Latest vulnerabilities [Tuesday, February 06, 2024]

Latest vulnerabilities [Tuesday, February 06, 2024]
{{titre}}

Last update performed on 02/06/2024 at 11:57:06 PM

(12) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c

Vulnerability ID : CVE-2024-24594

First published on : 06-02-2024 15:15:10
Last modified on : 06-02-2024 17:53:00

Description :
A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.

CVE ID : CVE-2024-24594
Source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c
CVSS Score : 9.9

References :
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24592

First published on : 06-02-2024 15:15:09
Last modified on : 06-02-2024 17:53:00

Description :
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.

CVE ID : CVE-2024-24592
Source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c
CVSS Score : 9.8

References :
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c

Vulnerability : CWE-425


Vulnerability ID : CVE-2024-24593

First published on : 06-02-2024 15:15:09
Last modified on : 06-02-2024 17:53:00

Description :
A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server components of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks.

CVE ID : CVE-2024-24593
Source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c
CVSS Score : 9.6

References :
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c

Vulnerability : CWE-352


Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability ID : CVE-2023-6229

First published on : 06-02-2024 01:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVE ID : CVE-2023-6229
Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS Score : 9.8

References :
https://canon.jp/support/support-info/240205vulnerability-response | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://psirt.canon/advisory-information/cp2024-001/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.canon-europe.com/support/product-security-latest-news/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-6230

First published on : 06-02-2024 01:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVE ID : CVE-2023-6230
Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS Score : 9.8

References :
https://canon.jp/support/support-info/240205vulnerability-response | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://psirt.canon/advisory-information/cp2024-001/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.canon-europe.com/support/product-security-latest-news/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-6231

First published on : 06-02-2024 01:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVE ID : CVE-2023-6231
Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS Score : 9.8

References :
https://canon.jp/support/support-info/240205vulnerability-response | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://psirt.canon/advisory-information/cp2024-001/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.canon-europe.com/support/product-security-latest-news/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-6232

First published on : 06-02-2024 01:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVE ID : CVE-2023-6232
Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS Score : 9.8

References :
https://canon.jp/support/support-info/240205vulnerability-response | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://psirt.canon/advisory-information/cp2024-001/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.canon-europe.com/support/product-security-latest-news/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-6233

First published on : 06-02-2024 01:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVE ID : CVE-2023-6233
Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS Score : 9.8

References :
https://canon.jp/support/support-info/240205vulnerability-response | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://psirt.canon/advisory-information/cp2024-001/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.canon-europe.com/support/product-security-latest-news/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability : CWE-787


Vulnerability ID : CVE-2023-6234

First published on : 06-02-2024 01:15:09
Last modified on : 06-02-2024 13:53:38

Description :
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CVE ID : CVE-2023-6234
Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS Score : 9.8

References :
https://canon.jp/support/support-info/240205vulnerability-response | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://psirt.canon/advisory-information/cp2024-001/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.canon-europe.com/support/product-security-latest-news/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability : CWE-787


Vulnerability ID : CVE-2024-0244

First published on : 06-02-2024 01:15:09
Last modified on : 06-02-2024 13:53:38

Description :
Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.

CVE ID : CVE-2024-0244
Source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
CVSS Score : 9.8

References :
https://canon.jp/support/support-info/240205vulnerability-response | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://psirt.canon/advisory-information/cp2024-001/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.canon-europe.com/support/product-security-latest-news/ | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers | source : f98c90f0-e9bd-4fa7-911b-51993f3571fd

Vulnerability : CWE-787


Source : jetbrains.com

Vulnerability ID : CVE-2024-23917

First published on : 06-02-2024 10:15:09
Last modified on : 06-02-2024 13:53:38

Description :
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

CVE ID : CVE-2024-23917
Source : cve@jetbrains.com
CVSS Score : 9.8

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-288


Source : qualcomm.com

Vulnerability ID : CVE-2023-33072

First published on : 06-02-2024 06:16:00
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in Core while processing control functions.

