Latest vulnerabilities [Thursday, February 08, 2024]

Latest vulnerabilities [Thursday, February 08, 2024]
{{titre}}

Last update performed on 02/08/2024 at 11:57:05 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : wordfence.com

Vulnerability ID : CVE-2024-1207

First published on : 08-02-2024 09:15:46
Last modified on : 08-02-2024 13:44:21

Description :
The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2024-1207
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve | source : security@wordfence.com


(13) HIGH VULNERABILITIES [7.0, 8.9]

Source : usom.gov.tr

Vulnerability ID : CVE-2023-6515

First published on : 08-02-2024 10:15:11
Last modified on : 08-02-2024 13:44:21

Description :
Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M?A-MED allows Authentication Abuse.This issue affects M?A-MED: before 1.0.7.

CVE ID : CVE-2023-6515
Source : iletisim@usom.gov.tr
CVSS Score : 8.8

References :
https://www.usom.gov.tr/bildirim/tr-24-0087 | source : iletisim@usom.gov.tr

Vulnerability : CWE-639


Vulnerability ID : CVE-2023-6517

First published on : 08-02-2024 12:15:55
Last modified on : 08-02-2024 13:44:11

Description :
Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M?A-MED allows Collect Data as Provided by Users.This issue affects M?A-MED: before 1.0.7.

CVE ID : CVE-2023-6517
Source : iletisim@usom.gov.tr
CVSS Score : 7.5

References :
https://www.usom.gov.tr/bildirim/tr-24-0087 | source : iletisim@usom.gov.tr

Vulnerability : CWE-213


Vulnerability ID : CVE-2023-6518

First published on : 08-02-2024 12:15:55
Last modified on : 08-02-2024 13:44:11

Description :
Plaintext Storage of a Password vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.

CVE ID : CVE-2023-6518
Source : iletisim@usom.gov.tr
CVSS Score : 7.5

References :
https://www.usom.gov.tr/bildirim/tr-24-0087 | source : iletisim@usom.gov.tr

Vulnerability : CWE-256


Vulnerability ID : CVE-2023-6519

First published on : 08-02-2024 12:15:55
Last modified on : 08-02-2024 13:44:11

Description :
Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.

CVE ID : CVE-2023-6519
Source : iletisim@usom.gov.tr
CVSS Score : 7.5

References :
https://www.usom.gov.tr/bildirim/tr-24-0087 | source : iletisim@usom.gov.tr

Vulnerability : CWE-488


Source : f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Vulnerability ID : CVE-2024-0985

First published on : 08-02-2024 13:15:08
Last modified on : 08-02-2024 13:44:11

Description :
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability.

CVE ID : CVE-2024-0985
Source : f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
CVSS Score : 8.0

References :
https://www.postgresql.org/support/security/CVE-2024-0985/ | source : f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Vulnerability : CWE-271


Source : snowsoftware.com

Vulnerability ID : CVE-2024-1149

First published on : 08-02-2024 13:15:09
Last modified on : 08-02-2024 13:44:11

Description :
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.

CVE ID : CVE-2024-1149
Source : security@snowsoftware.com
CVSS Score : 7.8

References :
https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK | source : security@snowsoftware.com

Vulnerability : CWE-347


Vulnerability ID : CVE-2024-1150

First published on : 08-02-2024 13:15:09
Last modified on : 08-02-2024 13:44:11

Description :
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.

CVE ID : CVE-2024-1150
Source : security@snowsoftware.com
CVSS Score : 7.8

References :
https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK | source : security@snowsoftware.com

Vulnerability : CWE-347


Source : hashicorp.com

Vulnerability ID : CVE-2024-1329

First published on : 08-02-2024 20:15:52
Last modified on : 08-02-2024 21:03:22

Description :
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.

