39

Description :
WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.

CVE ID : CVE-2024-28184
Source : [email protected]
CVSS Score : 7.4

References :
https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598 | source : [email protected]
https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r | source : [email protected]

Vulnerability : CWE-829

Vulnerability ID : CVE-2024-28187

First published on : 11-03-2024 20:15:07
Last modified on : 11-03-2024 20:15:07

Description :
SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the execution of arbitrary OS commands through specially crafted file names containing a semicolon, affecting the jpegoptim functionality. This vulnerability has been patched in version 3.14.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-28187
Source : [email protected]
CVSS Score : 7.2

References :
https://github.com/inunosinsi/soycms/commit/9b0e452f628df28dec69cd72b6b55db21066cbf8 | source : [email protected]
https://github.com/inunosinsi/soycms/security/advisories/GHSA-qg3q-hfgc-5jmm | source : [email protected]

Vulnerability : CWE-78

Source : mitre.org

Vulnerability ID : CVE-2024-26313

First published on : 08-03-2024 02:15:50
Last modified on : 08-03-2024 14:02:57

Description :
Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release.

CVE ID : CVE-2024-26313
Source : [email protected]
CVSS Score : 7.3

References :
https://archerirm.com | source : [email protected]
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/717102 | source : [email protected]

(44) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2024-28122

First published on : 09-03-2024 01:15:06
Last modified on : 11-03-2024 01:32:39

Description :
JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.

CVE ID : CVE-2024-28122
Source : [email protected]
CVSS Score : 6.8

References :
https://github.com/lestrrat-go/jwx/releases/tag/v1.2.29 | source : [email protected]
https://github.com/lestrrat-go/jwx/releases/tag/v2.0.21 | source : [email protected]
https://github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259 | source : [email protected]

Vulnerability : CWE-400

Vulnerability ID : CVE-2024-28120

First published on : 11-03-2024 22:15:55
Last modified on : 11-03-2024 22:15:55

Description :
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.

CVE ID : CVE-2024-28120
Source : [email protected]
CVSS Score : 6.5

References :
https://github.com/Exafunction/codeium-chrome/security/advisories/GHSA-8c7j-2h97-q63p | source : [email protected]
https://securitylab.github.com/advisories/GHSL-2024-027_GHSL-2024-028_codeium-chrome | source : [email protected]

Vulnerability : CWE-200
Vulnerability : CWE-284

Vulnerability ID : CVE-2024-27297

First published on : 11-03-2024 22:15:55
Last modified on : 11-03-2024 22:15:55

Description :
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-27297
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000 | source : [email protected]
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 | source : [email protected]
https://hackmd.io/03UGerewRcy3db44JQoWvw | source : [email protected]

Vulnerability : CWE-367

Vulnerability ID : CVE-2024-27938

First published on : 11-03-2024 22:15:55
Last modified on : 11-03-2024 22:15:55

Description :
Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from a server that a user has 'authorised' to send mail on their behalf but were not the genuine author of the e-mail. Postal is not affected for sending outgoing e-mails as email is re-encoded with `<CR><LF>` line endings when transmitted over SMTP. This issue has been addressed and users should upgrade to Postal v3.0.0 or higher. Once upgraded, Postal will only accept End of DATA sequences which are explicitly `<CR><LF>.<CR><LF>`. If a non-compliant sequence is detected it will be logged to the SMTP server log. There are no workarounds for this issue.

CVE ID : CVE-2024-27938
Source : [email protected]
CVSS Score : 5.3

References :
https://github.com/postalserver/postal/commit/0140dc4 | source : [email protected]
https://github.com/postalserver/postal/security/advisories/GHSA-j42r-6c99-hqf2 | source : [email protected]
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide | source : [email protected]
https://www.postfix.org/smtp-smuggling.html | source : [email protected]

Vulnerability : CWE-116

Vulnerability ID : CVE-2024-28176

First published on : 09-03-2024 01:15:07
Last modified on : 11-03-2024 01:32:39

Description :
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.

CVE ID : CVE-2024-28176
Source : [email protected]
CVSS Score : 4.9

References :
https://github.com/panva/jose/commit/02a65794f7873cdaf12e81e80ad076fcdc4a9314 | source : [email protected]
https://github.com/panva/jose/commit/1b91d88d2f8233f3477a5f4579aa5f8057b2ee8b | source : [email protected]
https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q | source : [email protected]

Vulnerability : CWE-400

Vulnerability ID : CVE-2024-28198

First published on : 11-03-2024 20:15:07
Last modified on : 11-03-2024 20:15:07

Description :
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system.

