Latest vulnerabilities [Thursday, February 29, 2024]

Latest vulnerabilities [Thursday, February 29, 2024]
{{titre}}

Last update performed on 02/29/2024 at 11:57:08 PM

(4) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : wordfence.com

Vulnerability ID : CVE-2024-1981

First published on : 29-02-2024 07:15:06
Last modified on : 29-02-2024 13:49:29

Description :
The Migration, Backup, Staging โ€“ WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2024-1981
Source : security@wordfence.com
CVSS Score : 9.8

References :
https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839 | source : security@wordfence.com
https://research.hisolutions.com/2024/01/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ef8bfb38-4f20-4f9f-bb30-a88f3be2d2d3?source=cve | source : security@wordfence.com


Source : github.com

Vulnerability ID : CVE-2024-23328

First published on : 29-02-2024 01:44:08
Last modified on : 29-02-2024 13:49:29

Description :
Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java.` The blacklist of mysql jdbc attacks can be bypassed and attackers can further exploit it for deserialized execution or reading arbitrary files. This vulnerability is patched in 1.18.15 and 2.3.0.

CVE ID : CVE-2024-23328
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/dataease/dataease/commit/4128adf5fc4592b55fa1722a53b178967545d46a | source : security-advisories@github.com
https://github.com/dataease/dataease/commit/bb540e6dc83df106ac3253f331066129a7487d1a | source : security-advisories@github.com
https://github.com/dataease/dataease/security/advisories/GHSA-8x8q-p622-jf25 | source : security-advisories@github.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2024-25128

First published on : 29-02-2024 01:44:14
Last modified on : 29-02-2024 13:49:29

Description :
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability.

CVE ID : CVE-2024-25128
Source : security-advisories@github.com
CVSS Score : 9.1

References :
https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8 | source : security-advisories@github.com
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj | source : security-advisories@github.com

Vulnerability : CWE-287


Source : patchstack.com

Vulnerability ID : CVE-2023-6090

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 7.3.11.

CVE ID : CVE-2023-6090
Source : audit@patchstack.com
CVSS Score : 9.1

References :
https://patchstack.com/database/vulnerability/mollie-payments-for-woocommerce/wordpress-mollie-payments-for-woocommerce-plugin-7-3-11-arbitrary-file-upload-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-434


(24) HIGH VULNERABILITIES [7.0, 8.9]

Source : wordfence.com

Vulnerability ID : CVE-2024-1206

First published on : 29-02-2024 01:43:43
Last modified on : 29-02-2024 13:49:29

Description :
The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2024-1206
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/class-wprm-import-manager.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-mealplannerpro.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-recipecard.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-wpzoom.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-wpzoomcpt.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-yummly.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b10d8f8a-517f-4286-b501-0ca040529362?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1317

First published on : 29-02-2024 01:43:47
Last modified on : 29-02-2024 13:49:29

Description :
The RSS Aggregator by Feedzy โ€“ Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the โ€˜search_keyโ€™ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2024-1317
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-import.php#L2623 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3033749/feedzy-rss-feeds/tags/4.4.3/includes/admin/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cf57aeaa-e37e-4b22-aeaa-f0a9f4877484?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1468

First published on : 29-02-2024 04:15:06
Last modified on : 29-02-2024 13:49:29

Description :
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVE ID : CVE-2024-1468
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://avada.com/documentation/avada-changelog/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cde6e758-9723-43f2-9972-32be8aeb2b91?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1217

First published on : 29-02-2024 01:43:43
Last modified on : 29-02-2024 13:49:29

Description :
The Contact Form builder with drag & drop for WordPress โ€“ Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.

CVE ID : CVE-2024-1217
Source : security@wordfence.com
CVSS Score : 7.6

References :
https://plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7be75b0a-737d-4f0d-b024-e207af4573cd?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0702

First published on : 29-02-2024 01:43:25
Last modified on : 29-02-2024 13:49:29

Description :
The Oliver POS โ€“ A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more.

CVE ID : CVE-2024-0702
Source : security@wordfence.com
CVSS Score : 7.3

References :
https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve | source : security@wordfence.com


Source : cisco.com

Vulnerability ID : CVE-2024-20267

First published on : 29-02-2024 01:43:58
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition. Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.

CVE ID : CVE-2024-20267
Source : ykramarz@cisco.com
CVSS Score : 8.6

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-mpls-dos-R9ycXkwM | source : ykramarz@cisco.com

Vulnerability : CWE-120


Vulnerability ID : CVE-2024-20321

First published on : 29-02-2024 01:43:59
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.

CVE ID : CVE-2024-20321
Source : ykramarz@cisco.com
CVSS Score : 8.6

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ | source : ykramarz@cisco.com

Vulnerability : CWE-400


Source : us.ibm.com

Vulnerability ID : CVE-2023-25921

First published on : 29-02-2024 01:38:24
Last modified on : 29-02-2024 13:49:47

Description :
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620.

CVE ID : CVE-2023-25921
Source : psirt@us.ibm.com
CVSS Score : 8.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/247620 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/6964516 | source : psirt@us.ibm.com

Vulnerability : CWE-434


Source : github.com

Vulnerability ID : CVE-2024-26131

First published on : 29-02-2024 01:44:17
Last modified on : 29-02-2024 13:49:29

Description :
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.

CVE ID : CVE-2024-26131
Source : security-advisories@github.com
CVSS Score : 8.4

References :
https://element.io/blog/security-release-element-android-1-6-12 | source : security-advisories@github.com
https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9 | source : security-advisories@github.com
https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm | source : security-advisories@github.com
https://support.google.com/faqs/answer/9267555?hl=en | source : security-advisories@github.com

Vulnerability : CWE-923
Vulnerability : CWE-940


Vulnerability ID : CVE-2024-27284

First published on : 29-02-2024 01:44:19
Last modified on : 29-02-2024 13:49:29

Description :
cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0.

CVE ID : CVE-2024-27284
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7 | source : security-advisories@github.com
https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq | source : security-advisories@github.com

Vulnerability : CWE-416


Source : honeywell.com

Vulnerability ID : CVE-2023-1841

First published on : 29-02-2024 06:15:45
Last modified on : 29-02-2024 13:49:29

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versions correct the reported vulnerability.

CVE ID : CVE-2023-1841
Source : psirt@honeywell.com
CVSS Score : 8.1

References :
https://buildings.honeywell.com/us/en/brands/our-brands/security/support-and-resources/product-resources/eol-and-security-notices | source : psirt@honeywell.com
https://https://www.honeywell.com/us/en/product-security | source : psirt@honeywell.com

Vulnerability : CWE-79


Source : adobe.com

Vulnerability ID : CVE-2024-20765

First published on : 29-02-2024 17:15:07
Last modified on : 29-02-2024 18:06:42

Description :
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2024-20765
Source : psirt@adobe.com
CVSS Score : 7.8

References :
https://helpx.adobe.com/security/products/acrobat/apsb24-07.html | source : psirt@adobe.com

Vulnerability : CWE-416


Source : hq.dhs.gov

Vulnerability ID : CVE-2024-1595

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.

CVE ID : CVE-2024-1595
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-053-01 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-427


Vulnerability ID : CVE-2023-6132

First published on : 29-02-2024 18:15:16
Last modified on : 29-02-2024 18:15:16

Description :
The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.

CVE ID : CVE-2023-6132
Source : ics-cert@hq.dhs.gov
CVSS Score : 7.3

References :
https://www.aveva.com/en/support-and-success/cyber-security-updates/ | source : ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-03 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-427


Source : zephyrproject.org

Vulnerability ID : CVE-2023-6881

First published on : 29-02-2024 01:42:46
Last modified on : 29-02-2024 13:49:47

Description :
Possible buffer overflow in is_mount_point

CVE ID : CVE-2023-6881
Source : vulnerabilities@zephyrproject.org
CVSS Score : 7.3

References :
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mh67-4h3q-p437 | source : vulnerabilities@zephyrproject.org

Vulnerability : CWE-120


Source : vuldb.com

Vulnerability ID : CVE-2023-7107

First published on : 29-02-2024 01:42:53
Last modified on : 29-02-2024 13:49:47

Description :
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file user_signup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attack may be launched remotely. VDB-249002 is the identifier assigned to this vulnerability.

CVE ID : CVE-2023-7107
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%203.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249002 | source : cna@vuldb.com
https://vuldb.com/?id.249002 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7109

First published on : 29-02-2024 01:42:54
Last modified on : 29-02-2024 13:49:47

Description :
A vulnerability classified as critical was found in code-projects Library Management System 2.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249004.

CVE ID : CVE-2023-7109
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-1.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249004 | source : cna@vuldb.com
https://vuldb.com/?id.249004 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7110

First published on : 29-02-2024 01:42:54
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249005 was assigned to this vulnerability.

CVE ID : CVE-2023-7110
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-2.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249005 | source : cna@vuldb.com
https://vuldb.com/?id.249005 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-1971

First published on : 29-02-2024 01:43:57
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument password with the input nochizplz'+or+1%3d1+limit+1%23 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255127.

CVE ID : CVE-2024-1971
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SQL%20Injection%20Auth.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.255127 | source : cna@vuldb.com
https://vuldb.com/?id.255127 | source : cna@vuldb.com

Vulnerability : CWE-89


Source : opentext.com

Vulnerability ID : CVE-2024-1470

First published on : 29-02-2024 01:43:51
Last modified on : 29-02-2024 13:49:29

Description :
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.

CVE ID : CVE-2024-1470
Source : security@opentext.com
CVSS Score : 7.1

References :
https://portal.microfocus.com/s/article/KM000026667?language=en_US | source : security@opentext.com

Vulnerability : CWE-639


Source : patchstack.com

Vulnerability ID : CVE-2023-50905

First published on : 29-02-2024 06:15:45
Last modified on : 29-02-2024 13:49:29

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.

CVE ID : CVE-2023-50905
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/wp-security-audit-log/wordpress-wp-activity-log-plugin-plugin-4-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-1437

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josรฉ Fernandez Adsmonetizer allows Reflected XSS.This issue affects Adsmonetizer: from n/a through 3.1.2.

CVE ID : CVE-2024-1437
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/adsensei-b30/wordpress-adsmonetizer-plugin-3-1-2-reflected-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-21752

First published on : 29-02-2024 06:15:47
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

CVE ID : CVE-2024-21752
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-25093

First published on : 29-02-2024 06:15:47
Last modified on : 29-02-2024 13:49:29

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5.

CVE ID : CVE-2024-25093
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/gd-rating-system/wordpress-gd-rating-system-plugin-3-5-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


(139) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : cisco.com

Vulnerability ID : CVE-2024-20294

First published on : 29-02-2024 01:43:59
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

CVE ID : CVE-2024-20294
Source : ykramarz@cisco.com
CVSS Score : 6.6

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt | source : ykramarz@cisco.com

Vulnerability : CWE-805


Vulnerability ID : CVE-2024-20291

First published on : 29-02-2024 01:43:59
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.

CVE ID : CVE-2024-20291
Source : ykramarz@cisco.com
CVSS Score : 5.8

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL | source : ykramarz@cisco.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-20344

First published on : 29-02-2024 01:43:59
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.

CVE ID : CVE-2024-20344
Source : ykramarz@cisco.com
CVSS Score : 5.3

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfi-imm-syn-p6kZTDQC | source : ykramarz@cisco.com

Vulnerability : CWE-400


Source : wordfence.com

Vulnerability ID : CVE-2024-1043

First published on : 29-02-2024 01:43:38
Last modified on : 29-02-2024 13:49:29

Description :
The AMP for WP โ€“ Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site.

CVE ID : CVE-2024-1043
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.93.1/pagebuilder/inc/adminAjaxContents.php#L134 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3030425/accelerated-mobile-pages/tags/1.0.93.2/pagebuilder/inc/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php | source : security@wordfence.com
https://wordpress.org/plugins/accelerated-mobile-pages/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1318

First published on : 29-02-2024 01:43:47
Last modified on : 29-02-2024 13:49:29

Description :
The RSS Aggregator by Feedzy โ€“ Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with Contributor access and above, who are normally restricted to only being able to create posts rather than pages, to draft and publish posts with arbitrary content.

