Vulnerability ID : CVE-2024-27956

First published on : 21-03-2024 17:15:08
Last modified on : 21-03-2024 19:47:03

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.

CVE ID : CVE-2024-27956
Source : audit@patchstack.com
CVSS Score : 9.9

References :
https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-1202

First published on : 21-03-2024 02:51:38
Last modified on : 21-03-2024 12:58:51

Description :
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that the product is not supported.

CVE ID : CVE-2024-1202
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-24-0174 | source : iletisim@usom.gov.tr

Vulnerability : CWE-305

Vulnerability ID : CVE-2024-27922

First published on : 21-03-2024 02:52:21
Last modified on : 21-03-2024 12:58:51

Description :
TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may vary depending on the specific usage of the package but it can potentially affect any system where this package is in use. The problem has been patched in version 2.0.2. As of time of publication, no specific workaround strategies have been disclosed.

CVE ID : CVE-2024-27922
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-v533 | source : security-advisories@github.com

Vulnerability : CWE-444

Vulnerability ID : CVE-2024-2161

First published on : 21-03-2024 06:15:46
Last modified on : 21-03-2024 12:58:51

Description :
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

CVE ID : CVE-2024-2161
Source : vulnerability@ncsc.ch
CVSS Score : 9.8

References :
https://www.kiloview.com/en/support/download/1779/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n20-firmware-download/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n3-for-ndi/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n3-s-firmware-download/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n30-for-ndi/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n40/ | source : vulnerability@ncsc.ch

Vulnerability : CWE-798

Vulnerability ID : CVE-2024-1147

First published on : 21-03-2024 08:15:07
Last modified on : 21-03-2024 12:58:51

Description :
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files.

CVE ID : CVE-2024-1147
Source : security@opentext.com
CVSS Score : 9.8

References :
https://portal.microfocus.com/s/article/KM000026669 | source : security@opentext.com

Vulnerability : CWE-287

Vulnerability ID : CVE-2024-1148

First published on : 21-03-2024 08:15:07
Last modified on : 21-03-2024 12:58:51

Description :
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files.

CVE ID : CVE-2024-1148
Source : security@opentext.com
CVSS Score : 9.8

References :
https://portal.microfocus.com/s/article/KM000026669 | source : security@opentext.com

Vulnerability : CWE-287

Vulnerability ID : CVE-2024-29732

First published on : 21-03-2024 11:15:28
Last modified on : 21-03-2024 12:58:51

Description :
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.

CVE ID : CVE-2024-29732
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-29870

First published on : 21-03-2024 14:15:07
Last modified on : 21-03-2024 15:24:35

Description :
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

CVE ID : CVE-2024-29870
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-29871

First published on : 21-03-2024 14:15:08
Last modified on : 21-03-2024 15:24:35

Description :
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

CVE ID : CVE-2024-29871
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-29872

First published on : 21-03-2024 14:15:08
Last modified on : 21-03-2024 15:24:35

Description :
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

CVE ID : CVE-2024-29872
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-29873

First published on : 21-03-2024 14:15:08
Last modified on : 21-03-2024 15:24:35

Description :
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

CVE ID : CVE-2024-29873
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-29874

First published on : 21-03-2024 14:15:08
Last modified on : 21-03-2024 15:24:35

Description :
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

CVE ID : CVE-2024-29874
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-29875

First published on : 21-03-2024 14:15:08
Last modified on : 21-03-2024 15:24:35

Description :
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

CVE ID : CVE-2024-29875
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-29876

First published on : 21-03-2024 14:15:09
Last modified on : 21-03-2024 15:24:35

Description :
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

CVE ID : CVE-2024-29876
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-28916

First published on : 21-03-2024 00:15:09
Last modified on : 21-03-2024 12:58:51

Description :
Xbox Gaming Services Elevation of Privilege Vulnerability

CVE ID : CVE-2024-28916
Source : secure@microsoft.com
CVSS Score : 8.8

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28916 | source : secure@microsoft.com

Vulnerability ID : CVE-2024-27923

First published on : 21-03-2024 02:52:21
Last modified on : 21-03-2024 12:58:51

Description :
Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.

CVE ID : CVE-2024-27923
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07 | source : security-advisories@github.com
https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v | source : security-advisories@github.com

Vulnerability : CWE-287
Vulnerability : CWE-434

Vulnerability ID : CVE-2024-27936

First published on : 21-03-2024 02:52:22
Last modified on : 21-03-2024 12:58:51

Description :
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41 of the deno_runtime library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to the program are based on the contents that contain the ANSI escape sequences. Any Deno program can spoof the content of the interactive permission prompt by inserting a broken ANSI code, which allows a malicious Deno program to display the wrong file path or program name to the user. Version 1.41 of the deno_runtime library contains a patch for the issue.

CVE ID : CVE-2024-27936
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/denoland/deno/commit/78d430103a8f6931154ddbbe19d36f3b8630286d | source : security-advisories@github.com
https://github.com/denoland/deno/commit/7e6b94231290020b55f1d08fb03ea8132781abc5 | source : security-advisories@github.com
https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw | source : security-advisories@github.com

Vulnerability : CWE-150

Vulnerability ID : CVE-2024-27921

First published on : 21-03-2024 22:15:11
Last modified on : 21-03-2024 22:15:11

Description :
Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue.

CVE ID : CVE-2024-27921
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99 | source : security-advisories@github.com
https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc | source : security-advisories@github.com

Vulnerability : CWE-22

Vulnerability ID : CVE-2024-28116

First published on : 21-03-2024 22:15:11
Last modified on : 21-03-2024 22:15:11

Description :
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.

CVE ID : CVE-2024-28116
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e | source : security-advisories@github.com
https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh | source : security-advisories@github.com

Vulnerability : CWE-1336
Vulnerability : CWE-94

Vulnerability ID : CVE-2024-28117

First published on : 21-03-2024 22:15:11
Last modified on : 21-03-2024 22:15:11

Description :
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Upgrading to patched version 1.7.45 can mitigate this issue.

CVE ID : CVE-2024-28117
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe | source : security-advisories@github.com
https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv | source : security-advisories@github.com

Vulnerability : CWE-94

Vulnerability ID : CVE-2024-28118

First published on : 21-03-2024 22:15:12
Last modified on : 21-03-2024 22:15:12

Description :
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue.

CVE ID : CVE-2024-28118
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe | source : security-advisories@github.com
https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4 | source : security-advisories@github.com

Vulnerability : CWE-94

Vulnerability ID : CVE-2024-28119

First published on : 21-03-2024 22:15:12
Last modified on : 21-03-2024 22:15:12

Description :
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue.