CVE ID : CVE-2023-33072
Source : product-security@qualcomm.com
CVSS Score : 9.3

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


(44) HIGH VULNERABILITIES [7.0, 8.9]

Source : emc.com

Vulnerability ID : CVE-2024-22433

First published on : 06-02-2024 07:15:11
Last modified on : 06-02-2024 13:53:38

Description :
Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

CVE ID : CVE-2024-22433
Source : security_alert@emc.com
CVSS Score : 8.8

References :
https://www.dell.com/support/kbdoc/en-us/000221720/dsa-2024-063-security-update-for-dell-data-protection-search-multiple-security-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-538


Vulnerability ID : CVE-2023-25543

First published on : 06-02-2024 07:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

CVE ID : CVE-2023-25543
Source : security_alert@emc.com
CVSS Score : 7.8

References :
https://www.dell.com/support/kbdoc/en-us/000209464/dsa-2023-075 | source : security_alert@emc.com

Vulnerability : CWE-280


Vulnerability ID : CVE-2023-32451

First published on : 06-02-2024 08:15:48
Last modified on : 06-02-2024 13:53:38

Description :
Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

CVE ID : CVE-2023-32451
Source : security_alert@emc.com
CVSS Score : 7.3

References :
https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell | source : security_alert@emc.com

Vulnerability : CWE-272


Source : pingidentity.com

Vulnerability ID : CVE-2023-40545

First published on : 06-02-2024 18:15:58
Last modified on : 06-02-2024 18:15:58

Description :
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.

CVE ID : CVE-2023-40545
Source : responsible-disclosure@pingidentity.com
CVSS Score : 8.8

References :
https://docs.pingidentity.com/r/en-us/pingfederate-113/hro1701116403236 | source : responsible-disclosure@pingidentity.com
https://support.pingidentity.com/s/article/SECADV040-PingFederate-OAuth-Client-Authentication-Bypass | source : responsible-disclosure@pingidentity.com
https://www.pingidentity.com/en/resources/downloads/pingfederate/previous-releases.html | source : responsible-disclosure@pingidentity.com

Vulnerability : CWE-306


Source : qualcomm.com

Vulnerability ID : CVE-2023-43520

First published on : 06-02-2024 06:16:01
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.

CVE ID : CVE-2023-43520
Source : product-security@qualcomm.com
CVSS Score : 8.6

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43534

First published on : 06-02-2024 06:16:02
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.

CVE ID : CVE-2023-43534
Source : product-security@qualcomm.com
CVSS Score : 8.6

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43517

First published on : 06-02-2024 06:16:01
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in Automotive Multimedia due to improper access control in HAB.

CVE ID : CVE-2023-43517
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43532

First published on : 06-02-2024 06:16:02
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption while reading ACPI config through the user mode app.

CVE ID : CVE-2023-43532
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43535

First published on : 06-02-2024 06:16:03
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption when negative display IDs are sent as input while processing DISPLAYESCAPE event trigger.

CVE ID : CVE-2023-43535
Source : product-security@qualcomm.com
CVSS Score : 8.4

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33058

First published on : 06-02-2024 06:15:59
Last modified on : 06-02-2024 13:53:38

Description :
Information disclosure in Modem while processing SIB5.

CVE ID : CVE-2023-33058
Source : product-security@qualcomm.com
CVSS Score : 8.2

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33046

First published on : 06-02-2024 06:15:58
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

CVE ID : CVE-2023-33046
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43513

First published on : 06-02-2024 06:16:01
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring element.

CVE ID : CVE-2023-43513
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43516

First published on : 06-02-2024 06:16:01
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption when malformed message payload is received from firmware.

CVE ID : CVE-2023-43516
Source : product-security@qualcomm.com
CVSS Score : 7.8

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33049

First published on : 06-02-2024 06:15:59
Last modified on : 06-02-2024 13:53:38

Description :
Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage.

CVE ID : CVE-2023-33049
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33057

First published on : 06-02-2024 06:15:59
Last modified on : 06-02-2024 13:53:38

Description :
Transient DOS in Multi-Mode Call Processor while processing UE policy container.

CVE ID : CVE-2023-33057
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43522

First published on : 06-02-2024 06:16:02
Last modified on : 06-02-2024 13:53:38

Description :
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.