CVE ID : CVE-2024-1318
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-admin.php#L1053 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-import.php#L1022 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3033749/feedzy-rss-feeds/tags/4.4.3/includes/admin/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/181edcec-a57d-4516-935d-6777d2de77ae?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1519

First published on : 29-02-2024 01:43:52
Last modified on : 29-02-2024 13:49:29

Description :
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content โ€“ ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires a member listing page to be active and using the Gerbera theme.

CVE ID : CVE-2024-1519
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/browser/wp-user-avatar/trunk/src/Themes/DragDrop/MemberDirectory/Gerbera.php#L93 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1982

First published on : 29-02-2024 07:15:07
Last modified on : 29-02-2024 13:49:29

Description :
The Migration, Backup, Staging โ€“ WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.

CVE ID : CVE-2024-1982
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839 | source : security@wordfence.com
https://research.hisolutions.com/2024/01/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4f17976e-d6b9-40fb-b2fb-d60bcfd68d12?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6806

First published on : 29-02-2024 01:42:45
Last modified on : 29-02-2024 13:49:47

Description :
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6806
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3029599/starbox | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1f413fc2-8543-4478-987d-d983581027bf?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0438

First published on : 29-02-2024 01:43:11
Last modified on : 29-02-2024 13:49:29

Description :
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0438
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/assets/js/happy-addons.js#L991 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/extensions/wrapper-link.php#L50 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0442

First published on : 29-02-2024 01:43:12
Last modified on : 29-02-2024 13:49:29

Description :
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0442
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/advanced-slider/widgets/wpr-advanced-slider.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fadvanced-slider%2Fwidgets%2Fwpr-advanced-slider.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/dual-button/widgets/wpr-dual-button.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fdual-button%2Fwidgets%2Fwpr-dual-button.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/pricing-table/widgets/pricing-table.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fpricing-table%2Fwidgets%2Fpricing-table.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?old_path=/royal-elementor-addons/tags/1.3.87&new_path=/royal-elementor-addons/tags/1.3.88&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/256b4818-290b-4660-8e83-c18b068a8959?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0506

First published on : 29-02-2024 01:43:17
Last modified on : 29-02-2024 13:49:29

Description :
The Elementor Website Builder โ€“ More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2024-0506
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/groups/image-size.php#L119 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/media.php#L381 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3024999/elementor/trunk/includes/controls/groups/image-size.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-40f5-b92b-167f76b17332?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0792

First published on : 29-02-2024 01:43:29
Last modified on : 29-02-2024 13:49:29

Description :
The WP Shortcodes Plugin โ€” Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0792
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L49 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L78 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3026377/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0838

First published on : 29-02-2024 01:43:29
Last modified on : 29-02-2024 13:49:29

Description :
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0838
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/widgets/age-gate/widget.php#L2121 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1054

First published on : 29-02-2024 01:43:38
Last modified on : 29-02-2024 13:49:29

Description :
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1054
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034358%40woocommerce-jetpack&new=3034358%40woocommerce-jetpack&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b86c45-c346-4df7-844e-01de027bbc1e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1058

First published on : 29-02-2024 01:43:38
Last modified on : 29-02-2024 13:49:29

Description :
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 1.58.3 offers a partial fix.

CVE ID : CVE-2024-1058
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.58.2/widgets/button/tpl/default.php#L22 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.58.3/base/base.php#L404 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033967%40so-widgets-bundle%2Ftrunk&old=3031864%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ffeb766f-3684-4eec-bacb-bbf0d434aba0?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1070

First published on : 29-02-2024 01:43:39
Last modified on : 29-02-2024 13:49:29

Description :
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1070
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/so-widgets-bundle/widgets/features/tpl/default.php#L26 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a8b6dafb-7b2f-4459-95bd-eb7e147a4466?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1235

First published on : 29-02-2024 01:43:44
Last modified on : 29-02-2024 13:49:29

Description :
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1235
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/device-slider/loop.php#L33 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032737%40addons-for-elementor%2Ftrunk&old=3026261%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/70bda4b7-e442-4956-b3cb-8df96043bcde?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1236

First published on : 29-02-2024 01:43:44
Last modified on : 29-02-2024 13:49:29

Description :
The Essential Addons for Elementor โ€“ Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1236
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3259 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3261 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3034127/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1242

First published on : 29-02-2024 01:43:44
Last modified on : 29-02-2024 13:49:29

Description :
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1242
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035504%40premium-addons-for-elementor%2Ftrunk&old=3025571%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1026b753-e82b-4fa3-9023-c36ab9863b29?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1276

First published on : 29-02-2024 01:43:46
Last modified on : 29-02-2024 13:49:29

Description :
The Essential Addons for Elementor โ€“ Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1276
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.8/includes/Elements/Content_Ticker.php#L815 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/af8bee01-15bc-485e-8b01-8b68b199b34d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1277

First published on : 29-02-2024 01:43:46
Last modified on : 29-02-2024 13:49:29

Description :
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1277
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/post-settings/apply-settings.php#L750 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/post-settings/apply-settings.php#L756 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035534%40ocean-extra%2Ftrunk&old=3008053%40ocean-extra%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5458e3bf-fd91-4201-8157-572eb1126aaf?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1282

First published on : 29-02-2024 01:43:46
Last modified on : 29-02-2024 13:49:29

Description :
The Email Encoder โ€“ Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1282
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.2.0/core/includes/classes/class-email-encoder-bundle-helpers.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.2.0/core/includes/classes/class-email-encoder-bundle-run.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.2.0/core/includes/classes/class-email-encoder-bundle-validate.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033889%40email-encoder-bundle%2Ftrunk&old=3020142%40email-encoder-bundle%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/78da1f88-2446-4ea5-9437-a118324ab6c2?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1349

First published on : 29-02-2024 01:43:48
Last modified on : 29-02-2024 13:49:29

Description :
The EmbedPress โ€“ Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1349
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.8/EmbedPress/Shortcode.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/631d200f-7b0b-4105-b91e-030af459ba99?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1408

First published on : 29-02-2024 01:43:49
Last modified on : 29-02-2024 13:49:29

Description :
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content โ€“ ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as 'type'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1408
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/sr/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L524 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6e50081f-6658-4cc7-bf0a-d04464820926?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1411

First published on : 29-02-2024 01:43:50
Last modified on : 29-02-2024 13:49:29

Description :
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1411
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3035790/powerpack-lite-for-elementor | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/64480862-c076-4ea9-a03b-9aed81f876d5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1425

First published on : 29-02-2024 01:43:50
Last modified on : 29-02-2024 13:49:29

Description :
The EmbedPress โ€“ Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1425
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.8/EmbedPress/Elementor/Widgets/Embedpress_Calendar.php#L314 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4568c8-f58c-4c37-94b9-6154e5c46928?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1445

First published on : 29-02-2024 01:43:50
Last modified on : 29-02-2024 13:49:29

Description :
The Page scroll to id plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1445
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/page-scroll-to-id/tags/1.7.8/includes/malihu-pagescroll2id-shortcodes-php52.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/page-scroll-to-id/tags/1.7.8/includes/malihu-pagescroll2id-shortcodes.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035333%40page-scroll-to-id%2Ftrunk&old=3034857%40page-scroll-to-id%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c0d5f034-fd8b-456a-b44a-7d82db3a16a0?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1447

First published on : 29-02-2024 01:43:50
Last modified on : 29-02-2024 13:49:29

Description :
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1447
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L679 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L692 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035233%40sydney-toolbox%2Ftrunk&old=2980978%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1448

First published on : 29-02-2024 01:43:51
Last modified on : 29-02-2024 13:49:29

Description :
The Social Sharing Plugin โ€“ Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1448
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/sassy-social-share/tags/3.3.56/includes/class-sassy-social-share-shortcodes.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038227%40sassy-social-share%2Ftrunk&old=2996153%40sassy-social-share%2Ftrunk&sfp_email=&sfph_mail=#file8 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/1c2f4b74-2568-4e5a-b55f-0130096bc19f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1496

First published on : 29-02-2024 01:43:52
Last modified on : 29-02-2024 13:49:29

Description :
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1496
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/featured-image-from-url/tags/4.6.2/elementor/widgets/widget.php#L49 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037479%40featured-image-from-url%2Ftrunk&old=3034300%40featured-image-from-url%2Ftrunk&sfp_email=&sfph_mail=#file9 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7d1ea1c5-6a9e-4b77-bfdf-62e50d4a4c03?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1570

First published on : 29-02-2024 01:43:52
Last modified on : 29-02-2024 13:49:29

Description :
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content โ€“ ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1570
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/LoginFormBuilder.php#L99 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/46d4d573-3845-4d20-8a48-a2f28850383c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1586

First published on : 29-02-2024 01:43:52
Last modified on : 29-02-2024 13:49:29

Description :
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber.

CVE ID : CVE-2024-1586
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?old_path=/schema-and-structured-data-for-wp/tags/1.26&old=3038020&new_path=/schema-and-structured-data-for-wp/tags/1.27&new=3038020&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7e6ea7-4e0b-4d8a-9306-45b55d41fbb5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6923

First published on : 29-02-2024 01:42:49
Last modified on : 29-02-2024 13:49:47

Description :
The Matomo Analytics โ€“ Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-6923
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031495%40matomo&new=3031495%40matomo&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0590

First published on : 29-02-2024 01:43:22
Last modified on : 29-02-2024 13:49:29

Description :
The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0590
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036293%40microsoft-clarity&new=3036293%40microsoft-clarity&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f4461b-1373-4d09-8430-14d1961e1644?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0821

First published on : 29-02-2024 01:43:29
Last modified on : 29-02-2024 13:49:29

Description :
The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2024-0821
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037232%40cost-of-goods-for-woocommerce&new=3037232%40cost-of-goods-for-woocommerce&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6565

First published on : 29-02-2024 01:42:39
Last modified on : 29-02-2024 13:49:47

Description :
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process.

CVE ID : CVE-2023-6565
Source : security@wordfence.com
CVSS Score : 5.9

References :
https://plugins.trac.wordpress.org/changeset/3007309/iwp-client | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2fdc32a4-adf8-4174-924b-5d0b763d010c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1978

First published on : 29-02-2024 07:15:06
Last modified on : 29-02-2024 13:49:29

Description :
The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVE ID : CVE-2024-1978
Source : security@wordfence.com
CVSS Score : 5.5

References :
https://github.com/akirk/friends/pull/290 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036987%40friends&new=3036987%40friends&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/72e1fbce-86ae-4518-a613-7c322193acf4?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1128

First published on : 29-02-2024 01:43:40
Last modified on : 29-02-2024 13:49:29

Description :
The Tutor LMS โ€“ eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student access and above, to inject arbitrary HTML onto a site, though it does not allow Cross-Site Scripting

CVE ID : CVE-2024-1128
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/changeset/3037911/tutor/tags/2.6.1/classes/Q_and_A.php?old=2827221&old_path=tutor/trunk/classes/Q_and_A.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/22420c2d-788c-4577-ae54-7b48f6063f5d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1171

First published on : 29-02-2024 01:43:41
Last modified on : 29-02-2024 13:49:29

Description :
The Essential Addons for Elementor โ€“ Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1171
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/changeset/3034127/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/fafdd087-9637-41df-bc5a-97e1a02ea744?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1172

First published on : 29-02-2024 01:43:41
Last modified on : 29-02-2024 13:49:29

Description :
The Essential Addons for Elementor โ€“ Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1172
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.7/includes/Elements/Adv_Accordion.php#L1227 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.7/includes/Elements/Adv_Accordion.php#L1292 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ff2cc6-b584-442b-890b-033a0a047c24?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1340

First published on : 29-02-2024 01:43:48
Last modified on : 29-02-2024 13:49:29

Description :
The Login Lockdown โ€“ Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist.