CVE ID : CVE-2024-1329
Source : security@hashicorp.com
CVSS Score : 7.7

References :
https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack | source : security@hashicorp.com

Vulnerability : CWE-610


Source : jci.com

Vulnerability ID : CVE-2024-0242

First published on : 08-02-2024 20:15:52
Last modified on : 08-02-2024 21:03:22

Description :
Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings.

CVE ID : CVE-2024-0242
Source : productsecurity@jci.com
CVSS Score : 7.3

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01 | source : productsecurity@jci.com
https://www.johnsoncontrols.com/cyber-solutions/security-advisories | source : productsecurity@jci.com

Vulnerability : CWE-200


Source : patchstack.com

Vulnerability ID : CVE-2024-24879

First published on : 08-02-2024 12:15:55
Last modified on : 08-02-2024 13:44:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.

CVE ID : CVE-2024-24879
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24881

First published on : 08-02-2024 12:15:56
Last modified on : 08-02-2024 13:44:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.

CVE ID : CVE-2024-24881
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24877

First published on : 08-02-2024 13:15:10
Last modified on : 08-02-2024 13:44:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9.

CVE ID : CVE-2024-24877
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/wonderplugin-slider-lite/wordpress-wonder-slider-lite-plugin-13-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24878

First published on : 08-02-2024 13:15:10
Last modified on : 08-02-2024 13:44:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1.

CVE ID : CVE-2024-24878
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/portugal-ctt-tracking-woocommerce/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


(17) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : gitlab.com

Vulnerability ID : CVE-2023-6564

First published on : 08-02-2024 12:15:55
Last modified on : 08-02-2024 13:44:11

Description :
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.

CVE ID : CVE-2023-6564
Source : cve@gitlab.com
CVSS Score : 6.5

References :
https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213 | source : cve@gitlab.com

Vulnerability : CWE-285


Source : patchstack.com

Vulnerability ID : CVE-2024-24880

First published on : 08-02-2024 12:15:56
Last modified on : 08-02-2024 13:44:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.

CVE ID : CVE-2024-24880
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24836

First published on : 08-02-2024 13:15:09
Last modified on : 08-02-2024 13:44:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6.

CVE ID : CVE-2024-24836
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/gdpr-data-request-form/wordpress-gdpr-data-request-form-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24871

First published on : 08-02-2024 13:15:10
Last modified on : 08-02-2024 13:44:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19.

CVE ID : CVE-2024-24871
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/blocksy/wordpress-blocksy-theme-2-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24886

First published on : 08-02-2024 11:15:08
Last modified on : 08-02-2024 13:44:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3.

CVE ID : CVE-2024-24886
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/aco-product-labels-for-woocommerce/wordpress-product-labels-for-woocommerce-sale-badges-plugin-1-5-3-authenticated-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24885

First published on : 08-02-2024 12:15:56
Last modified on : 08-02-2024 13:44:11

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê V?n To?n Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7.

CVE ID : CVE-2024-24885
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/woo-vietnam-checkout/wordpress-woocommerce-vietnam-checkout-plugin-2-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24834

First published on : 08-02-2024 14:15:43
Last modified on : 08-02-2024 18:42:36

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.

CVE ID : CVE-2024-24834
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Source : wordfence.com

Vulnerability ID : CVE-2023-5665

First published on : 08-02-2024 04:15:07
Last modified on : 08-02-2024 13:44:21

Description :
The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-5665
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/3.4.1/public/class-paystack-forms-public-for-old-themes.php#L1013 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/3.4.1/public/class-paystack-forms-public-for-old-themes.php#L1054 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/3.4.1/public/class-paystack-forms-public-for-old-themes.php#L1128 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/3.4.1/public/class-paystack-forms-public-for-old-themes.php#L1164 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/3.4.1/public/class-paystack-forms-public-for-old-themes.php#L1194 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/3.4.1/public/class-paystack-forms-public-for-old-themes.php#L958 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/3.4.1/public/class-paystack-forms-public-for-old-themes.php#L986 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/98f80608-f24f-4019-a757-de71cba9902f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0965

First published on : 08-02-2024 09:15:46
Last modified on : 08-02-2024 13:44:21

Description :
The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content.