CVE ID : CVE-2024-28119
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe | source : security-advisories@github.com
https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58 | source : security-advisories@github.com
https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99 | source : security-advisories@github.com

Vulnerability : CWE-94

Vulnerability ID : CVE-2024-27934

First published on : 21-03-2024 02:52:22
Last modified on : 21-03-2024 12:58:51

Description :
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable for both `*const c_void` and `ExternalPointer` implementations. Version 1.40.3 fixes this issue.

CVE ID : CVE-2024-27934
Source : security-advisories@github.com
CVSS Score : 8.4

References :
https://github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf | source : security-advisories@github.com

Vulnerability : CWE-416

Vulnerability ID : CVE-2024-27918

First published on : 21-03-2024 02:52:20
Last modified on : 21-03-2024 12:58:51

Description :
Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user's email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider. Coder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting.

CVE ID : CVE-2024-27918
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0 | source : security-advisories@github.com
https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31 | source : security-advisories@github.com
https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb | source : security-advisories@github.com
https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c | source : security-advisories@github.com
https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf | source : security-advisories@github.com

Vulnerability : CWE-20

Vulnerability ID : CVE-2024-27933

First published on : 21-03-2024 02:52:22
Last modified on : 21-03-2024 12:58:51

Description :
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node child_process IPC relies on the JS side to pass the raw IPC file descriptor to `op_node_ipc_pipe()`, which returns a `IpcJsonStreamResource` ID associated with the file descriptor. On closing the resource, the raw file descriptor is closed together. Use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors. This allow standard input (fd 0) to be closed and re-opened for a different resource, which allows a silent permission prompt bypass. This is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable. There is a working exploit that achieves arbitrary code execution by bypassing prompts from zero permissions, additionally abusing the fact that Cache API lacks filesystem permission checks. The attack can be conducted silently as stderr can also be closed, suppressing all prompt outputs. Version 1.39.1 fixes the bug.

CVE ID : CVE-2024-27933
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L214 | source : security-advisories@github.com
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L220 | source : security-advisories@github.com
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L225 | source : security-advisories@github.com
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L241 | source : security-advisories@github.com
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L256 | source : security-advisories@github.com
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L265 | source : security-advisories@github.com
https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L99 | source : security-advisories@github.com
https://github.com/denoland/deno/commit/55fac9f5ead6d30996400e8597c969b675c5a22b | source : security-advisories@github.com
https://github.com/denoland/deno/commit/5a91a065b882215dde209baf626247e54c21a392 | source : security-advisories@github.com
https://github.com/denoland/deno/security/advisories/GHSA-6q4w-9x56-rmwq | source : security-advisories@github.com

Vulnerability : CWE-863

Vulnerability ID : CVE-2024-27105

First published on : 21-03-2024 02:52:18
Last modified on : 21-03-2024 12:58:51

Description :
Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available.

CVE ID : CVE-2024-27105
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/frappe/frappe/security/advisories/GHSA-hq5v-q29v-7rcw | source : security-advisories@github.com

Vulnerability : CWE-863

Vulnerability ID : CVE-2024-24813

First published on : 21-03-2024 02:52:11
Last modified on : 21-03-2024 12:58:51

Description :
Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available.

CVE ID : CVE-2024-24813
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/frappe/frappe/security/advisories/GHSA-fxfv-7gwx-54jh | source : security-advisories@github.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-27292

First published on : 21-03-2024 02:52:19
Last modified on : 21-03-2024 12:58:51

Description :
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

CVE ID : CVE-2024-27292
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9 | source : security-advisories@github.com
https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv | source : security-advisories@github.com

Vulnerability : CWE-706

Vulnerability ID : CVE-2024-28101

First published on : 21-03-2024 02:52:23
Last modified on : 21-03-2024 12:58:51

Description :
The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. Router version 1.40.2 has a fix for the vulnerability. Those who are unable to upgrade may be able to implement mitigations at proxies or load balancers positioned in front of their Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size.

CVE ID : CVE-2024-28101
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/apollographql/router/commit/9e9527c73c8f34fc8438b09066163cd42520f413 | source : security-advisories@github.com
https://github.com/apollographql/router/security/advisories/GHSA-cgqf-3cq5-wvcj | source : security-advisories@github.com

Vulnerability : CWE-409

Vulnerability ID : CVE-2024-29180

First published on : 21-03-2024 17:15:09
Last modified on : 21-03-2024 19:47:03

Description :
Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack. Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer's machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing.

CVE ID : CVE-2024-29180
Source : security-advisories@github.com
CVSS Score : 7.4

References :
https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82 | source : security-advisories@github.com
https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21 | source : security-advisories@github.com
https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132 | source : security-advisories@github.com
https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353 | source : security-advisories@github.com
https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e | source : security-advisories@github.com
https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4 | source : security-advisories@github.com
https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2 | source : security-advisories@github.com
https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0 | source : security-advisories@github.com
https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6 | source : security-advisories@github.com

Vulnerability : CWE-22

Vulnerability ID : CVE-2024-28123

First published on : 21-03-2024 02:52:23
Last modified on : 21-03-2024 12:58:51

Description :
Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1.

CVE ID : CVE-2024-28123
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f | source : security-advisories@github.com
https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1 | source : security-advisories@github.com
https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq | source : security-advisories@github.com

Vulnerability : CWE-787

Vulnerability ID : CVE-2024-27935

First published on : 21-03-2024 02:52:22
Last modified on : 21-03-2024 12:58:51

Description :
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance optimization to limit allocations during these asynchronous read operations. This can lead to data intended for one session being received by another session, potentially resulting in data corruption and unexpected behavior. This affects all users of Deno that use the node.js compatibility layer for network communication or other streams, including packages that may require node.js libraries indirectly. Version 1.36.3 contains a patch for this issue.

CVE ID : CVE-2024-27935
Source : security-advisories@github.com
CVSS Score : 7.2

References :
https://github.com/denoland/deno/commit/3e9fb8aafd9834ebacd27734cea4310caaf794c6 | source : security-advisories@github.com
https://github.com/denoland/deno/issues/20188 | source : security-advisories@github.com
https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp | source : security-advisories@github.com

Vulnerability : CWE-488

Vulnerability ID : CVE-2024-27916

First published on : 21-03-2024 02:52:20
Last modified on : 21-03-2024 12:58:51

Description :
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue.

CVE ID : CVE-2024-27916
Source : security-advisories@github.com
CVSS Score : 7.1

References :
https://github.com/stacklok/minder/blob/a115c8524fbd582b2b277eaadce024bebbded508/internal/controlplane/handlers_repositories.go#L277-L278 | source : security-advisories@github.com
https://github.com/stacklok/minder/blob/main/internal/controlplane/handlers_repositories.go#L257-L299 | source : security-advisories@github.com
https://github.com/stacklok/minder/commit/45750b4e9fb2de33365758366e06c19e999bd2eb | source : security-advisories@github.com
https://github.com/stacklok/minder/security/advisories/GHSA-v627-69v2-xx37 | source : security-advisories@github.com

Vulnerability : CWE-285

Vulnerability ID : CVE-2024-1538

First published on : 21-03-2024 04:15:09
Last modified on : 21-03-2024 12:58:51

Description :
The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5.