CVE ID : CVE-2024-1340
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/login-lockdown/trunk/libs/functions.php#L492 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033542%40login-lockdown%2Ftrunk&old=3027788%40login-lockdown%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/34021007-b5d3-479b-a0d4-50e301f22c9c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0516

First published on : 29-02-2024 01:43:18
Last modified on : 29-02-2024 13:49:29

Description :
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata.

CVE ID : CVE-2024-0516
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0616

First published on : 29-02-2024 01:43:23
Last modified on : 29-02-2024 13:49:29

Description :
The Passster โ€“ Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.

CVE ID : CVE-2024-0616
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0620

First published on : 29-02-2024 01:43:23
Last modified on : 29-02-2024 13:49:29

Description :
The PPWP โ€“ Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts.

CVE ID : CVE-2024-0620
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0907

First published on : 29-02-2024 01:43:30
Last modified on : 29-02-2024 13:49:29

Description :
The NEX-Forms โ€“ Ultimate Form Builder โ€“ Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records.

CVE ID : CVE-2024-0907
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0978

First published on : 29-02-2024 01:43:33
Last modified on : 29-02-2024 13:49:29

Description :
The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content.

CVE ID : CVE-2024-0978
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset/3036015/jonradio-private-site | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/970bc71c-7d0a-4761-874a-379cda71418e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1044

First published on : 29-02-2024 01:43:38
Last modified on : 29-02-2024 13:49:29

Description :
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.

CVE ID : CVE-2024-1044
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1129

First published on : 29-02-2024 01:43:40
Last modified on : 29-02-2024 13:49:29

Description :
The NEX-Forms โ€“ Ultimate Form Builder โ€“ Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred.

CVE ID : CVE-2024-1129
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/53db0f72-3353-42bb-ad75-4c5aa32d7939?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1130

First published on : 29-02-2024 01:43:41
Last modified on : 29-02-2024 13:49:29

Description :
The NEX-Forms โ€“ Ultimate Form Builder โ€“ Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as read.

CVE ID : CVE-2024-1130
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f2c3b646-d865-4425-bc8f-00b3555a3d74?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1294

First published on : 29-02-2024 01:43:47
Last modified on : 29-02-2024 13:49:29

Description :
The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses.

CVE ID : CVE-2024-1294
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/tags/3.0.24/includes/admin/sunshine-order.php#L894 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3033429/sunshine-photo-cart/trunk/includes/admin/sunshine-order.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/da76d034-3e9a-4f3f-a314-48e776028369?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1322

First published on : 29-02-2024 01:43:47
Last modified on : 29-02-2024 13:49:29

Description :
The Directorist โ€“ WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.

CVE ID : CVE-2024-1322
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/directorist/tags/7.8.4/includes/classes/class-setup-wizard.php#L300 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1389

First published on : 29-02-2024 01:43:49
Last modified on : 29-02-2024 13:49:29

Description :
The Paid Membership Subscriptions โ€“ Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.

CVE ID : CVE-2024-1389
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/gateways/stripe/admin/functions-admin-connect.php#L11 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cd5f5861-5be4-456d-915d-bafb7bff2110?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1472

First published on : 29-02-2024 01:43:51
Last modified on : 29-02-2024 13:49:29

Description :
The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API.

CVE ID : CVE-2024-1472
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035862%40wp-maintenance%2Ftrunk&old=3032356%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=#file4 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/645328f3-2bcb-4287-952c-2e23ec57bb4e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1475

First published on : 29-02-2024 01:43:51
Last modified on : 29-02-2024 13:49:29

Description :
The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the plugin.

CVE ID : CVE-2024-1475
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037910%40coming-soon-maintenance-mode%2Ftrunk&old=3031487%40coming-soon-maintenance-mode%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/44e4a1a3-71d0-4cad-9807-f6bbc99ccb13?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1492

First published on : 29-02-2024 01:43:51
Last modified on : 29-02-2024 13:49:29

Description :
The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.

CVE ID : CVE-2024-1492
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1341

First published on : 29-02-2024 05:15:09
Last modified on : 29-02-2024 13:49:29

Description :
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1341
Source : security@wordfence.com
CVSS Score : 4.9

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042304%40advanced-iframe&new=3042304%40advanced-iframe&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/699e5c80-8a11-4f67-8b17-41170d9c6411?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0602

First published on : 29-02-2024 01:43:22
Last modified on : 29-02-2024 13:49:29

Description :
The YARPP โ€“ Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0602
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://advisory.abay.sh/cve-2024-0602 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3037032/yet-another-related-posts-plugin/tags/5.30.10/includes/yarpp_options.php?old=2999784&old_path=yet-another-related-posts-plugin/tags/5.30.9/includes/yarpp_options.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0604

First published on : 29-02-2024 01:43:23
Last modified on : 29-02-2024 13:49:29

Description :
The Best WordPress Gallery Plugin โ€“ FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0604
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://advisory.abay.sh/cve-2024-0604 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0621

First published on : 29-02-2024 01:43:23
Last modified on : 29-02-2024 13:49:29

Description :
The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0621
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset/3032350/ | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032350%40simple-share-buttons-adder&new=3032350%40simple-share-buttons-adder&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0656

First published on : 29-02-2024 01:43:24
Last modified on : 29-02-2024 13:49:29

Description :
The Password Protected โ€“ Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0656
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034934%40password-protected&new=3034934%40password-protected&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0658

First published on : 29-02-2024 01:43:24
Last modified on : 29-02-2024 13:49:29

Description :
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0658
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0689

First published on : 29-02-2024 03:15:06
Last modified on : 29-02-2024 13:49:29

Description :
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-0689
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042177%40custom-field-suite&new=3042177%40custom-field-suite&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e967ce-fd36-44de-acca-c1985642ee5b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1977

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
The Restaurant Solutions โ€“ Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVE ID : CVE-2024-1977
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2022-004 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8dca7f2e-f572-468a-8342-a6e096441561?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0379

First published on : 29-02-2024 01:43:10
Last modified on : 29-02-2024 13:49:29

Description :
The Custom Twitter Feeds โ€“ A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthenticated attackers to update the site's twitter API token and secret via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0379
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032345%40custom-twitter-feeds%2Ftrunk&new=3032345%40custom-twitter-feeds%2Ftrunk&sfp_email=&sfph_mail=#file3 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0512

First published on : 29-02-2024 01:43:17
Last modified on : 29-02-2024 13:49:29

Description :
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for unauthenticated attackers to add items to user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0512
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0513

First published on : 29-02-2024 01:43:17
Last modified on : 29-02-2024 13:49:29

Description :
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for unauthenticated attackers to remove items from user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0513
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3516e7-cce4-4def-be38-d16be3110d59?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0514

First published on : 29-02-2024 01:43:18
Last modified on : 29-02-2024 13:49:29

Description :
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated attackers to add items to user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0514
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0515

First published on : 29-02-2024 01:43:18
Last modified on : 29-02-2024 13:49:29

Description :
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for unauthenticated attackers to remove items from user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-0515
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a4178271-c09e-4094-a616-5a00d28f39a3?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0983

First published on : 29-02-2024 01:43:34
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization.

CVE ID : CVE-2024-0983
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0984

First published on : 29-02-2024 01:43:34
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to disable the image optimization setting.

CVE ID : CVE-2024-0984
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1089

First published on : 29-02-2024 01:43:39
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.

CVE ID : CVE-2024-1089
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff16906-2516-4b3c-8217-e3fb24924e27?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1090

First published on : 29-02-2024 01:43:39
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.

CVE ID : CVE-2024-1090
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fae909-5564-4e0a-9114-edd0e45865e5?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1091

First published on : 29-02-2024 01:43:39
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to remove all plugin data.

CVE ID : CVE-2024-1091
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1133

First published on : 29-02-2024 01:43:41
Last modified on : 29-02-2024 13:49:29

Description :
The Tutor LMS โ€“ eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with subscriber access or higher, to interact with questions in courses in which they are not enrolled including private courses.

CVE ID : CVE-2024-1133
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037911%40tutor%2Ftrunk&old=3020286%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file12 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1218

First published on : 29-02-2024 01:43:44
Last modified on : 29-02-2024 13:49:29

Description :
The Contact Form builder with drag & drop for WordPress โ€“ Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.

CVE ID : CVE-2024-1218
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ed1aae32-6040-4c42-b8a7-4c3be371a8c0?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1288

First published on : 29-02-2024 01:43:46
Last modified on : 29-02-2024 13:49:29

Description :
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality.

CVE ID : CVE-2024-1288
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.svn.wordpress.org/schema-and-structured-data-for-wp/trunk/modules/reviews/reviews_form.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?old_path=/schema-and-structured-data-for-wp/tags/1.26&old=3038020&new_path=/schema-and-structured-data-for-wp/tags/1.27&new=3038020&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac13f402-8a36-448f-87d4-48179a9699c6?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1334

First published on : 29-02-2024 01:43:47
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to enable image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-1334
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0318ec4a-185a-405d-90f8-008ba373114b?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1335

First published on : 29-02-2024 01:43:47
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to disable the image optimization setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-1335
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3900e4f-4ae4-4026-89df-b63bd869a763?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1336

First published on : 29-02-2024 01:43:48
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-1336
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1337

First published on : 29-02-2024 01:43:48
Last modified on : 29-02-2024 13:49:29

Description :
The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary content into pages.

CVE ID : CVE-2024-1337
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3034383/ | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/3164b96f-d876-4cbc-bddf-51e9d9becee6?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1338

First published on : 29-02-2024 01:43:48
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-1338
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1339

First published on : 29-02-2024 01:43:48
Last modified on : 29-02-2024 13:49:29

Description :
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove all plugin data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-1339
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2d08e462-8297-477e-89da-47f26bd6beae?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1390

First published on : 29-02-2024 01:43:49
Last modified on : 29-02-2024 13:49:29

Description :
The Paid Membership Subscriptions โ€“ Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables.

CVE ID : CVE-2024-1390
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/admin/class-admin-subscription-plans.php#L477 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/10f00859-3adf-40ff-8f33-827bbb1f62df?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1976

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-1976
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/marketing-optimizer/trunk/admin/main-settings-page.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b537637b-32c0-405e-94fa-c7c2d0c80658?source=cve | source : security@wordfence.com


Source : us.ibm.com

Vulnerability ID : CVE-2023-38367

First published on : 29-02-2024 02:15:09
Last modified on : 29-02-2024 13:49:29

Description :
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130.

CVE ID : CVE-2023-38367
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/261130 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7015271 | source : psirt@us.ibm.com


Vulnerability ID : CVE-2023-38372

First published on : 29-02-2024 01:40:10
Last modified on : 29-02-2024 13:49:47

Description :
An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201.

CVE ID : CVE-2023-38372
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/261201 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7020635 | source : psirt@us.ibm.com

Vulnerability : CWE-287


Vulnerability ID : CVE-2021-39090

First published on : 29-02-2024 03:15:06
Last modified on : 29-02-2024 13:49:29

Description :
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.

CVE ID : CVE-2021-39090
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/216388 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/6856407 | source : psirt@us.ibm.com

Vulnerability : CWE-311


Vulnerability ID : CVE-2023-25926

First published on : 29-02-2024 01:38:24
Last modified on : 29-02-2024 13:49:47

Description :
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 247599.

CVE ID : CVE-2023-25926
Source : psirt@us.ibm.com
CVSS Score : 5.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/247599 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/6964516 | source : psirt@us.ibm.com

Vulnerability : CWE-611


Vulnerability ID : CVE-2023-27545

First published on : 29-02-2024 02:15:08
Last modified on : 29-02-2024 13:49:29

Description :
IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947.

CVE ID : CVE-2023-27545
Source : psirt@us.ibm.com
CVSS Score : 4.0

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/248947 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/6965446 | source : psirt@us.ibm.com

Vulnerability : CWE-525


Source : patchstack.com

Vulnerability ID : CVE-2024-25094

First published on : 29-02-2024 06:15:47
Last modified on : 29-02-2024 13:49:29

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.This issue affects PJ News Ticker: from n/a through 1.9.5.

CVE ID : CVE-2024-25094
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/pj-news-ticker/wordpress-pj-news-ticker-plugin-1-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-25098

First published on : 29-02-2024 06:15:47
Last modified on : 29-02-2024 13:49:29

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio โ€“ with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio โ€“ with Cache Support: from n/a through 2.6.