CVE ID : CVE-2024-28198
Source : [email protected]
CVSS Score : 4.6

References :
https://github.com/OpenOLAT/OpenOLAT/commit/23e6212e9412c3b099436159b8c8935321c91872 | source : [email protected]
https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-pqvm-h9mg-434c | source : [email protected]
https://track.frentix.com/issue/OO-7553/XXE-injection-in-draw.io-endpoint | source : [email protected]

Vulnerability : CWE-611

Vulnerability ID : CVE-2024-28180

First published on : 09-03-2024 01:15:07
Last modified on : 11-03-2024 01:32:39

Description :
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.

CVE ID : CVE-2024-28180
Source : [email protected]
CVSS Score : 4.3

References :
https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 | source : [email protected]
https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a | source : [email protected]
https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 | source : [email protected]
https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g | source : [email protected]

Vulnerability : CWE-409

Source : wordfence.com

Vulnerability ID : CVE-2024-1123

First published on : 09-03-2024 07:15:07
Last modified on : 11-03-2024 01:32:39

Description :
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the title and content of arbitrary posts. This can also be exploited by unauthenticated attackers when the allow_submission_by_anonymous_user setting is enabled.

CVE ID : CVE-2024-1123
Source : [email protected]
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/351926d4-a9be-4fbd-bdf2-8bbff41d97ef?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-1125

First published on : 09-03-2024 07:15:08
Last modified on : 11-03-2024 01:32:39

Description :
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.

CVE ID : CVE-2024-1125
Source : [email protected]
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-1320

First published on : 09-03-2024 07:15:08
Last modified on : 11-03-2024 01:32:39

Description :
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1320
Source : [email protected]
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/7e82e1c5-0ed4-4dee-9990-976591693eb5?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-1987

First published on : 08-03-2024 06:15:52
Last modified on : 08-03-2024 14:02:57

Description :
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1987
Source : [email protected]
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3047285%40wp-members%2Ftrunk&old=3025452%40wp-members%2Ftrunk&sfp_email=&sfph_mail=#file5 | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/631e1061-50b1-4df2-b876-37b4cd3e2478?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-1767

First published on : 09-03-2024 07:15:09
Last modified on : 11-03-2024 01:32:39

Description :
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1767
Source : [email protected]
CVSS Score : 6.4

References :
https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=219324%40blocksy&new=219324%40blocksy&sfp_email=&sfph_mail= | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/fdeab668-9094-485f-aa01-13ba5c10ea89?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-1851

First published on : 08-03-2024 07:15:05
Last modified on : 08-03-2024 14:02:57

Description :
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists.

CVE ID : CVE-2024-1851
Source : [email protected]
CVSS Score : 6.3

References :
https://plugins.trac.wordpress.org/changeset/3045821/affiliate-toolkit-starter/trunk/includes/atkp_endpoints.php | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e256b0-e4e3-4f41-842c-80aa2b80af72?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-2298

First published on : 08-03-2024 07:15:06
Last modified on : 08-03-2024 14:02:57

Description :
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating importing products.

CVE ID : CVE-2024-2298
Source : [email protected]
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3045821/affiliate-toolkit-starter/trunk/includes/atkp_endpoints.php | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4d0176-3b7d-4de5-95ec-365873e6f13b?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-1124

First published on : 09-03-2024 07:15:08
Last modified on : 11-03-2024 01:32:39

Description :
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site.

CVE ID : CVE-2024-1124
Source : [email protected]
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/346049ca-1bc5-4e02-9f38-d1f64338709d?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-1870

First published on : 09-03-2024 10:15:06
Last modified on : 11-03-2024 01:32:29

Description :
The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.

CVE ID : CVE-2024-1870
Source : [email protected]
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/colibri-page-builder/trunk/src/License/ActivationForm.php#L356 | source : [email protected]
https://plugins.trac.wordpress.org/changeset/3045582/colibri-page-builder/trunk/src/License/ActivationForm.php?contextall=1&old=2888093&old_path=%2Fcolibri-page-builder%2Ftrunk%2Fsrc%2FLicense%2FActivationForm.php | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/130637ce-d70a-4831-8b88-a2a6e8a95c42?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-1400

First published on : 11-03-2024 22:15:54
Last modified on : 11-03-2024 22:15:54

Description :
The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages.

CVE ID : CVE-2024-1400
Source : [email protected]
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=cve | source : [email protected]

Vulnerability ID : CVE-2024-1645

First published on : 11-03-2024 22:15:54
Last modified on : 11-03-2024 22:15:54

Description :
The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin.