CVE ID : CVE-2024-1538
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/changeset/3051451/wp-file-manager | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-2162

First published on : 21-03-2024 06:15:47
Last modified on : 21-03-2024 12:58:51

Description :
An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

CVE ID : CVE-2024-2162
Source : vulnerability@ncsc.ch
CVSS Score : 8.8

References :
https://www.kiloview.com/en/support/download/1779/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n20-firmware-download/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n3-for-ndi/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n3-s-firmware-download/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n30-for-ndi/ | source : vulnerability@ncsc.ch
https://www.kiloview.com/en/support/download/n40/ | source : vulnerability@ncsc.ch

Vulnerability : CWE-78

Vulnerability ID : CVE-2024-27964

First published on : 21-03-2024 17:15:09
Last modified on : 21-03-2024 19:47:03

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9.

CVE ID : CVE-2024-27964
Source : audit@patchstack.com
CVSS Score : 8.8

References :
https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-9-arbitrary-file-upload-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-434

Vulnerability ID : CVE-2024-27993

First published on : 21-03-2024 15:16:53
Last modified on : 21-03-2024 15:24:35

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2.

CVE ID : CVE-2024-27993
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/calendarista-basic-edition/wordpress-calendarista-basic-edition-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-27994

First published on : 21-03-2024 15:16:53
Last modified on : 21-03-2024 15:24:35

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0.

CVE ID : CVE-2024-27994
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/yith-woocommerce-product-add-ons/wordpress-yith-woocommerce-product-add-ons-plugin-4-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-27962

First published on : 21-03-2024 17:15:08
Last modified on : 21-03-2024 19:47:03

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1.

CVE ID : CVE-2024-27962
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/wp-mpdf/wordpress-wp-mpdf-plugin-3-7-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-27968

First published on : 21-03-2024 17:15:09
Last modified on : 21-03-2024 19:47:03

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5.

CVE ID : CVE-2024-27968
Source : audit@patchstack.com
CVSS Score : 7.1

References :
https://patchstack.com/database/vulnerability/wp-cloudflare-page-cache/wordpress-super-page-cache-for-cloudflare-plugin-4-7-5-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-2763

First published on : 21-03-2024 21:15:10
Last modified on : 21-03-2024 21:15:10

Description :
A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Affected by this issue is the function formSetCfm of the file goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2763
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetCfm.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257600 | source : cna@vuldb.com
https://vuldb.com/?id.257600 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2764

First published on : 21-03-2024 21:15:11
Last modified on : 21-03-2024 21:15:11

Description :
A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2764
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257601 | source : cna@vuldb.com
https://vuldb.com/?id.257601 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2014

First published on : 21-03-2024 02:52:26
Last modified on : 21-03-2024 12:58:51

Description :
A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2014
Source : cna@vuldb.com
CVSS Score : 7.3

References :
https://github.com/mashroompc0527/CVE/blob/main/vul.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.255268 | source : cna@vuldb.com
https://vuldb.com/?id.255268 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-25937

First published on : 21-03-2024 22:15:10
Last modified on : 21-03-2024 22:15:10

Description :
SQL injection vulnerability exists in the script DIAE_tagHandler.ashx.

CVE ID : CVE-2024-25937
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-28029

First published on : 21-03-2024 22:15:11
Last modified on : 21-03-2024 22:15:11

Description :
Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality.

CVE ID : CVE-2024-28029
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-285

Vulnerability ID : CVE-2024-28891

First published on : 21-03-2024 22:15:12
Last modified on : 21-03-2024 22:15:12

Description :
SQL injection vulnerability exists in the script Handler_CFG.ashx.

CVE ID : CVE-2024-28891
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.8

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-1394

First published on : 21-03-2024 13:00:08
Last modified on : 21-03-2024 19:15:09

Description :
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.

CVE ID : CVE-2024-1394
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://access.redhat.com/errata/RHSA-2024:1462 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:1468 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:1472 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-1394 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2262921 | source : secalert@redhat.com
https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 | source : secalert@redhat.com

Vulnerability : CWE-401

Vulnerability ID : CVE-2024-29877

First published on : 21-03-2024 14:15:09
Last modified on : 21-03-2024 15:24:35

Description :
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

CVE ID : CVE-2024-29877
Source : cve-coordination@incibe.es
CVSS Score : 7.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-29878

First published on : 21-03-2024 14:15:09
Last modified on : 21-03-2024 15:24:35

Description :
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

CVE ID : CVE-2024-29878
Source : cve-coordination@incibe.es
CVSS Score : 7.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-29879

First published on : 21-03-2024 14:15:09
Last modified on : 21-03-2024 15:24:35

Description :
Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data.

CVE ID : CVE-2024-29879
Source : cve-coordination@incibe.es
CVSS Score : 7.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | source : cve-coordination@incibe.es

Vulnerability : CWE-79

Vulnerability ID : CVE-2023-35899

First published on : 21-03-2024 02:47:58
Last modified on : 21-03-2024 12:58:51

Description :
IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.

CVE ID : CVE-2023-35899
Source : psirt@us.ibm.com
CVSS Score : 7.0

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/259354 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7030357 | source : psirt@us.ibm.com

Vulnerability : CWE-1236

Vulnerability ID : CVE-2024-28102

First published on : 21-03-2024 02:52:23
Last modified on : 21-03-2024 12:58:51

Description :
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.

CVE ID : CVE-2024-28102
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f | source : security-advisories@github.com
https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97 | source : security-advisories@github.com

Vulnerability : CWE-770

Vulnerability ID : CVE-2024-27094

First published on : 21-03-2024 02:52:18
Last modified on : 21-03-2024 12:58:51

Description :
OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.

CVE ID : CVE-2024-27094
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854 | source : security-advisories@github.com
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1 | source : security-advisories@github.com
https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6 | source : security-advisories@github.com
https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c | source : security-advisories@github.com
https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967 | source : security-advisories@github.com

Vulnerability : CWE-125

Vulnerability ID : CVE-2024-27927

First published on : 21-03-2024 02:52:21
Last modified on : 21-03-2024 12:58:51

Description :
RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request.