CVE ID : CVE-2024-0965
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0511

First published on : 08-02-2024 06:15:51
Last modified on : 08-02-2024 13:44:21

Description :
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0511
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=cve | source : security@wordfence.com


Source : emc.com

Vulnerability ID : CVE-2024-22464

First published on : 08-02-2024 10:15:14
Last modified on : 08-02-2024 13:44:11

Description :
Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

CVE ID : CVE-2024-22464
Source : security_alert@emc.com
CVSS Score : 6.2

References :
https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-532


Source : snowsoftware.com

Vulnerability ID : CVE-2023-7169

First published on : 08-02-2024 13:15:08
Last modified on : 08-02-2024 13:44:11

Description :
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0

CVE ID : CVE-2023-7169
Source : security@snowsoftware.com
CVSS Score : 6.0

References :
https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK | source : security@snowsoftware.com

Vulnerability : CWE-290


Source : liferay.com

Vulnerability ID : CVE-2023-47798

First published on : 08-02-2024 03:15:07
Last modified on : 08-02-2024 03:29:33

Description :
Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.

CVE ID : CVE-2023-47798
Source : security@liferay.com
CVSS Score : 5.4

References :
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798 | source : security@liferay.com

Vulnerability : CWE-384


Vulnerability ID : CVE-2024-25148

First published on : 08-02-2024 04:15:08
Last modified on : 08-02-2024 13:44:21

Description :
In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.

CVE ID : CVE-2024-25148
Source : security@liferay.com
CVSS Score : 5.4

References :
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148 | source : security@liferay.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-25146

First published on : 08-02-2024 04:15:08
Last modified on : 08-02-2024 13:44:21

Description :
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.

CVE ID : CVE-2024-25146
Source : security@liferay.com
CVSS Score : 5.3

References :
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146 | source : security@liferay.com

Vulnerability : CWE-204


Vulnerability ID : CVE-2024-25144

First published on : 08-02-2024 04:15:07
Last modified on : 08-02-2024 13:44:21

Description :
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

CVE ID : CVE-2024-25144
Source : security@liferay.com
CVSS Score : 4.1

References :
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144 | source : security@liferay.com

Vulnerability : CWE-834


Source : redhat.com

Vulnerability ID : CVE-2024-1312

First published on : 08-02-2024 13:15:09
Last modified on : 08-02-2024 13:44:11

Description :
A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.

CVE ID : CVE-2024-1312
Source : secalert@redhat.com
CVSS Score : 5.1

References :
https://access.redhat.com/security/cve/CVE-2024-1312 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2225569 | source : secalert@redhat.com
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/memory.c?h=v6.8-rc3&id=657b5146955eba331e01b9a6ae89ce2e716ba306 | source : secalert@redhat.com

Vulnerability : CWE-416


(0) LOW VULNERABILITIES [0.1, 3.9]

(45) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-48974

First published on : 08-02-2024 01:15:26
Last modified on : 08-02-2024 03:29:33

Description :
Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.

CVE ID : CVE-2023-48974
Source : cve@mitre.org
CVSS Score : /

References :
https://www.axigen.com/mail-server/download/ | source : cve@mitre.org
https://www.axigen.com/updates/axigen-10.3.3.61 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24018

First published on : 08-02-2024 01:15:27
Last modified on : 08-02-2024 03:29:33

Description :
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list

CVE ID : CVE-2024-24018
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24018.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24023

First published on : 08-02-2024 01:15:27
Last modified on : 08-02-2024 03:29:33

Description :
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.

CVE ID : CVE-2024-24023
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24023.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24024

First published on : 08-02-2024 01:15:27
Last modified on : 08-02-2024 03:29:33

Description :
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.

CVE ID : CVE-2024-24024
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24024.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24025

First published on : 08-02-2024 01:15:27
Last modified on : 08-02-2024 03:29:33

Description :
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.