CVE ID : CVE-2024-1645
Source : [email protected]
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/mollie-forms/trunk/classes/Admin.php#L904 | source : [email protected]
https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php | source : [email protected]
https://www.wordfence.com/threat-intel/vulnerabilities/id/353c244f-6d5d-47d6-988e-33da722a02f9?source=cve | source : [email protected]

Source : vuldb.com

Vulnerability ID : CVE-2024-2271

First published on : 08-03-2024 00:15:50
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256041 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2271
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Shop/Blind%20SQL%20Injection%20Shop.php%20.md | source : [email protected]
https://vuldb.com/?ctiid.256041 | source : [email protected]
https://vuldb.com/?id.256041 | source : [email protected]

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2272

First published on : 08-03-2024 00:15:50
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256042 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2272
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Home/Blind%20SQL%20Injection%20Home.php%20.md | source : [email protected]
https://vuldb.com/?ctiid.256042 | source : [email protected]
https://vuldb.com/?id.256042 | source : [email protected]

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2281

First published on : 08-03-2024 02:15:51
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2281
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/BROKEN%20ACCESS%20CONTROL%20.md | source : [email protected]
https://vuldb.com/?ctiid.256048 | source : [email protected]
https://vuldb.com/?id.256048 | source : [email protected]

Vulnerability : CWE-284

Vulnerability ID : CVE-2024-2283

First published on : 08-03-2024 02:15:51
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2283
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20member-view.php%20.md | source : [email protected]
https://vuldb.com/?ctiid.256050 | source : [email protected]
https://vuldb.com/?id.256050 | source : [email protected]

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2329

First published on : 09-03-2024 08:15:06
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2329
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_resource_icon.md | source : [email protected]
https://vuldb.com/?ctiid.256280 | source : [email protected]
https://vuldb.com/?id.256280 | source : [email protected]

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2330

First published on : 09-03-2024 09:15:05
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2330
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/jikedaodao/cve/blob/main/NS-ASG-sql-addmacbind.md | source : [email protected]
https://vuldb.com/?ctiid.256281 | source : [email protected]
https://vuldb.com/?id.256281 | source : [email protected]

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2331

First published on : 09-03-2024 10:15:06
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-2331
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/wkeyi0x1/vul-report/blob/main/Tourist%20Reservation%20System%20using%20C%2B%2B%20with%20Free%20Source%20Code/buffer-overflow-1.md | source : [email protected]
https://vuldb.com/?ctiid.256282 | source : [email protected]
https://vuldb.com/?id.256282 | source : [email protected]

Vulnerability : CWE-120

Vulnerability ID : CVE-2024-2332

First published on : 09-03-2024 14:15:51
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283.

CVE ID : CVE-2024-2332
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/vanitashtml/CVE-Dumps/blob/main/Blind%20SQL%20Injection%20Manage%20Category%20-%20Mobile%20Management%20Store.md | source : [email protected]
https://vuldb.com/?ctiid.256283 | source : [email protected]
https://vuldb.com/?id.256283 | source : [email protected]

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2333

First published on : 09-03-2024 16:15:42
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284.

CVE ID : CVE-2024-2333
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/0x404Ming/CVE_Hunter/blob/main/SQLi-3.md | source : [email protected]
https://vuldb.com/?ctiid.256284 | source : [email protected]
https://vuldb.com/?id.256284 | source : [email protected]

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2351

First published on : 09-03-2024 23:15:49
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256303.

CVE ID : CVE-2024-2351
Source : [email protected]
CVSS Score : 6.3

References :
https://docs.qq.com/doc/DYklCV0thWnRaaWpY | source : [email protected]
https://vuldb.com/?ctiid.256303 | source : [email protected]
https://vuldb.com/?id.256303 | source : [email protected]

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2352

First published on : 10-03-2024 02:16:08
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304.

CVE ID : CVE-2024-2352
Source : [email protected]
CVSS Score : 6.3

References :
https://github.com/1Panel-dev/1Panel/pull/4131 | source : [email protected]
https://github.com/1Panel-dev/1Panel/pull/4131#issue-2176105990 | source : [email protected]
https://github.com/1Panel-dev/1Panel/pull/4131/commits/0edd7a9f6f5100aab98a0ea6e5deedff7700396c | source : [email protected]
https://vuldb.com/?ctiid.256304 | source : [email protected]
https://vuldb.com/?id.256304 | source : [email protected]

Vulnerability : CWE-77

Vulnerability ID : CVE-2024-2363

First published on : 10-03-2024 23:15:54
Last modified on : 11-03-2024 01:32:29

Description :
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256318 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE ID : CVE-2024-2363
Source : [email protected]
CVSS Score : 5.3

References :
https://fitoxs.com/vuldb/exploit/exploit_aim_triton.txt | source : [email protected]
https://vuldb.com/?ctiid.256318 | source : [email protected]
https://vuldb.com/?id.256318 | source : [email protected]

Vulnerability : CWE-404

Vulnerability ID : CVE-2024-2277

First published on : 08-03-2024 02:15:50
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2277
Source : [email protected]
CVSS Score : 4.3