CVE ID : CVE-2024-27927
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/m4/index.js#L10-L14 | source : security-advisories@github.com
https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/zjol/paper.js#L7-L13 | source : security-advisories@github.com
https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/acct.js#L4-L7 | source : security-advisories@github.com
https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/utils.js#L85-L105 | source : security-advisories@github.com
https://github.com/DIYgod/RSSHub/commit/a42947231104a9ec3436fc52cedb31740c9a7069 | source : security-advisories@github.com
https://github.com/DIYgod/RSSHub/security/advisories/GHSA-3p3p-cgj7-vgw3 | source : security-advisories@github.com

Vulnerability : CWE-918

Vulnerability ID : CVE-2024-1908

First published on : 21-03-2024 02:51:48
Last modified on : 21-03-2024 12:58:51

Description :
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program.

CVE ID : CVE-2024-1908
Source : product-cna@github.com
CVSS Score : 6.3

References :
https://docs.github.com/en/enterprise-server@3.8/admin/release-notes/#3.8.16 | source : product-cna@github.com
https://docs.github.com/en/enterprise-server@3.9/admin/release-notes/#3.9.11 | source : product-cna@github.com
https://https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.8 | source : product-cna@github.com
https://https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16 | source : product-cna@github.com

Vulnerability : CWE-269

Vulnerability ID : CVE-2024-27290

First published on : 21-03-2024 02:52:19
Last modified on : 21-03-2024 12:58:51

Description :
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch.

CVE ID : CVE-2024-27290
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa | source : security-advisories@github.com
https://github.com/jhpyle/docassemble/security/advisories/GHSA-pcfx-g2j2-f6f6 | source : security-advisories@github.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-27291

First published on : 21-03-2024 02:52:19
Last modified on : 21-03-2024 12:58:51

Description :
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch.

CVE ID : CVE-2024-27291
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa | source : security-advisories@github.com
https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr | source : security-advisories@github.com

Vulnerability : CWE-601

Vulnerability ID : CVE-2024-27926

First published on : 21-03-2024 02:52:21
Last modified on : 21-03-2024 12:58:51

Description :
RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version 1.0.0-master.d8ca915. No known workarounds are available.

CVE ID : CVE-2024-27926
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/DIYgod/RSSHub/commit/4d3e5d79c1c17837e931b4cd253d2013b487aa87 | source : security-advisories@github.com
https://github.com/DIYgod/RSSHub/security/advisories/GHSA-2wqw-hr4f-xrhh | source : security-advisories@github.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-24818

First published on : 21-03-2024 02:52:12
Last modified on : 21-03-2024 12:58:51

Description :
EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2.

CVE ID : CVE-2024-24818
Source : security-advisories@github.com
CVSS Score : 5.9

References :
https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7 | source : security-advisories@github.com
https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j | source : security-advisories@github.com

Vulnerability : CWE-610

Vulnerability ID : CVE-2024-27932

First published on : 21-03-2024 02:52:21
Last modified on : 21-03-2024 12:58:51

Description :
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue

CVE ID : CVE-2024-27932
Source : security-advisories@github.com
CVSS Score : 4.6

References :
https://github.com/denoland/deno/blob/3f4639c330a31741b0efda2f93ebbb833f4f95bc/cli/auth_tokens.rs#L89 | source : security-advisories@github.com
https://github.com/denoland/deno/commit/de23e3b60b066481cc390f459497d5bef42a899b | source : security-advisories@github.com
https://github.com/denoland/deno/security/advisories/GHSA-5frw-4rwq-xhcr | source : security-advisories@github.com

Vulnerability : CWE-20

Vulnerability ID : CVE-2024-2748

First published on : 21-03-2024 00:15:09
Last modified on : 21-03-2024 12:58:51

Description :
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVE ID : CVE-2024-2748
Source : product-cna@github.com
CVSS Score : 4.3

References :
https://docs.github.com/en/enterprise-server@3.12/admin/release-notes/#3.12.1 | source : product-cna@github.com

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-22352

First published on : 21-03-2024 02:52:02
Last modified on : 21-03-2024 12:58:51

Description :
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.

CVE ID : CVE-2024-22352
Source : psirt@us.ibm.com
CVSS Score : 6.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/280361 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7117184 | source : psirt@us.ibm.com

Vulnerability : CWE-532

Vulnerability ID : CVE-2024-27277

First published on : 21-03-2024 17:15:08
Last modified on : 21-03-2024 19:47:03

Description :
The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205.

CVE ID : CVE-2024-27277
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/285205 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7144861 | source : psirt@us.ibm.com

Vulnerability : CWE-200

Vulnerability ID : CVE-2023-47715

First published on : 21-03-2024 15:15:07
Last modified on : 21-03-2024 15:24:35

Description :
IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538.

CVE ID : CVE-2023-47715
Source : psirt@us.ibm.com
CVSS Score : 4.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/271538 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7144861 | source : psirt@us.ibm.com

Vulnerability : CWE-264

Vulnerability ID : CVE-2024-27963

First published on : 21-03-2024 17:15:08
Last modified on : 21-03-2024 19:47:03

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44.

CVE ID : CVE-2024-27963
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/crisp/wordpress-crisp-live-chat-and-chatbot-plugin-0-44-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2580

First published on : 21-03-2024 17:15:10
Last modified on : 21-03-2024 19:47:03

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2.

CVE ID : CVE-2024-2580
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-2-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-27995

First published on : 21-03-2024 15:16:54
Last modified on : 21-03-2024 15:24:35

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: from n/a through 4.0.23.

CVE ID : CVE-2024-27995
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-27965

First published on : 21-03-2024 17:15:09
Last modified on : 21-03-2024 19:47:03

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6.

CVE ID : CVE-2024-27965
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-3-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2578

First published on : 21-03-2024 17:15:09
Last modified on : 21-03-2024 19:47:03

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5.

CVE ID : CVE-2024-2578
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/wp-coder/wordpress-wp-coder-plugin-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2579

First published on : 21-03-2024 17:15:10
Last modified on : 21-03-2024 19:47:03

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16.

CVE ID : CVE-2024-2579
Source : audit@patchstack.com
CVSS Score : 5.9

References :
https://patchstack.com/database/vulnerability/tracking-code-manager/wordpress-tracking-code-manager-plugin-2-0-16-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2022-44595

First published on : 21-03-2024 17:15:07
Last modified on : 21-03-2024 19:47:03

Description :
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.

CVE ID : CVE-2022-44595
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp2fa-plugin-2-2-0-broken-authentication-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-287

Vulnerability ID : CVE-2024-27190

First published on : 21-03-2024 17:15:08
Last modified on : 21-03-2024 19:47:03

Description :
Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2.