CVE ID : CVE-2024-25098
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/pb-oembed-html5-audio-with-cache-support/wordpress-pb-oembed-html5-audio-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-25594

First published on : 29-02-2024 07:15:07
Last modified on : 29-02-2024 13:49:29

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a through 1.6.

CVE ID : CVE-2024-25594
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/my-waze/wordpress-mywaze-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-1434

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1.

CVE ID : CVE-2024-1434
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/media-alt-renamer/wordpress-media-alt-renamer-plugin-0-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-23501

First published on : 29-02-2024 06:15:47
Last modified on : 29-02-2024 13:49:29

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through 5.788.

CVE ID : CVE-2024-23501
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/ebook-store/wordpress-ebook-store-plugin-5-788-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-51531

First published on : 29-02-2024 05:15:09
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thrive Automator.This issue affects Thrive Automator: from n/a through 1.17.

CVE ID : CVE-2023-51531
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/thrive-automator/wordpress-thrive-automator-plugin-1-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-47874

First published on : 29-02-2024 06:15:45
Last modified on : 29-02-2024 13:49:29

Description :
Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.

CVE ID : CVE-2023-47874
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/perfmatters/wordpress-perfmatters-plugin-2-1-6-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2024-1435

First published on : 29-02-2024 05:15:09
Last modified on : 29-02-2024 13:49:29

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6.

CVE ID : CVE-2024-1435
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-23519

First published on : 29-02-2024 01:44:09
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7.

CVE ID : CVE-2024-23519
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/email-before-download/wordpress-email-before-download-plugin-6-9-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-24701

First published on : 29-02-2024 01:44:12
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20.

CVE ID : CVE-2024-24701
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/setka-editor/wordpress-setka-editor-plugin-2-1-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-24708

First published on : 29-02-2024 01:44:12
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19.

CVE ID : CVE-2024-24708
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/w3speedster-wp/wordpress-w3speedster-plugin-7-19-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-25930

First published on : 29-02-2024 01:44:17
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2.

CVE ID : CVE-2024-25930
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/custom-order-statuses-for-woocommerce/wordpress-custom-order-statuses-for-woocommerce-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-25931

First published on : 29-02-2024 01:44:17
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8.

CVE ID : CVE-2024-25931
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/heureka/wordpress-heureka-plugin-1-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-25932

First published on : 29-02-2024 01:44:17
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix.This issue affects Change Table Prefix: from n/a through 2.0.

CVE ID : CVE-2024-25932
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/change-table-prefix/wordpress-change-table-prefix-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51528

First published on : 29-02-2024 05:15:08
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Senol Sahin AI Power: Complete AI Pack โ€“ Powered by GPT-4.This issue affects AI Power: Complete AI Pack โ€“ Powered by GPT-4: from n/a through 1.8.12.

CVE ID : CVE-2023-51528
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/gpt3-ai-content-generator/wordpress-ai-power-complete-ai-pack-powered-by-gpt-4-plugin-1-8-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51529

First published on : 29-02-2024 05:15:08
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Mega โ€“ Absolute Addons For Elementor.This issue affects HT Mega โ€“ Absolute Addons For Elementor: from n/a through 2.3.3.

CVE ID : CVE-2023-51529
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51530

First published on : 29-02-2024 05:15:08
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider โ€“ Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider โ€“ Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1.

CVE ID : CVE-2023-51530
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/gs-logo-slider/wordpress-logo-slider-plugin-3-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-51696

First published on : 29-02-2024 05:15:09
Last modified on : 29-02-2024 13:49:29

Description :
Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.

CVE ID : CVE-2023-51696
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-anti-spam-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : vuldb.com

Vulnerability ID : CVE-2023-7106

First published on : 29-02-2024 01:42:53
Last modified on : 29-02-2024 13:49:47

Description :
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file product_details.php?prod_id=11. The manipulation of the argument prod_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249001 was assigned to this vulnerability.

CVE ID : CVE-2023-7106
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%202.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249001 | source : cna@vuldb.com
https://vuldb.com/?id.249001 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-1927

First published on : 29-02-2024 01:43:57
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254863.

CVE ID : CVE-2024-1927
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20SQLi.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.254863 | source : cna@vuldb.com
https://vuldb.com/?id.254863 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-2009

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2009
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.255266 | source : cna@vuldb.com
https://vuldb.com/?id.255266 | source : cna@vuldb.com

Vulnerability : CWE-209


Vulnerability ID : CVE-2023-7105

First published on : 29-02-2024 01:42:53
Last modified on : 29-02-2024 13:49:47

Description :
A vulnerability was found in code-projects E-Commerce Website 1.0. It has been classified as critical. Affected is an unknown function of the file index_search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249000.

CVE ID : CVE-2023-7105
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20SQL%20Injection%201.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249000 | source : cna@vuldb.com
https://vuldb.com/?id.249000 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-1928

First published on : 29-02-2024 01:43:57
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-admin.php of the component Edit User Profile Page. The manipulation of the argument Fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254864.

CVE ID : CVE-2024-1928
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20XSS.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.254864 | source : cna@vuldb.com
https://vuldb.com/?id.254864 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-7108

First published on : 29-02-2024 01:42:53
Last modified on : 29-02-2024 13:49:47

Description :
A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This affects an unknown part of the file user_signup.php. The manipulation of the argument firstname with the input <video/src=x onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249003.

CVE ID : CVE-2023-7108
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20Stored%20Cross-site%20Scripting.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.249003 | source : cna@vuldb.com
https://vuldb.com/?id.249003 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-1970

First published on : 29-02-2024 01:43:57
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255126 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-1970
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/OnlineLearningSystemV2-XSS.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.255126 | source : cna@vuldb.com
https://vuldb.com/?id.255126 | source : cna@vuldb.com

Vulnerability : CWE-79


Source : kaspersky.com

Vulnerability ID : CVE-2024-1619

First published on : 29-02-2024 10:15:06
Last modified on : 29-02-2024 13:49:29

Description :
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.

CVE ID : CVE-2024-1619
Source : vulnerability@kaspersky.com
CVSS Score : 6.1

References :
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#010224 | source : vulnerability@kaspersky.com

Vulnerability : CWE-74


Source : hcl.com

Vulnerability ID : CVE-2023-37495

First published on : 29-02-2024 01:40:04
Last modified on : 29-02-2024 13:49:47

Description :
Internet passwords stored in Person documents in the Dominoยฎ Directory created using the "Add Person" action on the People & Groups tab in the Dominoยฎ Administrator are secured using a cryptographically weak hash algorithm. This could enable attackers with access to the hashed value to determine a user's password, e.g. using a brute force attack. This issue does not impact Person documents created through user registration https://help.hcltechsw.com/domino/10.0.1/admin/conf_userregistration_c.html .

CVE ID : CVE-2023-37495
Source : psirt@hcl.com
CVSS Score : 5.9

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107585 | source : psirt@hcl.com


Source : vmware.com

Vulnerability ID : CVE-2024-22251

First published on : 29-02-2024 01:44:05
Last modified on : 29-02-2024 13:49:29

Description :
VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure.

CVE ID : CVE-2024-22251
Source : security@vmware.com
CVSS Score : 5.9

References :
https://www.vmware.com/security/advisories/VMSA-2024-0005.html | source : security@vmware.com


Source : github.com

Vulnerability ID : CVE-2024-26141

First published on : 29-02-2024 00:15:51
Last modified on : 29-02-2024 13:49:47

Description :
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.

CVE ID : CVE-2024-26141
Source : security-advisories@github.com
CVSS Score : 5.8

References :
https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | source : security-advisories@github.com
https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9 | source : security-advisories@github.com
https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b | source : security-advisories@github.com
https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6 | source : security-advisories@github.com
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml | source : security-advisories@github.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2024-27092

First published on : 29-02-2024 01:44:19
Last modified on : 29-02-2024 13:49:29

Description :
Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form - easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6.

CVE ID : CVE-2024-27092
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/hoppscotch/hoppscotch/blob/main/packages/hoppscotch-backend/src/team-invitation/team-invitation.service.ts#L153 | source : security-advisories@github.com
https://github.com/hoppscotch/hoppscotch/commit/6827e97ec583b2534cdc1c2f33fa44973a0c2bf5 | source : security-advisories@github.com
https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-8r6h-8r68-q3pp | source : security-advisories@github.com

Vulnerability : CWE-20
Vulnerability : CWE-79


Vulnerability ID : CVE-2024-25126

First published on : 29-02-2024 00:15:51
Last modified on : 29-02-2024 13:49:47

Description :
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rackโ€™s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.

CVE ID : CVE-2024-25126
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | source : security-advisories@github.com
https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462 | source : security-advisories@github.com
https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49 | source : security-advisories@github.com
https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx | source : security-advisories@github.com
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml | source : security-advisories@github.com

Vulnerability : CWE-1333


Vulnerability ID : CVE-2024-26146

First published on : 29-02-2024 00:15:51
Last modified on : 29-02-2024 13:49:47

Description :
Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.

CVE ID : CVE-2024-26146
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | source : security-advisories@github.com
https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716 | source : security-advisories@github.com
https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582 | source : security-advisories@github.com
https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f | source : security-advisories@github.com
https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd | source : security-advisories@github.com
https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f | source : security-advisories@github.com
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml | source : security-advisories@github.com

Vulnerability : CWE-1333


Vulnerability ID : CVE-2024-27083

First published on : 29-02-2024 01:44:19
Last modified on : 29-02-2024 13:49:29

Description :
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.

CVE ID : CVE-2024-27083
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/dpgaspar/Flask-AppBuilder/commit/3d17741886e4b3c384d0570de69689e4117aa812 | source : security-advisories@github.com
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fqxj-46wg-9v84 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-26132

First published on : 29-02-2024 01:44:17
Last modified on : 29-02-2024 13:49:29

Description :
Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported="false"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.

CVE ID : CVE-2024-26132
Source : security-advisories@github.com
CVSS Score : 4.0

References :
https://element.io/blog/security-release-element-android-1-6-12 | source : security-advisories@github.com
https://github.com/element-hq/element-android/commit/8f9695a9a8d944cb9b92568cbd76578c51d32e07 | source : security-advisories@github.com
https://github.com/element-hq/element-android/security/advisories/GHSA-8wj9-cx7h-pvm4 | source : security-advisories@github.com

Vulnerability : CWE-200


Source : adobe.com

Vulnerability ID : CVE-2023-44341

First published on : 29-02-2024 01:41:12
Last modified on : 29-02-2024 13:49:47

Description :
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44341
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | source : psirt@adobe.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-44342

First published on : 29-02-2024 01:41:13
Last modified on : 29-02-2024 13:49:47

Description :
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44342
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-44343

First published on : 29-02-2024 01:41:13
Last modified on : 29-02-2024 13:49:47

Description :
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44343
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-44344

First published on : 29-02-2024 01:41:13
Last modified on : 29-02-2024 13:49:47

Description :
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44344
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-44345

First published on : 29-02-2024 01:41:13
Last modified on : 29-02-2024 13:49:47

Description :
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44345
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | source : psirt@adobe.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-44346

First published on : 29-02-2024 01:41:13
Last modified on : 29-02-2024 13:49:47

Description :
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44346
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | source : psirt@adobe.com

Vulnerability : CWE-125


Vulnerability ID : CVE-2023-44347

First published on : 29-02-2024 01:41:14
Last modified on : 29-02-2024 13:49:47

Description :
Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE ID : CVE-2023-44347
Source : psirt@adobe.com
CVSS Score : 5.5

References :
https://helpx.adobe.com/security/products/indesign/apsb23-55.html | source : psirt@adobe.com

Vulnerability : CWE-476


Source : incibe.es

Vulnerability ID : CVE-2024-2001

First published on : 29-02-2024 14:15:45
Last modified on : 29-02-2024 18:06:42

Description :
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

CVE ID : CVE-2024-2001
Source : cve-coordination@incibe.es
CVSS Score : 5.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cockpit-cms | source : cve-coordination@incibe.es

Vulnerability : CWE-79


Source : hypr.com

Vulnerability ID : CVE-2024-0068

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.