References :
https://drive.google.com/file/d/1SVYLzbnYzSyun79QBOsRuWuMkzyjclJM/view?usp=drivesdk | source : [email protected]
https://vuldb.com/?ctiid.256046 | source : [email protected]
https://vuldb.com/?id.256046 | source : [email protected]

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-2316

First published on : 08-03-2024 12:15:50
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This vulnerability affects unknown code of the file /billing/bill/edit/ of the component Update Bill Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2316
Source : [email protected]
CVSS Score : 4.3

References :
https://drive.google.com/file/d/1v_Ee2FWlbpLgHYIl88COPp05EHSxUWI0/view?usp=sharing | source : [email protected]
https://vuldb.com/?ctiid.256270 | source : [email protected]
https://vuldb.com/?id.256270 | source : [email protected]

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-2318

First published on : 08-03-2024 13:15:07
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2318
Source : [email protected]
CVSS Score : 4.3

References :
https://gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841a | source : [email protected]
https://vuldb.com/?ctiid.256272 | source : [email protected]
https://vuldb.com/?id.256272 | source : [email protected]

Vulnerability : CWE-24

Vulnerability ID : CVE-2024-2354

First published on : 10-03-2024 11:15:45
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2354
Source : [email protected]
CVSS Score : 4.3

References :
https://github.com/sweatxi/BugHub/blob/main/dreamer_cms_admin_menu_toEdit_csrf.pdf | source : [email protected]
https://vuldb.com/?ctiid.256314 | source : [email protected]
https://vuldb.com/?id.256314 | source : [email protected]

Vulnerability : CWE-352

Source : us.ibm.com

Vulnerability ID : CVE-2022-43855

First published on : 08-03-2024 18:15:48
Last modified on : 08-03-2024 21:19:43

Description :
IBM SPSS Statistics 26.0, 27.0.1, and 28.0 could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. IBM X-Force ID: 230235.

CVE ID : CVE-2022-43855
Source : [email protected]
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/239235 | source : [email protected]
https://www.ibm.com/support/pages/node/7130881 | source : [email protected]

Vulnerability : CWE-399

Source : qnapsecurity.com.tw

Vulnerability ID : CVE-2023-34980

First published on : 08-03-2024 17:15:22
Last modified on : 08-03-2024 21:19:43

Description :
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2627 build 20231225 and later QuTS hero h4.5.4.2626 build 20231225 and later

CVE ID : CVE-2023-34980
Source : [email protected]
CVSS Score : 5.9

References :
https://www.qnap.com/en/security-advisory/qsa-24-12 | source : [email protected]

Vulnerability : CWE-78

Vulnerability ID : CVE-2023-47221

First published on : 08-03-2024 17:15:22
Last modified on : 08-03-2024 21:19:43

Description :
A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later

CVE ID : CVE-2023-47221
Source : [email protected]
CVSS Score : 5.5

References :
https://www.qnap.com/en/security-advisory/qsa-24-13 | source : [email protected]

Vulnerability : CWE-22

Vulnerability ID : CVE-2023-32969

First published on : 08-03-2024 17:15:21
Last modified on : 08-03-2024 21:19:43

Description :
A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

CVE ID : CVE-2023-32969
Source : [email protected]
CVSS Score : 4.9

References :
https://www.qnap.com/en/security-advisory/qsa-24-11 | source : [email protected]

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-21901

First published on : 08-03-2024 17:15:23
Last modified on : 08-03-2024 21:19:43

Description :
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later

CVE ID : CVE-2024-21901
Source : [email protected]
CVSS Score : 4.7

References :
https://www.qnap.com/en/security-advisory/qsa-24-09 | source : [email protected]

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-21900

First published on : 08-03-2024 17:15:22
Last modified on : 08-03-2024 21:19:43

Description :
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

CVE ID : CVE-2024-21900
Source : [email protected]
CVSS Score : 4.3

References :
https://www.qnap.com/en/security-advisory/qsa-24-09 | source : [email protected]

Vulnerability : CWE-74

Source : opentext.com

Vulnerability ID : CVE-2023-32264

First published on : 08-03-2024 21:15:06
Last modified on : 08-03-2024 21:19:43

Description :
CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer.

CVE ID : CVE-2023-32264
Source : [email protected]
CVSS Score : 5.8

References :
https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0799355 | source : [email protected]

Vulnerability : CWE-1385

Source : redhat.com

Vulnerability ID : CVE-2024-1441

First published on : 11-03-2024 14:15:06
Last modified on : 11-03-2024 14:15:06

Description :
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.

CVE ID : CVE-2024-1441
Source : [email protected]
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2024-1441 | source : [email protected]
https://bugzilla.redhat.com/show_bug.cgi?id=2263841 | source : [email protected]

Vulnerability : CWE-193

Source : incibe.es

Vulnerability ID : CVE-2024-2319

First published on : 08-03-2024 14:15:52
Last modified on : 08-03-2024 21:19:43

Description :
Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements.