CVE ID : CVE-2024-27190
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/download-media/wordpress-download-media-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2023-6500

First published on : 21-03-2024 02:50:38
Last modified on : 21-03-2024 12:58:51

Description :
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'secondarycolor' and 'maincolor'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2023-6500
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/cac2a45e-f09e-4639-9a45-68d528a5094e?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-0966

First published on : 21-03-2024 02:51:29
Last modified on : 21-03-2024 12:58:51

Description :
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'info_text'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks the information icon.

CVE ID : CVE-2024-0966
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/shariff/trunk/services/shariff-info.php#L46 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-1278

First published on : 21-03-2024 02:51:40
Last modified on : 21-03-2024 12:58:51

Description :
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efb_likebox' shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1278
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/easy-facebook-likebox/tags/6.5.4/facebook/frontend/easy-facebook-likebox.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b76bddf3-96ad-4bb0-a37b-33b451da6713?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-1326

First published on : 21-03-2024 02:51:41
Last modified on : 21-03-2024 12:58:51

Description :
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1326
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/trunk/class/elements/views/class-post-block-view.php#L375 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038362%40jeg-elementor-kit&new=3038362%40jeg-elementor-kit&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/d108cb36-c072-483e-9746-15b8e7a880c3?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-1450

First published on : 21-03-2024 02:51:42
Last modified on : 21-03-2024 12:58:51

Description :
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'align'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1450
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/shariff/tags/4.6.10/shariff.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047668%40shariff&new=3047668%40shariff&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/00a3d8e3-17b1-488b-9c42-2479932c9bf7?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-1213

First published on : 21-03-2024 02:51:38
Last modified on : 21-03-2024 12:58:51

Description :
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and efbl_save_facebook_access_token functions. This makes it possible for unauthenticated attackers to connect their facebook and instagram pages to the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-1213
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047064%40easy-facebook-likebox&new=3047064%40easy-facebook-likebox&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/262dcea7-3ac4-43ee-90d7-91f200c3496c?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-1502

First published on : 21-03-2024 02:51:43
Last modified on : 21-03-2024 12:58:51

Description :
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.

CVE ID : CVE-2024-1502
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/834c4ca9-7173-4c84-8287-9916ec72935d?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-1214

First published on : 21-03-2024 02:51:38
Last modified on : 21-03-2024 12:58:51

Description :
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for unauthenticated attackers to disconnect a site's facebook or instagram page/group connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-1214
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/easy-facebook-likebox/trunk/facebook/admin/class-easy-facebook-likebox-admin.php?rev=3047064 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/aaf62045-b9ce-40d7-92b3-7ab683e5a08c?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-1503

First published on : 21-03-2024 02:51:43
Last modified on : 21-03-2024 12:58:51

Description :
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erase_tutor_data() function. This makes it possible for unauthenticated attackers to deactivate the plugin and erase all data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This requires the "Erase upon uninstallation" option to be enabled.

CVE ID : CVE-2024-1503
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Admin.php#L465 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-2015

First published on : 21-03-2024 02:52:26
Last modified on : 21-03-2024 12:58:51

Description :
A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255269 was assigned to this vulnerability.

CVE ID : CVE-2024-2015
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5 | source : cna@vuldb.com
https://vuldb.com/?ctiid.255269 | source : cna@vuldb.com
https://vuldb.com/?id.255269 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2016

First published on : 21-03-2024 02:52:26
Last modified on : 21-03-2024 12:58:51

Description :
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-2016
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5 | source : cna@vuldb.com
https://vuldb.com/?ctiid.255270 | source : cna@vuldb.com
https://vuldb.com/?id.255270 | source : cna@vuldb.com

Vulnerability : CWE-94

Vulnerability ID : CVE-2024-2712

First published on : 21-03-2024 02:52:43
Last modified on : 21-03-2024 12:58:51

Description :
A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability.

CVE ID : CVE-2024-2712
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257465 | source : cna@vuldb.com
https://vuldb.com/?id.257465 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2713

First published on : 21-03-2024 02:52:43
Last modified on : 21-03-2024 12:58:51

Description :
A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257466 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-2713
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257466 | source : cna@vuldb.com
https://vuldb.com/?id.257466 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2766

First published on : 21-03-2024 21:15:11
Last modified on : 21-03-2024 21:15:11

Description :
A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257602 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-2766
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257602 | source : cna@vuldb.com
https://vuldb.com/?id.257602 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2767

First published on : 21-03-2024 21:15:11
Last modified on : 21-03-2024 21:15:11

Description :
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257603.

CVE ID : CVE-2024-2767
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257603 | source : cna@vuldb.com
https://vuldb.com/?id.257603 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2768

First published on : 21-03-2024 22:15:12
Last modified on : 21-03-2024 22:15:12

Description :
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257604.

CVE ID : CVE-2024-2768
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%203.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257604 | source : cna@vuldb.com
https://vuldb.com/?id.257604 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2769

First published on : 21-03-2024 22:15:12
Last modified on : 21-03-2024 22:15:12

Description :
A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257605 was assigned to this vulnerability.

CVE ID : CVE-2024-2769
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%205.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257605 | source : cna@vuldb.com
https://vuldb.com/?id.257605 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2022-4963

First published on : 21-03-2024 02:44:57
Last modified on : 21-03-2024 12:58:51

Description :
A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is d374a5f77e6b58e36f0e0e4419be18b95edcd7ff. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257516.

CVE ID : CVE-2022-4963
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/folio-org/spring-module-core/commit/d374a5f77e6b58e36f0e0e4419be18b95edcd7ff | source : cna@vuldb.com
https://github.com/folio-org/spring-module-core/pull/39 | source : cna@vuldb.com
https://github.com/folio-org/spring-module-core/releases/tag/v2.0.0 | source : cna@vuldb.com
https://vuldb.com/?ctiid.257516 | source : cna@vuldb.com
https://vuldb.com/?id.257516 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2007

First published on : 21-03-2024 02:52:25
Last modified on : 21-03-2024 12:58:51

Description :
A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-255265 was assigned to this vulnerability.

CVE ID : CVE-2024-2007
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://github.com/OpenBMB/XAgent/issues/386 | source : cna@vuldb.com
https://vuldb.com/?ctiid.255265 | source : cna@vuldb.com
https://vuldb.com/?id.255265 | source : cna@vuldb.com

Vulnerability : CWE-265

Vulnerability ID : CVE-2024-2754

First published on : 21-03-2024 07:15:47
Last modified on : 21-03-2024 12:58:51

Description :
A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544.

CVE ID : CVE-2024-2754
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/wkeyi0x1/vul-report/issues/4 | source : cna@vuldb.com
https://vuldb.com/?ctiid.257544 | source : cna@vuldb.com
https://vuldb.com/?id.257544 | source : cna@vuldb.com

Vulnerability : CWE-434

Vulnerability ID : CVE-2024-2494

First published on : 21-03-2024 14:15:10
Last modified on : 21-03-2024 15:24:35

Description :
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.