CVE ID : CVE-2024-0068
Source : security@hypr.com
CVSS Score : 5.5

References :
https://www.hypr.com/trust-center/security-advisories | source : security@hypr.com

Vulnerability : CWE-59


Source : ubuntu.com

Vulnerability ID : CVE-2023-7207

First published on : 29-02-2024 01:42:59
Last modified on : 29-02-2024 13:49:29

Description :
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

CVE ID : CVE-2023-7207
Source : security@ubuntu.com
CVSS Score : 4.9

References :
http://www.openwall.com/lists/oss-security/2024/01/05/1 | source : security@ubuntu.com
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 | source : security@ubuntu.com
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 | source : security@ubuntu.com
https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628 | source : security@ubuntu.com
https://www.openwall.com/lists/oss-security/2023/12/21/8 | source : security@ubuntu.com


Source : mattermost.com

Vulnerability ID : CVE-2024-1887

First published on : 29-02-2024 08:15:46
Last modified on : 29-02-2024 13:49:29

Description :
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export.

CVE ID : CVE-2024-1887
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-23493

First published on : 29-02-2024 08:15:47
Last modified on : 29-02-2024 13:49:29

Description :
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of.

CVE ID : CVE-2024-23493
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-24988

First published on : 29-02-2024 08:15:47
Last modified on : 29-02-2024 13:49:29

Description :
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.

CVE ID : CVE-2024-24988
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2024-1888

First published on : 29-02-2024 09:15:06
Last modified on : 29-02-2024 13:49:29

Description :
Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server

CVE ID : CVE-2024-1888
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-1942

First published on : 29-02-2024 11:15:07
Last modified on : 29-02-2024 13:49:29

Description :
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.

CVE ID : CVE-2024-1942
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-1953

First published on : 29-02-2024 11:15:08
Last modified on : 29-02-2024 13:49:29

Description :
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.

CVE ID : CVE-2024-1953
Source : responsibledisclosure@mattermost.com
CVSS Score : 4.3

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-400


(11) LOW VULNERABILITIES [0.1, 3.9]

Source : redhat.com

Vulnerability ID : CVE-2024-1722

First published on : 29-02-2024 01:43:54
Last modified on : 29-02-2024 13:49:29

Description :
A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

CVE ID : CVE-2024-1722
Source : secalert@redhat.com
CVSS Score : 3.7

References :
https://access.redhat.com/security/cve/CVE-2024-1722 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2265389 | source : secalert@redhat.com

Vulnerability : CWE-645


Source : hcl.com

Vulnerability ID : CVE-2023-37531

First published on : 29-02-2024 01:40:04
Last modified on : 29-02-2024 13:49:47

Description :
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access.

CVE ID : CVE-2023-37531
Source : psirt@hcl.com
CVSS Score : 3.3

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-37529

First published on : 29-02-2024 01:40:04
Last modified on : 29-02-2024 13:49:47

Description :
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530.

CVE ID : CVE-2023-37529
Source : psirt@hcl.com
CVSS Score : 3.0

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 | source : psirt@hcl.com


Vulnerability ID : CVE-2023-37530

First published on : 29-02-2024 01:40:04
Last modified on : 29-02-2024 13:49:47

Description :
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information.

CVE ID : CVE-2023-37530
Source : psirt@hcl.com
CVSS Score : 3.0

References :
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 | source : psirt@hcl.com


Source : vuldb.com

Vulnerability ID : CVE-2024-1191

First published on : 29-02-2024 01:43:42
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-252681 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1191
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/19-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252681 | source : cna@vuldb.com
https://vuldb.com/?id.252681 | source : cna@vuldb.com

Vulnerability : CWE-404


Vulnerability ID : CVE-2024-1192

First published on : 29-02-2024 01:43:42
Last modified on : 29-02-2024 13:49:29

Description :
A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-252682 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1192
Source : cna@vuldb.com
CVSS Score : 3.3

References :
https://fitoxs.com/vuldb/22-exploit-perl.txt | source : cna@vuldb.com
https://vuldb.com/?ctiid.252682 | source : cna@vuldb.com
https://vuldb.com/?id.252682 | source : cna@vuldb.com

Vulnerability : CWE-404


Source : github.com

Vulnerability ID : CVE-2023-47634

First published on : 29-02-2024 01:41:28
Last modified on : 29-02-2024 13:49:47

Description :
Decidim is a participatory democracy framework. Starting in version 0.10.0 and prior to versions 0.26.9, 0.27.5, and 0.28.0, a race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Versions 0.26.9, 0.27.5, and 0.28.0 contain a patch for this issue. As a workaround, disable the Endorsement feature in the components.

CVE ID : CVE-2023-47634
Source : security-advisories@github.com
CVSS Score : 3.1

References :
https://github.com/decidim/decidim/releases/tag/v0.26.9 | source : security-advisories@github.com
https://github.com/decidim/decidim/releases/tag/v0.27.5 | source : security-advisories@github.com
https://github.com/decidim/decidim/releases/tag/v0.28.0 | source : security-advisories@github.com
https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2 | source : security-advisories@github.com

Vulnerability : CWE-362


Source : mattermost.com

Vulnerability ID : CVE-2024-23488

First published on : 29-02-2024 08:15:47
Last modified on : 29-02-2024 13:49:29

Description :
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the โ€œAllow users to view archived channelsโ€ option is disabled.

CVE ID : CVE-2024-23488
Source : responsibledisclosure@mattermost.com
CVSS Score : 3.1

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-1952

First published on : 29-02-2024 11:15:08
Last modified on : 29-02-2024 13:49:29

Description :
Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of.

CVE ID : CVE-2024-1952
Source : responsibledisclosure@mattermost.com
CVSS Score : 3.1

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-1949

First published on : 29-02-2024 11:15:08
Last modified on : 29-02-2024 13:49:29

Description :
A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.

CVE ID : CVE-2024-1949
Source : responsibledisclosure@mattermost.com
CVSS Score : 2.6

References :
https://mattermost.com/security-updates | source : responsibledisclosure@mattermost.com

Vulnerability : CWE-200


Source : mitre.org

Vulnerability ID : CVE-2023-49337

First published on : 29-02-2024 01:41:37
Last modified on : 29-02-2024 13:49:47

Description :
Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via /dashboard/system/basics/name. (8.5 and earlier are unaffected.)

CVE ID : CVE-2023-49337
Source : cve@mitre.org
CVSS Score : 2.4

References :
https://github.com/concretecms/concretecms/commit/07b433799b888c4eb854e052ca58b032ebc6d36f | source : cve@mitre.org
https://hackerone.com/reports/2232594 | source : cve@mitre.org
https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates | source : cve@mitre.org


(91) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2022-34269

First published on : 29-02-2024 01:35:13
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.

CVE ID : CVE-2022-34269
Source : cve@mitre.org
CVSS Score : /

References :
https://www.rws.com/localization/products/trados-enterprise/worldserver/ | source : cve@mitre.org
https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver | source : cve@mitre.org


Vulnerability ID : CVE-2022-34270

First published on : 29-02-2024 01:35:13
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.

CVE ID : CVE-2022-34270
Source : cve@mitre.org
CVSS Score : /

References :
https://www.rws.com/localization/products/trados-enterprise/worldserver/ | source : cve@mitre.org
https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver | source : cve@mitre.org


Vulnerability ID : CVE-2022-36677

First published on : 29-02-2024 01:35:29
Last modified on : 29-02-2024 13:49:47

Description :
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document.

CVE ID : CVE-2022-36677
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/JoJenH/Note4SelfVul/blob/main/obsidian-mind-map.md | source : cve@mitre.org
https://github.com/lynchjames/obsidian-mind-map/issues/87 | source : cve@mitre.org


Vulnerability ID : CVE-2023-27151

First published on : 29-02-2024 01:38:30
Last modified on : 29-02-2024 13:49:47

Description :
openCRX 5.2.0 was discovered to contain an HTML injection vulnerability for Search Criteria-Activity Number (in the Saved Search Activity) via the Name, Description, or Activity Number field.

CVE ID : CVE-2023-27151
Source : cve@mitre.org
CVSS Score : /

References :
https://www.esecforte.com/cve-2023-27151-html-injection-activity-tracker/ | source : cve@mitre.org
https://www.opencrx.org/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-34198

First published on : 29-02-2024 01:39:48
Last modified on : 29-02-2024 13:49:47

Description :
In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.

CVE ID : CVE-2023-34198
Source : cve@mitre.org
CVSS Score : /

References :
https://advisories.stormshield.eu/2023-019 | source : cve@mitre.org


Vulnerability ID : CVE-2023-41165

First published on : 29-02-2024 01:40:58
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft.

CVE ID : CVE-2023-41165
Source : cve@mitre.org
CVSS Score : /

References :
https://advisories.stormshield.eu/2023-020/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43769

First published on : 29-02-2024 01:41:09
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics.

CVE ID : CVE-2023-43769
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.couchbase.com/server/current/release-notes/relnotes.html | source : cve@mitre.org
https://forums.couchbase.com/tags/security | source : cve@mitre.org
https://www.couchbase.com/alerts/ | source : cve@mitre.org
https://www.couchbase.com/downloads | source : cve@mitre.org


Vulnerability ID : CVE-2023-45874

First published on : 29-02-2024 01:41:20
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in Couchbase Server through 7.2.2. A data reader may cause a denial of service (outage of reader threads).

CVE ID : CVE-2023-45874
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.couchbase.com/server/current/release-notes/relnotes.html | source : cve@mitre.org
https://forums.couchbase.com/tags/security | source : cve@mitre.org
https://www.couchbase.com/alerts/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-48650

First published on : 29-02-2024 01:41:34
Last modified on : 29-02-2024 13:49:47

Description :
Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admin adding a stored XSS payload via the Layout Preset name.

CVE ID : CVE-2023-48650
Source : cve@mitre.org
CVSS Score : /

References :
https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes | source : cve@mitre.org
https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates | source : cve@mitre.org


Vulnerability ID : CVE-2023-48651

First published on : 29-02-2024 01:41:34
Last modified on : 29-02-2024 13:49:47

Description :
Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) at /ccm/system/dialogs/file/delete/1/submit.

CVE ID : CVE-2023-48651
Source : cve@mitre.org
CVSS Score : /

References :
https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes | source : cve@mitre.org
https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates | source : cve@mitre.org


Vulnerability ID : CVE-2023-48653

First published on : 29-02-2024 01:41:34
Last modified on : 29-02-2024 13:49:47

Description :
Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.

CVE ID : CVE-2023-48653
Source : cve@mitre.org
CVSS Score : /

References :
https://documentation.concretecms.org/developers/introduction/version-history/923-release-notes | source : cve@mitre.org
https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates | source : cve@mitre.org


Vulnerability ID : CVE-2023-49930

First published on : 29-02-2024 01:41:40
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.

CVE ID : CVE-2023-49930
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.couchbase.com/server/current/release-notes/relnotes.html | source : cve@mitre.org
https://forums.couchbase.com/tags/security | source : cve@mitre.org
https://www.couchbase.com/alerts/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-49931

First published on : 29-02-2024 01:41:40
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.

CVE ID : CVE-2023-49931
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.couchbase.com/server/current/release-notes/relnotes.html | source : cve@mitre.org
https://forums.couchbase.com/tags/security | source : cve@mitre.org
https://www.couchbase.com/alerts/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-49932

First published on : 29-02-2024 01:41:40
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.

CVE ID : CVE-2023-49932
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.couchbase.com/server/current/release-notes/relnotes.html | source : cve@mitre.org
https://forums.couchbase.com/tags/security | source : cve@mitre.org
https://www.couchbase.com/alerts/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50436

First published on : 29-02-2024 01:42:00
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.