CVE ID : CVE-2024-2319
Source : [email protected]
CVSS Score : 5.4

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-django-markdownx | source : [email protected]

Vulnerability : CWE-79

Source : mitre.org

Vulnerability ID : CVE-2024-26309

First published on : 08-03-2024 02:15:50
Last modified on : 08-03-2024 14:02:57

Description :
Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL.

CVE ID : CVE-2024-26309
Source : [email protected]
CVSS Score : 5.3

(12) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2024-2317

First published on : 08-03-2024 12:15:50
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2317
Source : [email protected]
CVSS Score : 3.8

References :
https://drive.google.com/file/d/13-Fxw8fw3VP1PvL0fYvDBVlpTDQHyCkc/view?usp=sharing | source : [email protected]
https://vuldb.com/?ctiid.256271 | source : [email protected]
https://vuldb.com/?id.256271 | source : [email protected]

Vulnerability : CWE-285

Vulnerability ID : CVE-2024-2355

First published on : 10-03-2024 12:15:06
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2355
Source : [email protected]
CVSS Score : 3.7

References :
https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md | source : [email protected]
https://vuldb.com/?ctiid.256315 | source : [email protected]
https://vuldb.com/?id.256315 | source : [email protected]

Vulnerability : CWE-540

Vulnerability ID : CVE-2024-2284

First published on : 08-03-2024 03:15:06
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2284
Source : [email protected]
CVSS Score : 3.5

References :
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-chat.php%20.md | source : [email protected]
https://vuldb.com/?ctiid.256051 | source : [email protected]
https://vuldb.com/?id.256051 | source : [email protected]

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2285

First published on : 08-03-2024 03:15:06
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-256052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2285
Source : [email protected]
CVSS Score : 3.5

References :
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-member-edit.php%20.md | source : [email protected]
https://vuldb.com/?ctiid.256052 | source : [email protected]
https://vuldb.com/?id.256052 | source : [email protected]

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2274

First published on : 08-03-2024 01:15:07
Last modified on : 09-03-2024 17:15:06

Description :
A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256043. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2274
Source : [email protected]
CVSS Score : 2.4

References :
https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk | source : [email protected]
https://vuldb.com/?ctiid.256043 | source : [email protected]
https://vuldb.com/?id.256043 | source : [email protected]

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2275

First published on : 08-03-2024 01:15:07
Last modified on : 09-03-2024 17:15:07

Description :
A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256044. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2275
Source : [email protected]
CVSS Score : 2.4

References :
https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk | source : [email protected]
https://vuldb.com/?ctiid.256044 | source : [email protected]
https://vuldb.com/?id.256044 | source : [email protected]

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2276

First published on : 08-03-2024 01:15:07
Last modified on : 08-03-2024 14:02:57

Description :
A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument Venue map leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256045 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2276
Source : [email protected]
CVSS Score : 2.4

References :
https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk | source : [email protected]
https://vuldb.com/?ctiid.256045 | source : [email protected]
https://vuldb.com/?id.256045 | source : [email protected]

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2364

First published on : 10-03-2024 23:15:54
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320.

CVE ID : CVE-2024-2364
Source : [email protected]
CVSS Score : 1.8

References :
https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Musicshelf_Manifest_issue.md | source : [email protected]
https://vuldb.com/?ctiid.256320 | source : [email protected]
https://vuldb.com/?id.256320 | source : [email protected]

Vulnerability : CWE-530

Vulnerability ID : CVE-2024-2365

First published on : 11-03-2024 00:15:17
Last modified on : 11-03-2024 01:32:29

Description :
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability.

CVE ID : CVE-2024-2365
Source : [email protected]
CVSS Score : 1.6

References :
https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Weak_Hashing_Algorithms.md | source : [email protected]
https://vuldb.com/?ctiid.256321 | source : [email protected]
https://vuldb.com/?id.256321 | source : [email protected]

Vulnerability : CWE-916

Source : ubuntu.com

Vulnerability ID : CVE-2024-2313

First published on : 10-03-2024 23:15:53
Last modified on : 11-03-2024 01:32:29

Description :
If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

CVE ID : CVE-2024-2313
Source : [email protected]
CVSS Score : 2.8

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313 | source : [email protected]
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 | source : [email protected]

Vulnerability ID : CVE-2024-2314

First published on : 10-03-2024 23:15:53
Last modified on : 11-03-2024 01:32:29

Description :
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

CVE ID : CVE-2024-2314
Source : [email protected]
CVSS Score : 2.8

References :
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314 | source : [email protected]
https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 | source : [email protected]