CVE ID : CVE-2024-2494
Source : secalert@redhat.com
CVSS Score : 6.2

References :
https://access.redhat.com/security/cve/CVE-2024-2494 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2270115 | source : secalert@redhat.com
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/ | source : secalert@redhat.com

Vulnerability : CWE-789

Vulnerability ID : CVE-2024-28834

First published on : 21-03-2024 14:15:07
Last modified on : 21-03-2024 15:24:35

Description :
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

CVE ID : CVE-2024-28834
Source : secalert@redhat.com
CVSS Score : 5.3

References :
https://access.redhat.com/security/cve/CVE-2024-28834 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2269228 | source : secalert@redhat.com
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html | source : secalert@redhat.com
https://people.redhat.com/~hkario/marvin/ | source : secalert@redhat.com

Vulnerability : CWE-200

Vulnerability ID : CVE-2024-28835

First published on : 21-03-2024 06:15:45
Last modified on : 21-03-2024 12:58:51

Description :
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

CVE ID : CVE-2024-28835
Source : secalert@redhat.com
CVSS Score : 5.0

References :
https://access.redhat.com/security/cve/CVE-2024-28835 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2269084 | source : secalert@redhat.com
https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html | source : secalert@redhat.com

Vulnerability : CWE-248

Vulnerability ID : CVE-2024-28756

First published on : 21-03-2024 21:15:10
Last modified on : 21-03-2024 21:15:10

Description :
The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.

CVE ID : CVE-2024-28756
Source : cve@mitre.org
CVSS Score : 5.9

References :
https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1 | source : cve@mitre.org
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt | source : cve@mitre.org

Vulnerability ID : CVE-2024-1142

First published on : 21-03-2024 02:51:36
Last modified on : 21-03-2024 12:58:51

Description :
Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue.

CVE ID : CVE-2024-1142
Source : 103e4ec9-0a87-450b-af77-479448ddef11
CVSS Score : 5.4

References :
https://support.sonatype.com/hc/en-us/articles/27034479038739-CVE-2024-1142-Sonatype-IQ-Server-Path-Traversal-2024-03-06 | source : 103e4ec9-0a87-450b-af77-479448ddef11

Vulnerability : CWE-22

Vulnerability ID : CVE-2024-26196

First published on : 21-03-2024 02:52:16
Last modified on : 21-03-2024 12:58:51

Description :
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

CVE ID : CVE-2024-26196
Source : secure@microsoft.com
CVSS Score : 4.3

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26196 | source : secure@microsoft.com

Vulnerability ID : CVE-2024-1727

First published on : 21-03-2024 20:15:07
Last modified on : 21-03-2024 20:15:07

Description :
To prevent malicious 3rd party websites from making requests to Gradio applications running locally, this PR tightens the CORS rules around Gradio applications. In particular, it checks to see if the host header is localhost (or one of its aliases) and if so, it requires the origin header (if present) to be localhost (or one of its aliases) as well.

CVE ID : CVE-2024-1727
Source : security@huntr.dev
CVSS Score : 4.3

References :
https://github.com/gradio-app/gradio/commit/84802ee6a4806c25287344dce581f9548a99834a | source : security@huntr.dev
https://huntr.com/bounties/a94d55fb-0770-4cbe-9b20-97a978a2ffff | source : security@huntr.dev

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-29880

First published on : 21-03-2024 14:15:10
Last modified on : 21-03-2024 15:24:35

Description :
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

CVE ID : CVE-2024-29880
Source : cve@jetbrains.com
CVSS Score : 4.2

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-749

Vulnerability ID : CVE-2020-26942

First published on : 21-03-2024 02:36:18
Last modified on : 21-03-2024 12:58:51

Description :
An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.

CVE ID : CVE-2020-26942
Source : cve@mitre.org
CVSS Score : /

References :
https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Authentication-Bypass-Vulnerability-CVE-2020-26942-_387.html | source : cve@mitre.org

Vulnerability ID : CVE-2023-38825

First published on : 21-03-2024 02:48:14
Last modified on : 21-03-2024 12:58:51

Description :
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php.

CVE ID : CVE-2023-38825
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/ntrampham/REDCap | source : cve@mitre.org
https://www.project-redcap.org/ | source : cve@mitre.org

Vulnerability ID : CVE-2023-49978

First published on : 21-03-2024 02:49:38
Last modified on : 21-03-2024 12:58:51

Description :
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.

CVE ID : CVE-2023-49978
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-49978 | source : cve@mitre.org
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html | source : cve@mitre.org

Vulnerability ID : CVE-2023-49979

First published on : 21-03-2024 02:49:38
Last modified on : 21-03-2024 12:58:51

Description :
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.

CVE ID : CVE-2023-49979
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-49979 | source : cve@mitre.org
https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download | source : cve@mitre.org

Vulnerability ID : CVE-2023-49980

First published on : 21-03-2024 02:49:38
Last modified on : 21-03-2024 12:58:51

Description :
A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.

CVE ID : CVE-2023-49980
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-49980 | source : cve@mitre.org
https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download | source : cve@mitre.org

Vulnerability ID : CVE-2023-49981

First published on : 21-03-2024 02:49:38
Last modified on : 21-03-2024 12:58:51

Description :
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.

CVE ID : CVE-2023-49981
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-49981 | source : cve@mitre.org
https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html | source : cve@mitre.org

Vulnerability ID : CVE-2023-49982

First published on : 21-03-2024 02:49:38
Last modified on : 21-03-2024 12:58:51

Description :
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts.

CVE ID : CVE-2023-49982
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-49982 | source : cve@mitre.org
https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html | source : cve@mitre.org

Vulnerability ID : CVE-2023-49983

First published on : 21-03-2024 02:49:38
Last modified on : 21-03-2024 12:58:51

Description :
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

CVE ID : CVE-2023-49983
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-49983 | source : cve@mitre.org
https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html | source : cve@mitre.org

Vulnerability ID : CVE-2023-49984

First published on : 21-03-2024 02:49:38
Last modified on : 21-03-2024 12:58:51

Description :
A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

CVE ID : CVE-2023-49984
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-49984 | source : cve@mitre.org
https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html | source : cve@mitre.org

Vulnerability ID : CVE-2023-49985

First published on : 21-03-2024 02:49:38
Last modified on : 21-03-2024 12:58:51

Description :
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter.

CVE ID : CVE-2023-49985
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/geraldoalcantara/CVE-2023-49985 | source : cve@mitre.org
https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html | source : cve@mitre.org

Vulnerability ID : CVE-2024-24028

First published on : 21-03-2024 02:52:09
Last modified on : 21-03-2024 12:58:51

Description :
Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo.