CVE ID : CVE-2023-50436
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.couchbase.com/server/current/release-notes/relnotes.html | source : cve@mitre.org
https://forums.couchbase.com/tags/security | source : cve@mitre.org
https://www.couchbase.com/alerts/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50437

First published on : 29-02-2024 01:42:00
Last modified on : 29-02-2024 13:49:47

Description :
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.

CVE ID : CVE-2023-50437
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.couchbase.com/server/current/release-notes/relnotes.html | source : cve@mitre.org
https://forums.couchbase.com/tags/security | source : cve@mitre.org
https://www.couchbase.com/alerts/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-50658

First published on : 29-02-2024 01:42:01
Last modified on : 29-02-2024 13:49:47

Description :
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVE ID : CVE-2023-50658
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317 | source : cve@mitre.org
https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51773

First published on : 29-02-2024 01:42:05
Last modified on : 29-02-2024 13:49:47

Description :
BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.

CVE ID : CVE-2023-51773
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bacnet-stack/bacnet-stack/blob/master/CHANGELOG.md | source : cve@mitre.org
https://github.com/bacnet-stack/bacnet-stack/compare/bacnet-stack-1.3.1...bacnet-stack-1.3.2 | source : cve@mitre.org
https://github.com/bacnet-stack/bacnet-stack/pull/546 | source : cve@mitre.org
https://github.com/bacnet-stack/bacnet-stack/pull/546/commits/c465412a076ca6c9ddf649612f2b4e1874d8dcb8 | source : cve@mitre.org
https://sourceforge.net/p/bacnet/bugs/85/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51774

First published on : 29-02-2024 01:42:05
Last modified on : 29-02-2024 13:49:47

Description :
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

CVE ID : CVE-2023-51774
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-51775

First published on : 29-02-2024 01:42:05
Last modified on : 29-02-2024 13:49:47

Description :
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVE ID : CVE-2023-51775
Source : cve@mitre.org
CVSS Score : /

References :
https://bitbucket.org/b_c/jose4j/issues/212 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51779

First published on : 29-02-2024 01:42:05
Last modified on : 29-02-2024 13:49:47

Description :
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.

CVE ID : CVE-2023-51779
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51835

First published on : 29-02-2024 01:42:05
Last modified on : 29-02-2024 13:49:47

Description :
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.

CVE ID : CVE-2023-51835
Source : cve@mitre.org
CVSS Score : /

References :
https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8 | source : cve@mitre.org
https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DRE | source : cve@mitre.org


Vulnerability ID : CVE-2024-22936

First published on : 29-02-2024 01:44:07
Last modified on : 29-02-2024 13:49:29

Description :
Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

CVE ID : CVE-2024-22936
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/SnoopJesus420/CVEs/blob/main/CVE-2023- | source : cve@mitre.org
https://github.com/SnoopJesus420/CVEs/blob/main/CVEs-2024/CVE-2024-22936.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22939

First published on : 29-02-2024 01:44:07
Last modified on : 29-02-2024 13:49:29

Description :
Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.

CVE ID : CVE-2024-22939
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/NUDTTAN91/CVE-2024-22939 | source : cve@mitre.org
https://github.com/NUDTTAN91/CVE20240109/blob/master/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-23052

First published on : 29-02-2024 01:44:07
Last modified on : 29-02-2024 13:49:29

Description :
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.

CVE ID : CVE-2024-23052
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md#1remote-code-execution-vulnerability | source : cve@mitre.org
https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28 | source : cve@mitre.org


Vulnerability ID : CVE-2024-23302

First published on : 29-02-2024 01:44:08
Last modified on : 29-02-2024 13:49:29

Description :
Couchbase Server before 7.2.4 has a private key leak in goxdcr.log.

CVE ID : CVE-2024-23302
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.couchbase.com/server/current/release-notes/relnotes.html | source : cve@mitre.org
https://forums.couchbase.com/tags/security | source : cve@mitre.org
https://www.couchbase.com/alerts/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-24146

First published on : 29-02-2024 01:44:11
Last modified on : 29-02-2024 13:49:29

Description :
A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.

CVE ID : CVE-2024-24146
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/libming/libming/issues/307 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24147

First published on : 29-02-2024 01:44:11
Last modified on : 29-02-2024 13:49:29

Description :
A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.

CVE ID : CVE-2024-24147
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/libming/libming/issues/311 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24149

First published on : 29-02-2024 01:44:11
Last modified on : 29-02-2024 13:49:29

Description :
A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

CVE ID : CVE-2024-24149
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/libming/libming/issues/310 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24150

First published on : 29-02-2024 01:44:11
Last modified on : 29-02-2024 13:49:29

Description :
A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

CVE ID : CVE-2024-24150
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/libming/libming/issues/309 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24155

First published on : 29-02-2024 01:44:11
Last modified on : 29-02-2024 13:49:29

Description :
Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file.

CVE ID : CVE-2024-24155
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/axiomatic-systems/Bento4/issues/919 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25006

First published on : 29-02-2024 01:44:14
Last modified on : 29-02-2024 13:49:29

Description :
XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.

CVE ID : CVE-2024-25006
Source : cve@mitre.org
CVSS Score : /

References :
https://xenforo.com/community/threads/xenforo-2-2-14-released.219044/ | source : cve@mitre.org
https://xenforo.com/docs/xf2/permissions/ | source : cve@mitre.org
https://xenforo.com/tickets/BC37EB98/?v=5da7bd5728 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25262

First published on : 29-02-2024 01:44:15
Last modified on : 29-02-2024 13:49:29

Description :
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.

CVE ID : CVE-2024-25262
Source : cve@mitre.org
CVSS Score : /

References :
https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912 | source : cve@mitre.org
https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co | source : cve@mitre.org


Vulnerability ID : CVE-2024-25712

First published on : 29-02-2024 01:44:16
Last modified on : 29-02-2024 13:49:29

Description :
http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files.

CVE ID : CVE-2024-25712
Source : cve@mitre.org
CVSS Score : /

References :
https://cosmosofcyberspace.github.io/improper_http_method_leads_to_xss/poc.html | source : cve@mitre.org
https://github.com/swaggo/http-swagger/releases/tag/v1.2.6 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25713

First published on : 29-02-2024 01:44:16
Last modified on : 29-02-2024 13:49:29

Description :
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)

CVE ID : CVE-2024-25713
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh | source : cve@mitre.org


Vulnerability ID : CVE-2024-25830

First published on : 29-02-2024 01:44:16
Last modified on : 29-02-2024 13:49:29

Description :
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.

CVE ID : CVE-2024-25830
Source : cve@mitre.org
CVSS Score : /

References :
https://neroteam.com/blog/f-logic-datacube3-vulnerability-report | source : cve@mitre.org


Vulnerability ID : CVE-2024-25831

First published on : 29-02-2024 01:44:16
Last modified on : 29-02-2024 13:49:29

Description :
F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface.

CVE ID : CVE-2024-25831
Source : cve@mitre.org
CVSS Score : /

References :
https://neroteam.com/blog/f-logic-datacube3-vulnerability-report | source : cve@mitre.org


Vulnerability ID : CVE-2024-25832

First published on : 29-02-2024 01:44:16
Last modified on : 29-02-2024 13:49:29

Description :
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.

CVE ID : CVE-2024-25832
Source : cve@mitre.org
CVSS Score : /

References :
https://neroteam.com/blog/f-logic-datacube3-vulnerability-report | source : cve@mitre.org


Vulnerability ID : CVE-2024-25833

First published on : 29-02-2024 01:44:16
Last modified on : 29-02-2024 13:49:29

Description :
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.

CVE ID : CVE-2024-25833
Source : cve@mitre.org
CVSS Score : /

References :
https://neroteam.com/blog/f-logic-datacube3-vulnerability-report | source : cve@mitre.org


Vulnerability ID : CVE-2024-26458

First published on : 29-02-2024 01:44:18
Last modified on : 29-02-2024 13:49:29

Description :
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

CVE ID : CVE-2024-26458
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-26461

First published on : 29-02-2024 01:44:18
Last modified on : 29-02-2024 13:49:29

Description :
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

CVE ID : CVE-2024-26461
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-26462

First published on : 29-02-2024 01:44:18
Last modified on : 29-02-2024 13:49:29

Description :
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

CVE ID : CVE-2024-26462
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-26470

First published on : 29-02-2024 01:44:18
Last modified on : 29-02-2024 13:49:29

Description :
A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request.

CVE ID : CVE-2024-26470
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470 | source : cve@mitre.org
https://github.com/fullstackhero/dotnet-webapi-boilerplate | source : cve@mitre.org
https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate | source : cve@mitre.org


Vulnerability ID : CVE-2024-26471

First published on : 29-02-2024 01:44:18
Last modified on : 29-02-2024 13:49:29

Description :
A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php.

CVE ID : CVE-2024-26471
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26471 | source : cve@mitre.org
https://github.com/zhimengzhe/iBarn | source : cve@mitre.org


Vulnerability ID : CVE-2024-26472

First published on : 29-02-2024 01:44:19
Last modified on : 29-02-2024 13:49:29

Description :
A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the selector or validator parameters in offer.php.

CVE ID : CVE-2024-26472
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26472 | source : cve@mitre.org
https://github.com/msaad1999/KLiK-SocialMediaWebsite/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-26473

First published on : 29-02-2024 01:44:19
Last modified on : 29-02-2024 13:49:29

Description :
A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php.

CVE ID : CVE-2024-26473
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26473 | source : cve@mitre.org
https://github.com/msaad1999/KLiK-SocialMediaWebsite/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-27516

First published on : 29-02-2024 01:44:20
Last modified on : 29-02-2024 13:49:29

Description :
livehelperchat 4.28v is vulnerable to Server-Side Template Injection (SSTI).

CVE ID : CVE-2024-27516
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/LiveHelperChat/livehelperchat/issues/2054 | source : cve@mitre.org


Vulnerability ID : CVE-2024-27517

First published on : 29-02-2024 01:44:20
Last modified on : 29-02-2024 13:49:29

Description :
Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions.

CVE ID : CVE-2024-27517
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/webasyst/webasyst-framework/issues/377 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51800

First published on : 29-02-2024 02:15:09
Last modified on : 29-02-2024 13:49:29

Description :
Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter, add_new_parent function in the name email parameters, new_term function in the tname parameter, and the edit_student function in the name parameter.

CVE ID : CVE-2023-51800
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-51800 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51801

First published on : 29-02-2024 02:15:09
Last modified on : 29-02-2024 13:49:29

Description :
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages.

CVE ID : CVE-2023-51801
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-51801 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51802

First published on : 29-02-2024 02:15:09
Last modified on : 29-02-2024 13:49:29

Description :
Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component.

CVE ID : CVE-2023-51802
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-51802 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22871

First published on : 29-02-2024 02:15:09
Last modified on : 29-02-2024 13:49:29

Description :
An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.

CVE ID : CVE-2024-22871
Source : cve@mitre.org
CVSS Score : /

References :
https://hackmd.io/%40fe1w0/rymmJGida | source : cve@mitre.org


Vulnerability ID : CVE-2024-24525

First published on : 29-02-2024 06:15:47
Last modified on : 29-02-2024 13:49:29

Description :
An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL.

CVE ID : CVE-2024-24525
Source : cve@mitre.org
CVSS Score : /

References :
https://l3v3lforall.github.io/EpointWebBuilder_v5.x_VULN/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-25291

First published on : 29-02-2024 07:15:07
Last modified on : 29-02-2024 13:49:29

Description :
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.

CVE ID : CVE-2024-25291
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25291 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25292

First published on : 29-02-2024 07:15:07
Last modified on : 29-02-2024 13:49:29

Description :
Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter.

CVE ID : CVE-2024-25292
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25292 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25180

First published on : 29-02-2024 18:15:16
Last modified on : 29-02-2024 18:15:16

Description :
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'.

CVE ID : CVE-2024-25180
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-24246

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

CVE ID : CVE-2024-24246
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/qpdf/qpdf/issues/1123 | source : cve@mitre.org


Vulnerability ID : CVE-2024-26548

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component.

CVE ID : CVE-2024-26548
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cwh031600/vivotek/blob/main/vivotek-FD8166A-uploadfile-dos/vivotek-FD8166A-uploadfile-analysis.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-27655

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.