Source : github.com

Vulnerability ID : CVE-2024-25114

First published on : 11-03-2024 22:15:54
Last modified on : 11-03-2024 22:15:54

Description :
Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions of Collabora Online it is possible to use the CELL() function, with the "filename" argument, in the spreadsheet component to get a path which includes this JailID. The impact of this vulnerability in its own is low because it requires to be chained with another vulnerability. Users should upgrade to Collabora Online 23.05.9; Collabora Online 22.05.22; Collabora Online 21.11.10 or higher. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-25114
Source : [email protected]
CVSS Score : 2.6

References :
https://github.com/CollaboraOnline/online/security/advisories/GHSA-2fh2-ppjf-p3xv | source : [email protected]
https://github.com/LibreOffice/online/blob/master/wsd/README | source : [email protected]

Vulnerability : CWE-200

(183) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2024-25327

First published on : 08-03-2024 00:15:49
Last modified on : 08-03-2024 14:02:57

Description :
Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function.

CVE ID : CVE-2024-25327
Source : [email protected]
CVSS Score : /

References :
https://packetstormsecurity.com/files/177500/FullCourt-Enterprise-8.2-Cross-Site-Scripting.html | source : [email protected]

Vulnerability ID : CVE-2024-25729

First published on : 08-03-2024 00:15:50
Last modified on : 08-03-2024 14:02:57

Description :
Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.)

CVE ID : CVE-2024-25729
Source : [email protected]
CVSS Score : /

References :
https://github.com/actuator/cve/blob/main/Arris/CVE-2024-25729 | source : [email protected]
https://github.com/actuator/cve/blob/main/Arris/SBG6580.png | source : [email protected]
https://i.ebayimg.com/images/g/DhoAAOSwx0FbhhcN/s-l1600.jpg | source : [email protected]
https://i.ebayimg.com/images/g/z2oAAOSwO1pbQ9BS/s-l1600.jpg | source : [email protected]

Vulnerability ID : CVE-2019-6268

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.

CVE ID : CVE-2019-6268
Source : [email protected]
CVSS Score : /

References :
https://packetstormsecurity.com/files/177440/RAD-SecFlow-2-Path-Traversal.html | source : [email protected]
https://www.owasp.org/index.php/Path_Traversal | source : [email protected]

Vulnerability ID : CVE-2024-25845

First published on : 08-03-2024 02:15:50
Last modified on : 08-03-2024 14:02:57

Description :
In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.

CVE ID : CVE-2024-25845
Source : [email protected]
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/03/05/cdcustomfields4orders.html | source : [email protected]
https://www.cleanpresta.com | source : [email protected]

Vulnerability ID : CVE-2024-25848

First published on : 08-03-2024 02:15:50
Last modified on : 08-03-2024 14:02:57

Description :
In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.

CVE ID : CVE-2024-25848
Source : [email protected]
CVSS Score : /

References :
https://addons.prestashop.com/fr/seo-referencement-naturel/39489-ever-ultimate-seo.html | source : [email protected]
https://security.friendsofpresta.org/modules/2024/03/05/everpsseo.html | source : [email protected]
https://www.team-ever.com/prestashop-ever-ultimate-seo/ | source : [email protected]

Vulnerability ID : CVE-2024-25849

First published on : 08-03-2024 02:15:50
Last modified on : 08-03-2024 14:02:57

Description :
In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .

CVE ID : CVE-2024-25849
Source : [email protected]
CVSS Score : /

References :
https://addons.prestashop.com/en/price-management/19507-make-an-offer.html | source : [email protected]
https://security.friendsofpresta.org/modules/2024/03/05/makeanoffer.html | source : [email protected]

Vulnerability ID : CVE-2024-27612

First published on : 08-03-2024 06:15:52
Last modified on : 08-03-2024 14:02:57

Description :
Numbas editor before 7.3 mishandles editing of themes and extensions.

CVE ID : CVE-2024-27612
Source : [email protected]
CVSS Score : /

References :
https://github.com/numbas/Numbas | source : [email protected]
https://www.numbas.org.uk/blog/2024/03/development-update-march-2024/ | source : [email protected]

Vulnerability ID : CVE-2024-27613

First published on : 08-03-2024 06:15:52
Last modified on : 08-03-2024 14:02:57

Description :
Numbas editor before 7.3 mishandles reading of themes and extensions.

CVE ID : CVE-2024-27613
Source : [email protected]
CVSS Score : /

References :
https://github.com/numbas/Numbas | source : [email protected]
https://www.numbas.org.uk/blog/2024/03/development-update-march-2024/ | source : [email protected]

Vulnerability ID : CVE-2024-28753

First published on : 09-03-2024 00:15:59
Last modified on : 11-03-2024 01:32:39

Description :
RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request.