CVE ID : CVE-2023-43522
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43523

First published on : 06-02-2024 06:16:02
Last modified on : 06-02-2024 13:53:38

Description :
Transient DOS while processing 11AZ RTT management action frame received through OTA.

CVE ID : CVE-2023-43523
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43533

First published on : 06-02-2024 06:16:02
Last modified on : 06-02-2024 13:53:38

Description :
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.

CVE ID : CVE-2023-43533
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43536

First published on : 06-02-2024 06:16:03
Last modified on : 06-02-2024 13:53:38

Description :
Transient DOS while parse fils IE with length equal to 1.

CVE ID : CVE-2023-43536
Source : product-security@qualcomm.com
CVSS Score : 7.5

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43518

First published on : 06-02-2024 06:16:01
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in video while parsing invalid mp2 clip.

CVE ID : CVE-2023-43518
Source : product-security@qualcomm.com
CVSS Score : 7.3

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-43519

First published on : 06-02-2024 06:16:01
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.

CVE ID : CVE-2023-43519
Source : product-security@qualcomm.com
CVSS Score : 7.3

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33060

First published on : 06-02-2024 06:15:59
Last modified on : 06-02-2024 13:53:38

Description :
Transient DOS in Core when DDR memory check is called while DDR is not initialized.

CVE ID : CVE-2023-33060
Source : product-security@qualcomm.com
CVSS Score : 7.1

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Source : github.com

Vulnerability ID : CVE-2024-24577

First published on : 06-02-2024 22:16:15
Last modified on : 06-02-2024 22:16:15

Description :
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.

CVE ID : CVE-2024-24577
Source : security-advisories@github.com
CVSS Score : 8.6

References :
https://github.com/libgit2/libgit2/releases/tag/v1.6.5 | source : security-advisories@github.com
https://github.com/libgit2/libgit2/releases/tag/v1.7.2 | source : security-advisories@github.com
https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8 | source : security-advisories@github.com

Vulnerability : CWE-122


Vulnerability ID : CVE-2024-24575

First published on : 06-02-2024 22:16:15
Last modified on : 06-02-2024 22:16:15

Description :
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.

CVE ID : CVE-2024-24575
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa | source : security-advisories@github.com
https://github.com/libgit2/libgit2/releases/tag/v1.6.5 | source : security-advisories@github.com
https://github.com/libgit2/libgit2/releases/tag/v1.7.2 | source : security-advisories@github.com
https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v | source : security-advisories@github.com

Vulnerability : CWE-400


Source : apache.org

Vulnerability ID : CVE-2024-23673

First published on : 06-02-2024 10:15:08
Last modified on : 06-02-2024 14:15:55

Description :
Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.

CVE ID : CVE-2024-23673
Source : security@apache.org
CVSS Score : 8.5

References :
http://www.openwall.com/lists/oss-security/2024/02/06/1 | source : security@apache.org
https://lists.apache.org/thread/5zzx8ztwc6tmbwlw80m2pbrp3913l2kl | source : security@apache.org

Vulnerability : CWE-22


Source : samsung.com

Vulnerability ID : CVE-2024-20812

First published on : 06-02-2024 03:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

CVE ID : CVE-2024-20812
Source : mobile.security@samsung.com
CVSS Score : 8.4

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20813

First published on : 06-02-2024 03:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

CVE ID : CVE-2024-20813
Source : mobile.security@samsung.com
CVSS Score : 8.4

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20815

First published on : 06-02-2024 03:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

CVE ID : CVE-2024-20815
Source : mobile.security@samsung.com
CVSS Score : 8.0

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20816

First published on : 06-02-2024 03:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

CVE ID : CVE-2024-20816
Source : mobile.security@samsung.com
CVSS Score : 8.0

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c

Vulnerability ID : CVE-2024-24590

First published on : 06-02-2024 15:15:09
Last modified on : 06-02-2024 17:53:00

Description :
Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.

