Latest vulnerabilities [Sunday, March 24, 2024]

Latest vulnerabilities [Sunday, March 24, 2024]
{{titre}}

Last update performed on 03/24/2024 at 11:57:06 PM

(0) CRITICAL VULNERABILITIES [9.0, 10.0]

(7) HIGH VULNERABILITIES [7.0, 8.9]

Source : vuldb.com

Vulnerability ID : CVE-2024-2850

First published on : 24-03-2024 02:15:07
Last modified on : 24-03-2024 02:15:07

Description :
A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2850
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257774 | source : cna@vuldb.com
https://vuldb.com/?id.257774 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-2852

First published on : 24-03-2024 05:15:09
Last modified on : 24-03-2024 05:15:09

Description :
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2852
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257776 | source : cna@vuldb.com
https://vuldb.com/?id.257776 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-2855

First published on : 24-03-2024 06:15:11
Last modified on : 24-03-2024 06:15:11

Description :
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2855
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257779 | source : cna@vuldb.com
https://vuldb.com/?id.257779 | source : cna@vuldb.com

Vulnerability : CWE-121


Vulnerability ID : CVE-2024-2856

First published on : 24-03-2024 07:15:08
Last modified on : 24-03-2024 07:15:08

Description :
A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2856
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257780 | source : cna@vuldb.com
https://vuldb.com/?id.257780 | source : cna@vuldb.com

Vulnerability : CWE-121


Source : github.com

Vulnerability ID : CVE-2024-29194

First published on : 24-03-2024 19:15:07
Last modified on : 24-03-2024 19:15:07

Description :
OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This has been patched in 7.0.1815.

CVE ID : CVE-2024-29194
Source : security-advisories@github.com
CVSS Score : 8.3

References :
https://github.com/OneUptime/oneuptime/commit/14016d23d834038dd65d3a96cf71af04b556a32c | source : security-advisories@github.com
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq | source : security-advisories@github.com

Vulnerability : CWE-639


Vulnerability ID : CVE-2024-29188

First published on : 24-03-2024 20:15:08
Last modified on : 24-03-2024 20:15:08

Description :
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5.

CVE ID : CVE-2024-29188
Source : security-advisories@github.com
CVSS Score : 7.9

References :
https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg | source : security-advisories@github.com
https://github.com/wixtoolset/wix/commit/2e5960b575881567a8807e6b8b9c513138b19742 | source : security-advisories@github.com
https://github.com/wixtoolset/wix3/commit/93eeb5f6835776694021f66d4226c262c67d487a | source : security-advisories@github.com

Vulnerability : CWE-59


Vulnerability ID : CVE-2024-29187

First published on : 24-03-2024 20:15:08
Last modified on : 24-03-2024 20:15:08

Description :
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.

CVE ID : CVE-2024-29187
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r | source : security-advisories@github.com
https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7 | source : security-advisories@github.com
https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9 | source : security-advisories@github.com

Vulnerability : CWE-732


(5) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2024-29034

First published on : 24-03-2024 20:15:07
Last modified on : 24-03-2024 20:15:07

Description :
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.

CVE ID : CVE-2024-29034
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477 | source : security-advisories@github.com
https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw | source : security-advisories@github.com

Vulnerability : CWE-436
Vulnerability : CWE-79


Source : vuldb.com

Vulnerability ID : CVE-2024-2851

First published on : 24-03-2024 03:15:09
Last modified on : 24-03-2024 03:15:09

Description :
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2851
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257775 | source : cna@vuldb.com
https://vuldb.com/?id.257775 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-2853

First published on : 24-03-2024 05:15:10
Last modified on : 24-03-2024 05:15:10

Description :
A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2853
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257777 | source : cna@vuldb.com
https://vuldb.com/?id.257777 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2024-2854

First published on : 24-03-2024 06:15:08
Last modified on : 24-03-2024 06:15:08

Description :
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2854
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257778 | source : cna@vuldb.com
https://vuldb.com/?id.257778 | source : cna@vuldb.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2020-36825

First published on : 24-03-2024 12:15:08
Last modified on : 24-03-2024 12:15:08

Description :
A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability.

CVE ID : CVE-2020-36825
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/cyberaz0r/WebRAT/commit/0c394a795b9c10c07085361e6fcea286ee793701 | source : cna@vuldb.com
https://vuldb.com/?ctiid.257782 | source : cna@vuldb.com
https://vuldb.com/?id.257782 | source : cna@vuldb.com

Vulnerability : CWE-434


(0) LOW VULNERABILITIES [0.1, 3.9]

(4) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2018-25100

First published on : 24-03-2024 01:15:45
Last modified on : 24-03-2024 01:15:45

Description :
The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.

CVE ID : CVE-2018-25100
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149 | source : cve@mitre.org
https://github.com/mojolicious/mojo/issues/1185 | source : cve@mitre.org
https://github.com/mojolicious/mojo/pull/1192 | source : cve@mitre.org
https://metacpan.org/dist/Mojolicious/changes | source : cve@mitre.org


Vulnerability ID : CVE-2020-36827

First published on : 24-03-2024 01:15:45
Last modified on : 24-03-2024 01:15:45

Description :
The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.

CVE ID : CVE-2020-36827
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4 | source : cve@mitre.org
https://metacpan.org/dist/XAO-Web/changes | source : cve@mitre.org


Vulnerability ID : CVE-2024-30156

First published on : 24-03-2024 01:15:45
Last modified on : 24-03-2024 01:15:45

Description :
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.

CVE ID : CVE-2024-30156
Source : cve@mitre.org
CVSS Score : /

References :
https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security | source : cve@mitre.org
https://varnish-cache.org/security/VSV00014.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-30161

First published on : 24-03-2024 01:15:45
Last modified on : 24-03-2024 01:15:45

Description :
In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer.

CVE ID : CVE-2024-30161
Source : cve@mitre.org
CVSS Score : /

References :
https://codereview.qt-project.org/c/qt/qtbase/+/544314 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.