CVE ID : CVE-2024-24025
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24025.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24026

First published on : 08-02-2024 01:15:27
Last modified on : 08-02-2024 03:29:33

Description :
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.

CVE ID : CVE-2024-24026
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24026.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24350

First published on : 08-02-2024 01:15:27
Last modified on : 08-02-2024 03:29:33

Description :
File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.

CVE ID : CVE-2024-24350
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/viniciuspinheiros/4e53b297fd6466cf12d01867ee1c9c33 | source : cve@mitre.org
https://medium.com/%40viniciuspinheiros/e-sic-livre-2-0-authenticated-file-upload-leads-to-remote-code-execution-rce-5937c9537258 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24003

First published on : 08-02-2024 02:15:07
Last modified on : 08-02-2024 03:29:33

Description :
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.

CVE ID : CVE-2024-24003
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24003.txt | source : cve@mitre.org
https://github.com/jishenghua/jshERP/issues/99 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24014

First published on : 08-02-2024 02:15:07
Last modified on : 08-02-2024 03:29:33

Description :
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list

CVE ID : CVE-2024-24014
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24014.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24017

First published on : 08-02-2024 02:15:07
Last modified on : 08-02-2024 03:29:33

Description :
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list

CVE ID : CVE-2024-24017
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24017.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24021

First published on : 08-02-2024 02:15:07
Last modified on : 08-02-2024 03:29:33

Description :
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.

CVE ID : CVE-2024-24021
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24021.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24202

First published on : 08-02-2024 05:15:08
Last modified on : 08-02-2024 13:44:21

Description :
An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file.

CVE ID : CVE-2024-24202
Source : cve@mitre.org
CVSS Score : /

References :
https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24091

First published on : 08-02-2024 06:15:51
Last modified on : 08-02-2024 13:44:21

Description :
Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.

CVE ID : CVE-2024-24091
Source : cve@mitre.org
CVSS Score : /

References :
https://www.yealink.com/en/trust-center/security-advisories/2f2b990211c440cf | source : cve@mitre.org


Vulnerability ID : CVE-2024-24216

First published on : 08-02-2024 06:15:51
Last modified on : 08-02-2024 13:44:21

Description :
Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php.

CVE ID : CVE-2024-24216
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/easysoft/zentaopms/issues/133 | source : cve@mitre.org
https://github.com/l3s10n/ZenTaoPMS_RCE | source : cve@mitre.org


Vulnerability ID : CVE-2024-24034

First published on : 08-02-2024 09:15:46
Last modified on : 08-02-2024 13:44:21

Description :
Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code.

CVE ID : CVE-2024-24034
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ELIZEUOPAIN/CVE-2024-24034/tree/main | source : cve@mitre.org


Vulnerability ID : CVE-2024-24113

First published on : 08-02-2024 13:15:09
Last modified on : 08-02-2024 13:44:11

Description :
xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.

CVE ID : CVE-2024-24113
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/xuxueli/xxl-job/issues/3375 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47020

First published on : 08-02-2024 16:15:46
Last modified on : 08-02-2024 18:42:36

Description :
Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.

CVE ID : CVE-2023-47020
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020 | source : cve@mitre.org
https://youtu.be/pGB3LKdf64w | source : cve@mitre.org


Vulnerability ID : CVE-2023-42282

First published on : 08-02-2024 17:15:10
Last modified on : 08-02-2024 18:42:36

Description :
An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

CVE ID : CVE-2023-42282
Source : cve@mitre.org
CVSS Score : /

References :
https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-25189

First published on : 08-02-2024 17:15:10
Last modified on : 08-02-2024 18:42:36

Description :
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.

CVE ID : CVE-2024-25189
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25190

First published on : 08-02-2024 17:15:11
Last modified on : 08-02-2024 18:42:36

Description :
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.