CVE ID : CVE-2024-28753
Source : [email protected]
CVSS Score : /

References :
https://dustri.org/b/carrot-disclosure.html | source : [email protected]

Vulnerability ID : CVE-2024-28754

First published on : 09-03-2024 00:15:59
Last modified on : 11-03-2024 01:32:39

Description :
RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request.

CVE ID : CVE-2024-28754
Source : [email protected]
CVSS Score : /

References :
https://dustri.org/b/carrot-disclosure.html | source : [email protected]

Vulnerability ID : CVE-2023-49340

First published on : 09-03-2024 05:15:08
Last modified on : 11-03-2024 01:32:39

Description :
An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal.

CVE ID : CVE-2023-49340
Source : [email protected]
CVSS Score : /

References :
https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-49340 | source : [email protected]

Vulnerability ID : CVE-2023-49341

First published on : 09-03-2024 05:15:08
Last modified on : 11-03-2024 01:32:39

Description :
An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component.

CVE ID : CVE-2023-49341
Source : [email protected]
CVSS Score : /

References :
https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-49341 | source : [email protected]

Vulnerability ID : CVE-2023-50015

First published on : 09-03-2024 05:15:08
Last modified on : 11-03-2024 01:32:39

Description :
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.

CVE ID : CVE-2023-50015
Source : [email protected]
CVSS Score : /

References :
https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015 | source : [email protected]

Vulnerability ID : CVE-2023-46426

First published on : 09-03-2024 06:15:50
Last modified on : 11-03-2024 01:32:39

Description :
Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.

CVE ID : CVE-2023-46426
Source : [email protected]
CVSS Score : /

References :
https://github.com/gpac/gpac/issues/2642 | source : [email protected]

Vulnerability ID : CVE-2023-46427

First published on : 09-03-2024 06:15:50
Last modified on : 11-03-2024 01:32:39

Description :
An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.

CVE ID : CVE-2023-46427
Source : [email protected]
CVSS Score : /

References :
https://github.com/gpac/gpac/issues/2641 | source : [email protected]

Vulnerability ID : CVE-2024-28089

First published on : 09-03-2024 07:15:09
Last modified on : 11-03-2024 01:32:29

Description :
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure.

CVE ID : CVE-2024-28089
Source : [email protected]
CVSS Score : /

References :
https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089 | source : [email protected]
https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC.gif | source : [email protected]
https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC_DOS_ALT.gif | source : [email protected]

Vulnerability ID : CVE-2024-25501

First published on : 09-03-2024 08:15:05
Last modified on : 11-03-2024 01:32:29

Description :
An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter.

CVE ID : CVE-2024-25501
Source : [email protected]
CVSS Score : /

References :
https://gist.github.com/Drun1baby/8270239bed2952dbd99cc8d4262728e8 | source : [email protected]

Vulnerability ID : CVE-2024-27698

First published on : 09-03-2024 23:15:49
Last modified on : 09-03-2024 23:15:49

Description :
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2024-27698
Source : [email protected]
CVSS Score : /

References :

Vulnerability ID : CVE-2024-28757

First published on : 10-03-2024 05:15:06
Last modified on : 11-03-2024 01:32:29

Description :
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

CVE ID : CVE-2024-28757
Source : [email protected]
CVSS Score : /

References :
https://github.com/libexpat/libexpat/issues/839 | source : [email protected]
https://github.com/libexpat/libexpat/pull/842 | source : [email protected]

Vulnerability ID : CVE-2024-28816

First published on : 11-03-2024 03:15:05
Last modified on : 11-03-2024 12:47:42

Description :
Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php.

CVE ID : CVE-2024-28816
Source : [email protected]
CVSS Score : /

References :
https://github.com/AaravRajSIngh/Chatbot/pull/10 | source : [email protected]

Vulnerability ID : CVE-2024-28823

First published on : 11-03-2024 05:15:05
Last modified on : 11-03-2024 12:47:42

Description :
Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.

CVE ID : CVE-2024-28823
Source : [email protected]
CVSS Score : /

References :
https://github.com/awslabs/aws-js-s3-explorer/commit/f62f12960d081895960d0dc6fde8364f25d651b6 | source : [email protected]
https://github.com/awslabs/aws-js-s3-explorer/issues/118 | source : [email protected]

Vulnerability ID : CVE-2022-46070

First published on : 11-03-2024 22:15:54
Last modified on : 11-03-2024 22:15:54

Description :
GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.

CVE ID : CVE-2022-46070
Source : [email protected]
CVSS Score : /

References :
https://s3.amazonaws.com/geovision_downloads/TechNotice/CyberSecurity/Security_Advistory_ASManager-ASM-2022-11.pdf | source : [email protected]

Vulnerability ID : CVE-2024-25854

First published on : 11-03-2024 22:15:55
Last modified on : 11-03-2024 22:15:55

Description :
Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket.