CVE ID : CVE-2024-27655
Source : cve@mitre.org
CVSS Score : /

References :
https://calm-healer-839.notion.site/D-LINK-DIR-823G-OOBW-0x41E094-f1bd478368644136ad2e3a33e59041b2?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2024-27656

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.

CVE ID : CVE-2024-27656
Source : cve@mitre.org
CVSS Score : /

References :
https://calm-healer-839.notion.site/D-LINK-DIR-823G-OOBW-0x41E2A0-8ea57277c7cd4ea18dbc40bcb41a98f2?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2024-27657

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.

CVE ID : CVE-2024-27657
Source : cve@mitre.org
CVSS Score : /

References :
https://calm-healer-839.notion.site/D-LINK-DIR-823G-OOBW-0x41D5B0-462500887ea3464692e3e697cc43838c?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2024-27658

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2024-27658
Source : cve@mitre.org
CVSS Score : /

References :
https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x44900C-8f23082721854117bdea70b6113433fd?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2024-27659

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2024-27659
Source : cve@mitre.org
CVSS Score : /

References :
https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x42B4C4-dfeae31d711f414796e1d9eb9cea7d31?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2024-27660

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2024-27660
Source : cve@mitre.org
CVSS Score : /

References :
https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x41C708-e46f864c48114f45894f4563588d7968?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2024-27661

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2024-27661
Source : cve@mitre.org
CVSS Score : /

References :
https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x42444C-34458f12482346b291f334eea12e6fd0?pvs=4 | source : cve@mitre.org


Vulnerability ID : CVE-2024-27662

First published on : 29-02-2024 20:15:41
Last modified on : 29-02-2024 20:15:41

Description :
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE ID : CVE-2024-27662
Source : cve@mitre.org
CVSS Score : /

References :
https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x4116F0-5befc4a65457482c8c4dcb16910ab820?pvs=4 | source : cve@mitre.org


Source : openvpn.net

Vulnerability ID : CVE-2023-6247

First published on : 29-02-2024 01:42:34
Last modified on : 29-02-2024 13:49:47

Description :
The PKCS#7 parser in OpenVPN 3 Core Library versions through 3.8.3 did not properly validate the parsed data, which would result in the application crashing.

CVE ID : CVE-2023-6247
Source : security@openvpn.net
CVSS Score : /

References :
https://community.openvpn.net/openvpn/wiki/CVE-2023-6247 | source : security@openvpn.net

Vulnerability : CWE-476


Source : google.com

Vulnerability ID : CVE-2024-1938

First published on : 29-02-2024 01:43:57
Last modified on : 29-02-2024 13:49:29

Description :
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-1938
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html | source : chrome-cve-admin@google.com
https://issues.chromium.org/issues/324596281 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-1939

First published on : 29-02-2024 01:43:57
Last modified on : 29-02-2024 13:49:29

Description :
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-1939
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html | source : chrome-cve-admin@google.com
https://issues.chromium.org/issues/323694592 | source : chrome-cve-admin@google.com


Source : joomla.org

Vulnerability ID : CVE-2024-21722

First published on : 29-02-2024 01:44:03
Last modified on : 29-02-2024 13:49:29

Description :
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.

CVE ID : CVE-2024-21722
Source : security@joomla.org
CVSS Score : /

References :
https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html | source : security@joomla.org

Vulnerability : CWE-613


Vulnerability ID : CVE-2024-21723

First published on : 29-02-2024 01:44:03
Last modified on : 29-02-2024 13:49:29

Description :
Inadequate parsing of URLs could result into an open redirect.

CVE ID : CVE-2024-21723
Source : security@joomla.org
CVSS Score : /

References :
https://developer.joomla.org/security-centre/926-20240202-core-open-redirect-in-installation-application.html | source : security@joomla.org

Vulnerability : CWE-601


Vulnerability ID : CVE-2024-21724

First published on : 29-02-2024 01:44:03
Last modified on : 29-02-2024 13:49:29

Description :
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.

CVE ID : CVE-2024-21724
Source : security@joomla.org
CVSS Score : /

References :
https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html | source : security@joomla.org

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-21725

First published on : 29-02-2024 01:44:03
Last modified on : 29-02-2024 13:49:29

Description :
Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components.

CVE ID : CVE-2024-21725
Source : security@joomla.org
CVSS Score : /

References :
https://developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html | source : security@joomla.org

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-21726

First published on : 29-02-2024 01:44:03
Last modified on : 29-02-2024 13:49:29

Description :
Inadequate content filtering leads to XSS vulnerabilities in various components.

CVE ID : CVE-2024-21726
Source : security@joomla.org
CVSS Score : /

References :
https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html | source : security@joomla.org

Vulnerability : CWE-79


Source : apache.org

Vulnerability ID : CVE-2024-23807

First published on : 29-02-2024 01:44:10
Last modified on : 29-02-2024 13:49:29

Description :
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.

CVE ID : CVE-2024-23807
Source : security@apache.org
CVSS Score : /

References :
https://github.com/apache/xerces-c/pull/54 | source : security@apache.org
https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r | source : security@apache.org

Vulnerability : CWE-416


Vulnerability ID : CVE-2024-23946

First published on : 29-02-2024 01:44:11
Last modified on : 29-02-2024 13:49:29

Description :
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

CVE ID : CVE-2024-23946
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/02/28/9 | source : security@apache.org
https://issues.apache.org/jira/browse/OFBIZ-12884 | source : security@apache.org
https://lists.apache.org/thread/w4lp5ncpzttf41hn5bsc04mzq4o6lw3g | source : security@apache.org
https://ofbiz.apache.org/download.html | source : security@apache.org
https://ofbiz.apache.org/release-notes-18.12.12.html | source : security@apache.org
https://ofbiz.apache.org/security.html | source : security@apache.org

Vulnerability : CWE-22
Vulnerability : CWE-434


Vulnerability ID : CVE-2024-25065

First published on : 29-02-2024 01:44:14
Last modified on : 29-02-2024 13:49:29

Description :
Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

CVE ID : CVE-2024-25065
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/02/28/10 | source : security@apache.org
https://issues.apache.org/jira/browse/OFBIZ-12887 | source : security@apache.org
https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc | source : security@apache.org
https://ofbiz.apache.org/download.html | source : security@apache.org
https://ofbiz.apache.org/release-notes-18.12.12.html | source : security@apache.org
https://ofbiz.apache.org/security.html | source : security@apache.org

Vulnerability : CWE-22


Vulnerability ID : CVE-2024-27906

First published on : 29-02-2024 11:15:08
Last modified on : 29-02-2024 13:49:29

Description :
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

CVE ID : CVE-2024-27906
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/02/29/1 | source : security@apache.org
https://github.com/apache/airflow/pull/37290 | source : security@apache.org
https://github.com/apache/airflow/pull/37468 | source : security@apache.org
https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5 | source : security@apache.org

Vulnerability : CWE-668


Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2023-52475

First published on : 29-02-2024 06:15:45
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm->config to cancel any in-progress requests upon device disconnection. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e

CVE ID : CVE-2023-52475
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/2efe67c581a2a6122b328d4bb6f21b3f36f40d46 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5aa514100aaf59868d745196258269a16737c7bd | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5c15c60e7be615f05a45cd905093a54b11f461bc | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/67cace72606baf1758fd60feb358f4c6be92e1cc | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/6a4a396386404e62fb59bc3bde48871a64a82b4f | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8677575c4f39d65bf0d719b5d20e8042e550ccb9 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/cd2fbfd8b922b7fdd50732e47d797754ab59cb06 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e528b1b9d60743e0b26224e3fe7aa74c24b8b2f8 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52476

First published on : 29-02-2024 06:15:45
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted (NMI) for perf sampling, this call sequence can occur (most recent at top): __insn_get_emulate_prefix() insn_get_emulate_prefix() insn_get_prefixes() insn_get_opcode() decode_branch_type() get_branch_type() intel_pmu_lbr_filter() intel_pmu_handle_irq() perf_event_nmi_handler() Within __insn_get_emulate_prefix() at frame 0, a macro is called: peek_nbyte_next(insn_byte_t, insn, i) Within this macro, this dereference occurs: (insn)->next_byte Inspecting registers at this point, the value of the next_byte field is the address of the vsyscall made, for example the location of the vsyscall version of gettimeofday() at 0xffffffffff600000. The access to an address in the vsyscall region will trigger an oops due to an unhandled page fault. To fix the bug, filtering for vsyscalls can be done when determining the branch type. This patch will return a "none" branch if a kernel address if found to lie in the vsyscall region.

CVE ID : CVE-2023-52476
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/3863989497652488a50f00e96de4331e5efabc6c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/403d201d1fd144cb249836dafb222f6375871c6c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e53899771a02f798d436655efbd9d4b46c0f9265 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f71edacbd4f99c0e12fe4a4007ab4d687d0688db | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52477

First published on : 29-02-2024 06:15:45
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If usb_get_bos_descriptor() fails for whatever reason, udev->bos will be NULL and those accesses will result in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000018 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 <HASH:1f9e 1> Hardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021 Workqueue: usb_hub_wq hub_event RIP: 0010:hub_port_reset+0x193/0x788 Code: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9 RSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310 RDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840 RBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0 Call Trace: hub_event+0x73f/0x156e ? hub_activate+0x5b7/0x68f process_one_work+0x1a2/0x487 worker_thread+0x11a/0x288 kthread+0x13a/0x152 ? process_one_work+0x487/0x487 ? kthread_associate_blkcg+0x70/0x70 ret_from_fork+0x1f/0x30 Fall back to a default behavior if the BOS descriptor isn't accessible and skip all the functionalities that depend on it: LPM support checks, Super Speed capabilitiy checks, U1/U2 states setup.

CVE ID : CVE-2023-52477
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/136f69a04e71ba3458d137aec3bb2ce1232c0289 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/241f230324337ed5eae3846a554fb6d15169872c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/528f0ba9f7a4bc1b61c9b6eb591ff97ca37cac6b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/6ad3e9fd3632106696692232bf7ff88b9f7e1bc3 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8e7346bfea56453e31b7421c1c17ca2fb9ed613d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c64e4dca9aefd232b17ac4c779b608b286654e81 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f74a7afc224acd5e922c7a2e52244d891bbe44ee | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/fb9895ab9533534335fa83d70344b397ac862c81 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52478