CVE ID : CVE-2024-25190
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/P3ngu1nW/CVE_Request/blob/main/GlitchedPolygons%3Al8w8jwt.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-25191

First published on : 08-02-2024 17:15:11
Last modified on : 08-02-2024 18:42:36

Description :
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.

CVE ID : CVE-2024-25191
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/P3ngu1nW/CVE_Request/blob/main/cdoco%3Aphp-jwt.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-50061

First published on : 08-02-2024 18:15:08
Last modified on : 08-02-2024 18:42:36

Description :
PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher().

CVE ID : CVE-2023-50061
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/02/08/oparteasyredirect.html | source : cve@mitre.org
https://www.store-opart.fr/p/39-module-redirection-prestashop.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-24213

First published on : 08-02-2024 18:15:08
Last modified on : 08-02-2024 18:42:36

Description :
Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query.

CVE ID : CVE-2024-24213
Source : cve@mitre.org
CVSS Score : /

References :
https://app.flows.sh:8443/project/default%2C | source : cve@mitre.org
https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213 | source : cve@mitre.org
https://postfixadmin.ballardini.com.ar:8443/project/default/logs/explorer. | source : cve@mitre.org
https://reference1.example.com/project/default/logs/explorer%2C | source : cve@mitre.org


Vulnerability ID : CVE-2024-24321

First published on : 08-02-2024 18:15:08
Last modified on : 08-02-2024 18:42:36

Description :
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.

CVE ID : CVE-2024-24321
Source : cve@mitre.org
CVSS Score : /

References :
http://dir-816a2.com | source : cve@mitre.org
https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md | source : cve@mitre.org
https://www.dlink.com/ | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-22795

First published on : 08-02-2024 19:15:08
Last modified on : 08-02-2024 21:03:22

Description :
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.

CVE ID : CVE-2024-22795
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023 | source : cve@mitre.org
https://github.com/Hagrid29/ForeScout-SecureConnector-EoP | source : cve@mitre.org
https://www.forescout.com/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-23764

First published on : 08-02-2024 19:15:08
Last modified on : 08-02-2024 21:03:22

Description :
Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later.

CVE ID : CVE-2024-23764
Source : cve@mitre.org
CVSS Score : /

References :
https://www.withsecure.com/en/support/security-advisories | source : cve@mitre.org
https://www.withsecure.com/en/support/security-advisories/cve-2024-23764 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24215

First published on : 08-02-2024 19:15:08
Last modified on : 08-02-2024 21:03:22

Description :
An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.

CVE ID : CVE-2024-24215
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24215 | source : cve@mitre.org
https://reference3.example.com//1.222.228.4/%2C | source : cve@mitre.org
https://reference4.example.com | source : cve@mitre.org


Vulnerability ID : CVE-2024-22836

First published on : 08-02-2024 20:15:52
Last modified on : 08-02-2024 21:03:22

Description :
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.

CVE ID : CVE-2024-22836
Source : cve@mitre.org
CVSS Score : /

References :
https://akaunting.com/ | source : cve@mitre.org
https://github.com/akaunting/akaunting/releases/tag/3.1.4 | source : cve@mitre.org
https://github.com/u32i/cve/tree/main/CVE-2024-22836 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23660

First published on : 08-02-2024 20:15:52
Last modified on : 08-02-2024 21:03:22

Description :
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.

CVE ID : CVE-2024-23660
Source : cve@mitre.org
CVSS Score : /

References :
https://milksad.info/posts/research-update-5/ | source : cve@mitre.org
https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-24115

First published on : 08-02-2024 20:15:52
Last modified on : 08-02-2024 21:03:22

Description :
A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE ID : CVE-2024-24115
Source : cve@mitre.org
CVSS Score : /

References :
https://mechaneus.github.io/CVE-PENDING-COTONTI.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-23756

First published on : 08-02-2024 21:15:08
Last modified on : 08-02-2024 21:15:08

Description :
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.