CVE ID : CVE-2024-24590
Source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c
CVSS Score : 8.0

References :
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c

Vulnerability : CWE-502


Vulnerability ID : CVE-2024-24591

First published on : 06-02-2024 15:15:09
Last modified on : 06-02-2024 17:53:00

Description :
A path traversal vulnerability in version 1.4.0 or newer of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.

CVE ID : CVE-2024-24591
Source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c
CVSS Score : 8.0

References :
https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | source : 6f8de1f0-f67e-45a6-b68f-98777fdb759c

Vulnerability : CWE-22


Source : solarwinds.com

Vulnerability ID : CVE-2023-35188

First published on : 06-02-2024 16:15:51
Last modified on : 06-02-2024 17:52:56

Description :
SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited.

CVE ID : CVE-2023-35188
Source : psirt@solarwinds.com
CVSS Score : 8.0

References :
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35188 | source : psirt@solarwinds.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2023-50395

First published on : 06-02-2024 16:15:51
Last modified on : 06-02-2024 17:52:56

Description :
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited

CVE ID : CVE-2023-50395
Source : psirt@solarwinds.com
CVSS Score : 8.0

References :
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm | source : psirt@solarwinds.com
https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395 | source : psirt@solarwinds.com

Vulnerability : CWE-89


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-38579

First published on : 06-02-2024 22:16:12
Last modified on : 06-02-2024 22:16:12

Description :
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.

CVE ID : CVE-2023-38579
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.0

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-352


Vulnerability ID : CVE-2023-45735

First published on : 06-02-2024 22:16:14
Last modified on : 06-02-2024 22:16:14

Description :
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.

CVE ID : CVE-2023-45735
Source : ics-cert@hq.dhs.gov
CVSS Score : 8.0

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-94


Source : vmware.com

Vulnerability ID : CVE-2024-22237

First published on : 06-02-2024 20:16:03
Last modified on : 06-02-2024 20:16:03

Description :
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.

CVE ID : CVE-2024-22237
Source : security@vmware.com
CVSS Score : 7.8

References :
https://www.vmware.com/security/advisories/VMSA-2024-0002.html | source : security@vmware.com


Source : cisco.com

Vulnerability ID : CVE-2023-36498

First published on : 06-02-2024 17:15:08
Last modified on : 06-02-2024 18:15:58

Description :
A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.

CVE ID : CVE-2023-36498
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-42664

First published on : 06-02-2024 17:15:08
Last modified on : 06-02-2024 18:15:58

Description :
A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-42664
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1856 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-43482

First published on : 06-02-2024 17:15:08
Last modified on : 06-02-2024 18:15:58

Description :
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-43482
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-46683

First published on : 06-02-2024 17:15:09
Last modified on : 06-02-2024 18:15:58

Description :
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-46683
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1857 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-47167

First published on : 06-02-2024 17:15:09
Last modified on : 06-02-2024 18:15:58

Description :
A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-47167
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1855 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-47209

First published on : 06-02-2024 17:15:09
Last modified on : 06-02-2024 18:15:59

Description :
A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-47209
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1854 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-47617

First published on : 06-02-2024 17:15:09
Last modified on : 06-02-2024 18:15:59

Description :
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-47617
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1858 | source : talos-cna@cisco.com

Vulnerability : CWE-78


Vulnerability ID : CVE-2023-47618

First published on : 06-02-2024 17:15:10
Last modified on : 06-02-2024 18:15:59

Description :
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE ID : CVE-2023-47618
Source : talos-cna@cisco.com
CVSS Score : 7.2

References :
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1859 | source : talos-cna@cisco.com

Vulnerability : CWE-78


(56) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : redhat.com

Vulnerability ID : CVE-2023-4503

First published on : 06-02-2024 09:15:52
Last modified on : 06-02-2024 13:53:38

Description :
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

CVE ID : CVE-2023-4503
Source : secalert@redhat.com
CVSS Score : 6.8

References :
https://access.redhat.com/errata/RHSA-2023:7637 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7638 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7639 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2023:7641 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-4503 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2184751 | source : secalert@redhat.com