CVE ID : CVE-2024-24028
Source : cve@mitre.org
CVSS Score : /

References :
https://thanhlo.substack.com/p/khai-thac-lo-hong-cve-2024-24028 | source : cve@mitre.org

Vulnerability ID : CVE-2024-24110

First published on : 21-03-2024 02:52:09
Last modified on : 21-03-2024 12:58:51

Description :
SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people.

CVE ID : CVE-2024-24110
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/crmeb/crmeb_java/issues/13 | source : cve@mitre.org

Vulnerability ID : CVE-2024-24520

First published on : 21-03-2024 02:52:10
Last modified on : 21-03-2024 12:58:51

Description :
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.

CVE ID : CVE-2024-24520
Source : cve@mitre.org
CVSS Score : /

References :
http://lepton.com | source : cve@mitre.org
https://github.com/xF9979/LEPTON-CMS | source : cve@mitre.org

Vulnerability ID : CVE-2024-25167

First published on : 21-03-2024 02:52:13
Last modified on : 21-03-2024 12:58:51

Description :
Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post.

CVE ID : CVE-2024-25167
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/biantaibao/eblog_xss/blob/main/report.md | source : cve@mitre.org

Vulnerability ID : CVE-2024-25239

First published on : 21-03-2024 02:52:13
Last modified on : 21-03-2024 12:58:51

Description :
SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php.

CVE ID : CVE-2024-25239
Source : cve@mitre.org
CVSS Score : /

References :
https://blu3ming.github.io/sourcecodester-employee-management-system-sql-injection/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-25359

First published on : 21-03-2024 02:52:14
Last modified on : 21-03-2024 12:58:51

Description :
An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file.

CVE ID : CVE-2024-25359
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/bayuncao/vul-cve-10 | source : cve@mitre.org

Vulnerability ID : CVE-2024-25811

First published on : 21-03-2024 02:52:15
Last modified on : 21-03-2024 12:58:51

Description :
An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information.

CVE ID : CVE-2024-25811
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Fei123-design/vuln/blob/master/Dreamer%20CMS%20Unauthorized%20access%20vulnerability.md | source : cve@mitre.org

Vulnerability ID : CVE-2024-27626

First published on : 21-03-2024 02:52:20
Last modified on : 21-03-2024 12:58:51

Description :
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.

CVE ID : CVE-2024-27626
Source : cve@mitre.org
CVSS Score : /

References :
https://packetstormsecurity.com/files/177239/Dotclear-2.29-Cross-Site-Scripting.html | source : cve@mitre.org

Vulnerability ID : CVE-2024-28286

First published on : 21-03-2024 02:52:24
Last modified on : 21-03-2024 12:58:51

Description :
In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash

CVE ID : CVE-2024-28286
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mz-automation/libiec61850/issues/496 | source : cve@mitre.org

Vulnerability ID : CVE-2023-48901

First published on : 21-03-2024 04:15:08
Last modified on : 21-03-2024 12:58:51

Description :
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.

CVE ID : CVE-2023-48901
Source : cve@mitre.org
CVSS Score : /

References :
https://packetstormsecurity.com/files/177660/Tramyardg-Autoexpress-1.3.0-SQL-Injection.html | source : cve@mitre.org

Vulnerability ID : CVE-2023-48902

First published on : 21-03-2024 04:15:09
Last modified on : 21-03-2024 12:58:51

Description :
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.

CVE ID : CVE-2023-48902
Source : cve@mitre.org
CVSS Score : /

References :
https://packetstormsecurity.com/files/177661/Tramyardg-Autoexpress-1.3.0-Authentication-Bypass.html | source : cve@mitre.org

Vulnerability ID : CVE-2023-48903

First published on : 21-03-2024 04:15:09
Last modified on : 21-03-2024 12:58:51

Description :
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.

CVE ID : CVE-2023-48903
Source : cve@mitre.org
CVSS Score : /

References :
https://packetstormsecurity.com/files/177662/Tramyardg-Autoexpress-1.3.0-Cross-Site-Scripting.html | source : cve@mitre.org

Vulnerability ID : CVE-2024-22724

First published on : 21-03-2024 04:15:09
Last modified on : 21-03-2024 12:58:51

Description :
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.

CVE ID : CVE-2024-22724
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/osCommerce/osCommerce-V4/issues/62 | source : cve@mitre.org
https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c | source : cve@mitre.org

Vulnerability ID : CVE-2024-28635

First published on : 21-03-2024 04:15:09
Last modified on : 21-03-2024 12:58:51

Description :
Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

CVE ID : CVE-2024-28635
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/surveyjs/survey-creator/issues/5285 | source : cve@mitre.org
https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt | source : cve@mitre.org

Vulnerability ID : CVE-2024-29858

First published on : 21-03-2024 04:15:09
Last modified on : 21-03-2024 12:58:51

Description :
In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.

CVE ID : CVE-2024-29858
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/6a2986be6aad6b37858b4869e238f517b295c111 | source : cve@mitre.org

Vulnerability ID : CVE-2024-29859

First published on : 21-03-2024 04:15:09
Last modified on : 21-03-2024 12:58:51

Description :
In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.

CVE ID : CVE-2024-29859
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/MISP/MISP/commit/238010bfd004680757b324cba0c6344f77a25399 | source : cve@mitre.org

Vulnerability ID : CVE-2024-29862

First published on : 21-03-2024 04:15:09
Last modified on : 21-03-2024 12:58:51

Description :
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state.

CVE ID : CVE-2024-29862
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/chirpstack/chirpstack-gateway-bridge/commit/0c1e80c9fa9f5d093ff62903caedad86ec4640b6 | source : cve@mitre.org
https://github.com/chirpstack/chirpstack-mqtt-forwarder/commit/4fa9e6eaaec8c3ca49ebfbf6317572671f17700f | source : cve@mitre.org

Vulnerability ID : CVE-2024-29864

First published on : 21-03-2024 04:15:09
Last modified on : 21-03-2024 12:58:51

Description :
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.

CVE ID : CVE-2024-29864
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944 | source : cve@mitre.org
https://github.com/89luca89/distrobox/issues/1275 | source : cve@mitre.org

Vulnerability ID : CVE-2024-29866

First published on : 21-03-2024 14:15:07
Last modified on : 21-03-2024 15:24:35

Description :
Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges.

CVE ID : CVE-2024-29866
Source : cve@mitre.org
CVSS Score : /

References :
https://datalust.co | source : cve@mitre.org
https://github.com/datalust/seq-tickets/issues/2127 | source : cve@mitre.org

Vulnerability ID : CVE-2024-29243

First published on : 21-03-2024 15:16:54
Last modified on : 21-03-2024 15:24:35

Description :
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi.