First published on : 29-02-2024 06:15:45
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs from a workqueue but it also runs on probe() and if a "device-connected" packet is received by the hw when the thread running hidpp_connect_event() from probe() is waiting on the hw, then a second thread running hidpp_connect_event() will be started from the workqueue. This opens the following races (note the below code is simplified): 1. Retrieving + printing the protocol (harmless race): if (!hidpp->protocol_major) { hidpp_root_get_protocol_version() hidpp->protocol_major = response.rap.params[0]; } We can actually see this race hit in the dmesg in the abrt output attached to rhbz#2227968: [ 3064.624215] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected. [ 3064.658184] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected. Testing with extra logging added has shown that after this the 2 threads take turn grabbing the hw access mutex (send_mutex) so they ping-pong through all the other TOCTOU cases managing to hit all of them: 2. Updating the name to the HIDPP name (harmless race): if (hidpp->name == hdev->name) { ... hidpp->name = new_name; } 3. Initializing the power_supply class for the battery (problematic!): hidpp_initialize_battery() { if (hidpp->battery.ps) return 0; probe_battery(); /* Blocks, threads take turns executing this */ hidpp->battery.desc.properties = devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL); hidpp->battery.ps = devm_power_supply_register(&hidpp->hid_dev->dev, &hidpp->battery.desc, cfg); } 4. Creating delayed input_device (potentially problematic): if (hidpp->delayed_input) return; hidpp->delayed_input = hidpp_allocate_input(hdev); The really big problem here is 3. Hitting the race leads to the following sequence: hidpp->battery.desc.properties = devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL); hidpp->battery.ps = devm_power_supply_register(&hidpp->hid_dev->dev, &hidpp->battery.desc, cfg); ... hidpp->battery.desc.properties = devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL); hidpp->battery.ps = devm_power_supply_register(&hidpp->hid_dev->dev, &hidpp->battery.desc, cfg); So now we have registered 2 power supplies for the same battery, which looks a bit weird from userspace's pov but this is not even the really big problem. Notice how: 1. This is all devm-maganaged 2. The hidpp->battery.desc struct is shared between the 2 power supplies 3. hidpp->battery.desc.properties points to the result from the second devm_kmemdup() This causes a use after free scenario on USB disconnect of the receiver: 1. The last registered power supply class device gets unregistered 2. The memory from the last devm_kmemdup() call gets freed, hidpp->battery.desc.properties now points to freed memory 3. The first registered power supply class device gets unregistered, this involves sending a remove uevent to userspace which invokes power_supply_uevent() to fill the uevent data 4. power_supply_uevent() uses hidpp->battery.desc.properties which now points to freed memory leading to backtraces like this one: Sep 22 20:01:35 eric kernel: BUG: unable to handle page fault for address: ffffb2140e017f08 ... Sep 22 20:01:35 eric kernel: Workqueue: usb_hub_wq hub_event Sep 22 20:01:35 eric kernel: RIP: 0010:power_supply_uevent+0xee/0x1d0 ... Sep 22 20:01:35 eric kernel: ? asm_exc_page_fault+0x26/0x30 Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0xee/0x1d0 Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0x10d/0x1d0 Sep 22 20:01:35 eric kernel: dev_uevent+0x10f/0x2d0 Sep 22 20:01:35 eric kernel: kobject_uevent_env+0x291/0x680 Sep 22 20:01:35 eric kernel: ---truncated---

CVE ID : CVE-2023-52478
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/093af62c023537f097d2ebdfaa0bc7c1a6e874e1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/28ddc1e0b898291323b62d770b1b931de131a528 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/44481b244fcaa2b895a53081d6204c574720c38c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ca0c4cc1d215dc22ab0e738c9f017c650f3183f5 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/cd0e2bf7fb22fe9b989c59c42dca06367fd10e6b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/dac501397b9d81e4782232c39f94f4307b137452 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f7b2c7d9831af99369fe8ad9b2a68d78942f414e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/fd72ac9556a473fc7daf54efb6ca8a97180d621d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52479

First published on : 29-02-2024 06:15:45
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix uaf in smb20_oplock_break_ack drop reference after use opinfo.

CVE ID : CVE-2023-52479
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/694e13732e830cbbfedb562e57f28644927c33fd | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8226ffc759ea59f10067b9acdf7f94bae1c69930 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c69813471a1ec081a0b9bf0c6bd7e8afd818afce | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/d5b0e9d3563e7e314a850e81f42b2ef6f39882f9 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52480

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | | xa_erase(&conn->sessions, sess->id); | | ksmbd_session_destroy(sess) --> kfree(sess) | // UAF! | sess->last_active = jiffies | + This patch add rwsem to fix race condition between ksmbd_session_lookup and ksmbd_expire_session.

CVE ID : CVE-2023-52480
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/18ced78b0ebccc2d16f426143dc56ab3aad666be | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/53ff5cf89142b978b1a5ca8dc4d4425e6a09745f | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a2ca5fd3dbcc665e1169044fa0c9e3eba779202b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c77fd3e25a51ac92b0f1b347a96eff6a0b4f066f | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52481

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Implement the workaround for ARM Cortex-A520 erratum 2966298. On an affected Cortex-A520 core, a speculatively executed unprivileged load might leak data from a privileged load via a cache side channel. The issue only exists for loads within a translation regime with the same translation (e.g. same ASID and VMID). Therefore, the issue only affects the return to EL0. The workaround is to execute a TLBI before returning to EL0 after all loads of privileged data. A non-shareable TLBI to any address is sufficient. The workaround isn't necessary if page table isolation (KPTI) is enabled, but for simplicity it will be. Page table isolation should normally be disabled for Cortex-A520 as it supports the CSV3 feature and the E0PD feature (used when KASLR is enabled).

CVE ID : CVE-2023-52481
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52482

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too.

CVE ID : CVE-2023-52482
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/6ce2f297a7168274547d0b5aea6c7c16268b8a96 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a5ef7d68cea1344cf524f04981c2b3f80bedbb0d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/cf43b304b6952b549d58feabc342807b334f03d4 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f090a8b4d2e3ec6f318d6fdab243a2edc5a8cc37 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52483

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups (mctp_route_lookup and mctp_route_lookup_null) traverse the net's route list without the RCU read lock held. This means the route lookup is subject to preemption, resulting in an potential grace period expiry, and so an eventual kfree() while we still have the route pointer. Add the proper read-side critical section locks around the route lookups, preventing premption and a possible parallel kfree. The remaining net->mctp.routes accesses are already under a rcu_read_lock, or protected by the RTNL for updates. Based on an analysis from Sili Luo <rootlab@huawei.com>, where introducing a delay in the route lookup could cause a UAF on simultaneous sendmsg() and route deletion.

CVE ID : CVE-2023-52483
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/1db0724a01b558feb1ecae551782add1951a114a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/2405f64a95a7a094eb24cba9bcfaffd1ea264de4 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5093bbfc10ab6636b32728e35813cbd79feb063c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/6c52b12159049046483fdb0c411a0a1869c41a67 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52484

First published on : 29-02-2024 06:15:46
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range When running an SVA case, the following soft lockup is triggered: -------------------------------------------------------------------- watchdog: BUG: soft lockup - CPU#244 stuck for 26s! pstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : arm_smmu_cmdq_issue_cmdlist+0x178/0xa50 lr : arm_smmu_cmdq_issue_cmdlist+0x150/0xa50 sp : ffff8000d83ef290 x29: ffff8000d83ef290 x28: 000000003b9aca00 x27: 0000000000000000 x26: ffff8000d83ef3c0 x25: da86c0812194a0e8 x24: 0000000000000000 x23: 0000000000000040 x22: ffff8000d83ef340 x21: ffff0000c63980c0 x20: 0000000000000001 x19: ffff0000c6398080 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: ffff3000b4a3bbb0 x14: ffff3000b4a30888 x13: ffff3000b4a3cf60 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : ffffc08120e4d6bc x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000048cfa x5 : 0000000000000000 x4 : 0000000000000001 x3 : 000000000000000a x2 : 0000000080000000 x1 : 0000000000000000 x0 : 0000000000000001 Call trace: arm_smmu_cmdq_issue_cmdlist+0x178/0xa50 __arm_smmu_tlb_inv_range+0x118/0x254 arm_smmu_tlb_inv_range_asid+0x6c/0x130 arm_smmu_mm_invalidate_range+0xa0/0xa4 __mmu_notifier_invalidate_range_end+0x88/0x120 unmap_vmas+0x194/0x1e0 unmap_region+0xb4/0x144 do_mas_align_munmap+0x290/0x490 do_mas_munmap+0xbc/0x124 __vm_munmap+0xa8/0x19c __arm64_sys_munmap+0x28/0x50 invoke_syscall+0x78/0x11c el0_svc_common.constprop.0+0x58/0x1c0 do_el0_svc+0x34/0x60 el0_svc+0x2c/0xd4 el0t_64_sync_handler+0x114/0x140 el0t_64_sync+0x1a4/0x1a8 -------------------------------------------------------------------- Note that since 6.6-rc1 the arm_smmu_mm_invalidate_range above is renamed to "arm_smmu_mm_arch_invalidate_secondary_tlbs", yet the problem remains. The commit 06ff87bae8d3 ("arm64: mm: remove unused functions and variable protoypes") fixed a similar lockup on the CPU MMU side. Yet, it can occur to SMMU too, since arm_smmu_mm_arch_invalidate_secondary_tlbs() is called typically next to MMU tlb flush function, e.g. tlb_flush_mmu_tlbonly { tlb_flush { __flush_tlb_range { // check MAX_TLBI_OPS } } mmu_notifier_arch_invalidate_secondary_tlbs { arm_smmu_mm_arch_invalidate_secondary_tlbs { // does not check MAX_TLBI_OPS } } } Clone a CMDQ_MAX_TLBI_OPS from the MAX_TLBI_OPS in tlbflush.h, since in an SVA case SMMU uses the CPU page table, so it makes sense to align with the tlbflush code. Then, replace per-page TLBI commands with a single per-asid TLBI command, if the request size hits this threshold.

CVE ID : CVE-2023-52484
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/3283a1bce9bbc978059f790b84f3c10c32492429 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/d5afb4b47e13161b3f33904d45110f9e6463bad6 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f5a604757aa8e37ea9c7011dc9da54fa1b30f29b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f90f4c562003ac3d3b135c5a40a5383313f27264 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2024-26607

First published on : 29-02-2024 12:15:47
Last modified on : 29-02-2024 13:49:29

Description :
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x] [ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm] [ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper] [ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper] [ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm] [ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper] [ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper] [ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper] [ 53.326401] drm_client_register+0x5c/0xa0 [drm] [ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper] [ 53.336881] tidss_probe+0x128/0x264 [tidss] [ 53.341174] platform_probe+0x68/0xc4 [ 53.344841] really_probe+0x188/0x3c4 [ 53.348501] __driver_probe_device+0x7c/0x16c [ 53.352854] driver_probe_device+0x3c/0x10c [ 53.357033] __device_attach_driver+0xbc/0x158 [ 53.361472] bus_for_each_drv+0x88/0xe8 [ 53.365303] __device_attach+0xa0/0x1b4 [ 53.369135] device_initial_probe+0x14/0x20 [ 53.373314] bus_probe_device+0xb0/0xb4 [ 53.377145] deferred_probe_work_func+0xcc/0x124 [ 53.381757] process_one_work+0x1f0/0x518 [ 53.385770] worker_thread+0x1e8/0x3dc [ 53.389519] kthread+0x11c/0x120 [ 53.392750] ret_from_fork+0x10/0x20 The issue here is as follows: - tidss probes, but is deferred as sii902x is still missing. - sii902x starts probing and enters sii902x_init(). - sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from DRM's perspective. - sii902x calls sii902x_audio_codec_init() and platform_device_register_data() - The registration of the audio platform device causes probing of the deferred devices. - tidss probes, which eventually causes sii902x_bridge_get_edid() to be called. - sii902x_bridge_get_edid() tries to use the i2c to read the edid. However, the sii902x driver has not set up the i2c part yet, leading to the crash. Fix this by moving the drm_bridge_add() to the end of the sii902x_init(), which is also at the very end of sii902x_probe().

CVE ID : CVE-2024-26607
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/08ac6f132dd77e40f786d8af51140c96c6d739c9 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/2a4c6af7934a7b4c304542c38fee35e09cc1770c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/56f96cf6eb11a1c2d594367c3becbfb06a855ec1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e0f83c234ea7a3dec1f84e5d02caa1c51664a076 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Vulnerability ID : CVE-2023-52485

First published on : 29-02-2024 15:15:07
Last modified on : 29-02-2024 18:06:42

Description :
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command [Why] We can hang in place trying to send commands when the DMCUB isn't powered on. [How] For functions that execute within a DC context or DC lock we can wrap the direct calls to dm_execute_dmub_cmd/list with code that exits idle power optimizations and reallows once we're done with the command submission on success. For DM direct submissions the DM will need to manage the enter/exit sequencing manually. We cannot invoke a DMCUB command directly within the DM execution helper or we can deadlock.

CVE ID : CVE-2023-52485
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67


Source : cert.pl

Vulnerability ID : CVE-2024-0864

First published on : 29-02-2024 13:15:07
Last modified on : 29-02-2024 13:49:29

Description :
Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin.

CVE ID : CVE-2024-0864
Source : cvd@cert.pl
CVSS Score : /

References :
https://cert.pl/en/posts/2024/02/CVE-2024-0864 | source : cvd@cert.pl
https://cert.pl/posts/2024/02/CVE-2024-0864 | source : cvd@cert.pl
https://laragon.org/ | source : cvd@cert.pl

Vulnerability : CWE-20


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.