CVE ID : CVE-2024-23756
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24494

First published on : 08-02-2024 21:15:08
Last modified on : 08-02-2024 21:15:08

Description :
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.

CVE ID : CVE-2024-24494
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/DailyHabitTracker-Stored_XSS.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24495

First published on : 08-02-2024 21:15:08
Last modified on : 08-02-2024 21:15:08

Description :
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.

CVE ID : CVE-2024-24495
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/DailyHabitTracker-SQL_Injection.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24496

First published on : 08-02-2024 21:15:08
Last modified on : 08-02-2024 21:15:08

Description :
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.

CVE ID : CVE-2024-24496
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/DailyHabitTracker-Broken_Access_Control.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24497

First published on : 08-02-2024 21:15:08
Last modified on : 08-02-2024 21:15:08

Description :
SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components.

CVE ID : CVE-2024-24497
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-SQL_Injection_Admin_Login.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24498

First published on : 08-02-2024 21:15:08
Last modified on : 08-02-2024 21:15:08

Description :
Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component.

CVE ID : CVE-2024-24498
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-Unauthenticated_Unrestricted_File_Upload_To_RCE.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24499

First published on : 08-02-2024 21:15:08
Last modified on : 08-02-2024 21:15:08

Description :
SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component.

CVE ID : CVE-2024-24499
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-SQL_Injection_Admin_Update_Profile.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-25365

First published on : 08-02-2024 22:15:08
Last modified on : 08-02-2024 22:15:08

Description :
Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3

CVE ID : CVE-2023-25365
Source : cve@mitre.org
CVSS Score : /

References :
https://cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7 | source : cve@mitre.org


Vulnerability ID : CVE-2023-27001

First published on : 08-02-2024 22:15:08
Last modified on : 08-02-2024 22:15:08

Description :
An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation.

CVE ID : CVE-2023-27001
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-27001.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-40265

First published on : 08-02-2024 22:15:08
Last modified on : 08-02-2024 22:15:08

Description :
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload.

CVE ID : CVE-2023-40265
Source : cve@mitre.org
CVSS Score : /

References :
https://networks.unify.com/security/advisories/OBSO-2305-03.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-40266

First published on : 08-02-2024 22:15:08
Last modified on : 08-02-2024 22:15:08

Description :
An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal.

CVE ID : CVE-2023-40266
Source : cve@mitre.org
CVSS Score : /

References :
https://networks.unify.com/security/advisories/OBSO-2305-03.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2023-49101

First published on : 08-02-2024 22:15:08
Last modified on : 08-02-2024 22:15:08

Description :
WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates.

CVE ID : CVE-2023-49101
Source : cve@mitre.org
CVSS Score : /

References :
https://www.axigen.com/kb/show/400 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24393

First published on : 08-02-2024 22:15:09
Last modified on : 08-02-2024 22:15:09

Description :
File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.

CVE ID : CVE-2024-24393
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zyx0814/Pichome/issues/24 | source : cve@mitre.org


Source : sonicwall.com

Vulnerability ID : CVE-2024-22394

First published on : 08-02-2024 02:15:07
Last modified on : 08-02-2024 03:29:33

Description :
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040.

CVE ID : CVE-2024-22394
Source : PSIRT@sonicwall.com
CVSS Score : /

References :
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003 | source : PSIRT@sonicwall.com

Vulnerability : CWE-287


Source : apache.org

Vulnerability ID : CVE-2024-23452

First published on : 08-02-2024 09:15:46
Last modified on : 08-02-2024 14:15:42

Description :
Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518

CVE ID : CVE-2024-23452
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/02/08/1 | source : security@apache.org
https://github.com/apache/brpc/pull/2518 | source : security@apache.org
https://github.com/apache/brpc/releases/tag/1.8.0 | source : security@apache.org
https://lists.apache.org/thread/kkvdpwyr2s2yt9qvvxfdzon012898vxd | source : security@apache.org

Vulnerability : CWE-444


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.