CVE ID : CVE-2024-29243
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/AdamRitz/lbtvul/blob/main/t300mini-2.md | source : cve@mitre.org

Vulnerability ID : CVE-2024-29244

First published on : 21-03-2024 15:16:54
Last modified on : 21-03-2024 15:24:35

Description :
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi.

CVE ID : CVE-2024-29244
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/AdamRitz/lbtvul/blob/main/t300mini-2.md | source : cve@mitre.org

Vulnerability ID : CVE-2024-29916

First published on : 21-03-2024 17:15:09
Last modified on : 21-03-2024 19:47:03

Description :
The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series.

CVE ID : CVE-2024-29916
Source : cve@mitre.org
CVSS Score : /

References :
https://news.ycombinator.com/item?id=39779291 | source : cve@mitre.org
https://unsaflok.com | source : cve@mitre.org
https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-29374

First published on : 21-03-2024 19:15:09
Last modified on : 21-03-2024 19:47:03

Description :
A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter.

CVE ID : CVE-2024-29374
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/fir3storm/f9c7f3ec1a6496498517ed216d2640b2 | source : cve@mitre.org

Vulnerability ID : CVE-2024-24272

First published on : 21-03-2024 22:15:10
Last modified on : 21-03-2024 22:15:10

Description :
An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret.

CVE ID : CVE-2024-24272
Source : cve@mitre.org
CVSS Score : /

References :
https://research.hisolutions.com/2024/03/cve-2024-24272-dualsafe-password-manager-leaks-credentials/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-28521

First published on : 21-03-2024 22:15:12
Last modified on : 21-03-2024 22:15:12

Description :
SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component.

CVE ID : CVE-2024-28521
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/aknbg1thub/cve/blob/main/sql.md | source : cve@mitre.org

Vulnerability ID : CVE-2024-2053

First published on : 21-03-2024 02:52:27
Last modified on : 21-03-2024 12:58:51

Description :
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.

CVE ID : CVE-2024-2053
Source : cve@takeonme.org
CVSS Score : /

References :
http://seclists.org/fulldisclosure/2024/Mar/11 | source : cve@takeonme.org
https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt | source : cve@takeonme.org

Vulnerability : CWE-23

Vulnerability ID : CVE-2024-2054

First published on : 21-03-2024 02:52:27
Last modified on : 21-03-2024 12:58:51

Description :
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.

CVE ID : CVE-2024-2054
Source : cve@takeonme.org
CVSS Score : /

References :
http://seclists.org/fulldisclosure/2024/Mar/12 | source : cve@takeonme.org
https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt | source : cve@takeonme.org

Vulnerability : CWE-502

Vulnerability ID : CVE-2024-2167

First published on : 21-03-2024 02:52:30
Last modified on : 21-03-2024 02:52:30

Description :
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-2041. Reason: This candidate is a reservation duplicate of CVE-2024-2041. Notes: All CVE users should reference CVE-2024-2041 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVE ID : CVE-2024-2167
Source : security@wordfence.com
CVSS Score : /

References :

Vulnerability ID : CVE-2024-29131

First published on : 21-03-2024 09:15:07
Last modified on : 21-03-2024 12:58:51

Description :
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

CVE ID : CVE-2024-29131
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37 | source : security@apache.org

Vulnerability : CWE-787

Vulnerability ID : CVE-2024-29133

First published on : 21-03-2024 09:15:07
Last modified on : 21-03-2024 12:58:51

Description :
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

CVE ID : CVE-2024-29133
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 | source : security@apache.org

Vulnerability : CWE-787

Vulnerability ID : CVE-2024-26307

First published on : 21-03-2024 10:15:07
Last modified on : 21-03-2024 12:58:51

Description :
Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue.

CVE ID : CVE-2024-26307
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl | source : security@apache.org

Vulnerability : CWE-362

Vulnerability ID : CVE-2024-27438

First published on : 21-03-2024 10:15:08
Last modified on : 21-03-2024 12:58:51

Description :
Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue.

CVE ID : CVE-2024-27438
Source : security@apache.org
CVSS Score : /

References :
https://lists.apache.org/thread/h95h82b0svlnwcg6c2xq4b08j6gwgczh | source : security@apache.org

Vulnerability : CWE-494

Vulnerability ID : CVE-2023-52620

First published on : 21-03-2024 11:15:28
Last modified on : 21-03-2024 12:58:51

Description :
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.

CVE ID : CVE-2023-52620
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b7be6c737a179a76901c872f6b4c1d00552d9a1b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e26d3009efda338f19016df4175f354a9bd0a4ab | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2024-26642

First published on : 21-03-2024 11:15:28
Last modified on : 21-03-2024 12:58:51

Description :
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.

CVE ID : CVE-2024-26642
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2024-26643

First published on : 21-03-2024 11:15:28
Last modified on : 21-03-2024 12:58:51

Description :
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on transaction abort"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.

CVE ID : CVE-2024-26643
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2024-2463

First published on : 21-03-2024 15:16:54
Last modified on : 21-03-2024 15:24:35

Description :
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.

CVE ID : CVE-2024-2463
Source : cvd@cert.pl
CVSS Score : /

References :
https://cdex.cloud/ | source : cvd@cert.pl
https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | source : cvd@cert.pl
https://cert.pl/posts/2024/03/CVE-2024-2463/ | source : cvd@cert.pl

Vulnerability : CWE-640

Vulnerability ID : CVE-2024-2464

First published on : 21-03-2024 15:16:54
Last modified on : 21-03-2024 15:24:35

Description :
This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.

CVE ID : CVE-2024-2464
Source : cvd@cert.pl
CVSS Score : /

References :
https://cdex.cloud/ | source : cvd@cert.pl
https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | source : cvd@cert.pl
https://cert.pl/posts/2024/03/CVE-2024-2463/ | source : cvd@cert.pl

Vulnerability : CWE-203

Vulnerability ID : CVE-2024-2465

First published on : 21-03-2024 15:16:54
Last modified on : 21-03-2024 15:24:35

Description :
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.

CVE ID : CVE-2024-2465
Source : cvd@cert.pl
CVSS Score : /

References :
https://cdex.cloud/ | source : cvd@cert.pl
https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | source : cvd@cert.pl
https://cert.pl/posts/2024/03/CVE-2024-2463/ | source : cvd@cert.pl

Vulnerability : CWE-601

Vulnerability ID : CVE-2023-49837

First published on : 21-03-2024 17:15:07
Last modified on : 21-03-2024 19:47:03

Description :
Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6.

CVE ID : CVE-2023-49837
Source : audit@patchstack.com
CVSS Score : /

References :
https://patchstack.com/database/vulnerability/simple-embed-code/wordpress-embed-code-plugin-2-3-6-denial-of-service-attack-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-400