CVE ID : CVE-2024-25854
Source : [email protected]
CVSS Score : /

References :
https://github.com/hakkitoklu/hunt/blob/main/Insurance%20Management%20System%20PHP%20and%20MySQL%201.0/xss.md | source : [email protected]

Source : apple.com

Vulnerability ID : CVE-2023-28826

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.

CVE ID : CVE-2023-28826
Source : [email protected]
CVSS Score : /

References :
https://support.apple.com/en-us/HT213984 | source : [email protected]
https://support.apple.com/en-us/HT214082 | source : [email protected]
https://support.apple.com/en-us/HT214083 | source : [email protected]
https://support.apple.com/en-us/HT214085 | source : [email protected]
https://support.apple.com/kb/HT213984 | source : [email protected]

Vulnerability ID : CVE-2024-0258

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

CVE ID : CVE-2024-0258
Source : [email protected]
CVSS Score : /

Vulnerability ID : CVE-2024-23201

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service.

CVE ID : CVE-2024-23201
Source : [email protected]
CVSS Score : /

Vulnerability ID : CVE-2024-23205

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data.

CVE ID : CVE-2024-23205
Source : [email protected]
CVSS Score : /

References :
https://support.apple.com/en-us/HT214081 | source : [email protected]
https://support.apple.com/en-us/HT214084 | source : [email protected]

Vulnerability ID : CVE-2024-23216

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.

CVE ID : CVE-2024-23216
Source : [email protected]
CVSS Score : /

References :
https://support.apple.com/en-us/HT214083 | source : [email protected]
https://support.apple.com/en-us/HT214084 | source : [email protected]
https://support.apple.com/en-us/HT214085 | source : [email protected]

Vulnerability ID : CVE-2024-23220

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.

CVE ID : CVE-2024-23220
Source : [email protected]
CVSS Score : /

References :
https://support.apple.com/en-us/HT214081 | source : [email protected]
https://support.apple.com/en-us/HT214087 | source : [email protected]

Vulnerability ID : CVE-2024-23226

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.

CVE ID : CVE-2024-23226
Source : [email protected]
CVSS Score : /

References :
https://support.apple.com/en-us/HT214081 | source : [email protected]
https://support.apple.com/en-us/HT214084 | source : [email protected]
https://support.apple.com/en-us/HT214086 | source : [email protected]
https://support.apple.com/en-us/HT214087 | source : [email protected]
https://support.apple.com/en-us/HT214088 | source : [email protected]

Vulnerability ID : CVE-2024-23227

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to read sensitive location information.

CVE ID : CVE-2024-23227
Source : [email protected]
CVSS Score : /

Vulnerability ID : CVE-2024-23230

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data.

CVE ID : CVE-2024-23230
Source : [email protected]
CVSS Score : /

Vulnerability ID : CVE-2024-23231

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 19:15:07

Description :
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data.

CVE ID : CVE-2024-23231
Source : [email protected]
CVSS Score : /

References :
https://support.apple.com/en-us/HT214081 | source : [email protected]
https://support.apple.com/en-us/HT214082 | source : [email protected]
https://support.apple.com/en-us/HT214084 | source : [email protected]
https://support.apple.com/en-us/HT214085 | source : [email protected]
https://support.apple.com/en-us/HT214088 | source : [email protected]
https://support.apple.com/kb/HT214085 | source : [email protected]

Vulnerability ID : CVE-2024-23232

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen.

CVE ID : CVE-2024-23232
Source : [email protected]
CVSS Score : /

References :
https://support.apple.com/en-us/HT214084 | source : [email protected]

Vulnerability ID : CVE-2024-23233

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.

CVE ID : CVE-2024-23233
Source : [email protected]
CVSS Score : /

References :
https://support.apple.com/en-us/HT214084 | source : [email protected]

Vulnerability ID : CVE-2024-23234

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to execute arbitrary code with kernel privileges.

CVE ID : CVE-2024-23234
Source : [email protected]
CVSS Score : /

Vulnerability ID : CVE-2024-23235

First published on : 08-03-2024 02:15:47
Last modified on : 08-03-2024 14:02:57

Description :
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.

CVE ID : CVE-2024-23235
Source : [email protected]
CVSS Score : /

References :
https://support.apple.com/en-us/HT214081 | source : [email protected]
https://support.apple.com/en-us/HT214082 | source : [email protected]
https://support.apple.com/en-us/HT214084 | source : [email protected]
https://support.apple.com/en-us/HT214086 | source : [email protected]
https://support.apple.com/en-us/HT214087 | source : [email protected]
https://support.apple.com/en-us/HT214088 | source : [email protected]