Vulnerability : CWE-665


Vulnerability ID : CVE-2024-0690

First published on : 06-02-2024 12:15:55
Last modified on : 06-02-2024 13:53:38

Description :
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

CVE ID : CVE-2024-0690
Source : secalert@redhat.com
CVSS Score : 5.0

References :
https://access.redhat.com/security/cve/CVE-2024-0690 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2259013 | source : secalert@redhat.com
https://github.com/ansible/ansible/pull/82565 | source : secalert@redhat.com

Vulnerability : CWE-117


Source : qualcomm.com

Vulnerability ID : CVE-2023-33067

First published on : 06-02-2024 06:16:00
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

CVE ID : CVE-2023-33067
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33068

First published on : 06-02-2024 06:16:00
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in Audio while processing IIR config data from AFE calibration block.

CVE ID : CVE-2023-33068
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33069

First published on : 06-02-2024 06:16:00
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in Audio while processing the calibration data returned from ACDB loader.

CVE ID : CVE-2023-33069
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33077

First published on : 06-02-2024 06:16:00
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in HLOS while converting from authorization token to HIDL vector.

CVE ID : CVE-2023-33077
Source : product-security@qualcomm.com
CVSS Score : 6.7

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33065

First published on : 06-02-2024 06:15:59
Last modified on : 06-02-2024 13:53:38

Description :
Information disclosure in Audio while accessing AVCS services from ADSP payload.

CVE ID : CVE-2023-33065
Source : product-security@qualcomm.com
CVSS Score : 6.1

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33076

First published on : 06-02-2024 06:16:00
Last modified on : 06-02-2024 13:53:38

Description :
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.

CVE ID : CVE-2023-33076
Source : product-security@qualcomm.com
CVSS Score : 5.9

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Vulnerability ID : CVE-2023-33064

First published on : 06-02-2024 06:15:59
Last modified on : 06-02-2024 13:53:38

Description :
Transient DOS in Audio when invoking callback function of ASM driver.

CVE ID : CVE-2023-33064
Source : product-security@qualcomm.com
CVSS Score : 5.5

References :
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin | source : product-security@qualcomm.com


Source : emc.com

Vulnerability ID : CVE-2023-28063

First published on : 06-02-2024 08:15:46
Last modified on : 06-02-2024 13:53:38

Description :
Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

CVE ID : CVE-2023-28063
Source : security_alert@emc.com
CVSS Score : 6.7

References :
https://www.dell.com/support/kbdoc/en-us/000214780/dsa-2023-176-dell-client-bios-security-update-for-a-signed-to-unsigned-conversion-error-vulnerability | source : security_alert@emc.com

Vulnerability : CWE-195


Vulnerability ID : CVE-2023-32479

First published on : 06-02-2024 08:15:51
Last modified on : 06-02-2024 13:53:38

Description :
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

CVE ID : CVE-2023-32479
Source : security_alert@emc.com
CVSS Score : 6.7

References :
https://www.dell.com/support/kbdoc/en-us/000215881/dsa-2023-260 | source : security_alert@emc.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-32474

First published on : 06-02-2024 08:15:50
Last modified on : 06-02-2024 13:53:38

Description :
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

CVE ID : CVE-2023-32474
Source : security_alert@emc.com
CVSS Score : 6.6

References :
https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell | source : security_alert@emc.com

Vulnerability : CWE-1386


Vulnerability ID : CVE-2023-32454

First published on : 06-02-2024 08:15:49
Last modified on : 06-02-2024 13:53:38

Description :
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service

CVE ID : CVE-2023-32454
Source : security_alert@emc.com
CVSS Score : 6.3

References :
https://www.dell.com/support/kbdoc/en-us/000216236/dsa-2023-192 | source : security_alert@emc.com

Vulnerability : CWE-1386


Vulnerability ID : CVE-2023-28049

First published on : 06-02-2024 07:15:09
Last modified on : 06-02-2024 13:53:38

Description :
Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.

CVE ID : CVE-2023-28049
Source : security_alert@emc.com
CVSS Score : 4.7

References :
https://www.dell.com/support/kbdoc/en-us/000211748/dsa-2023-125-dell-command-monitor-dcm | source : security_alert@emc.com

Vulnerability : CWE-267


Source : samsung.com

Vulnerability ID : CVE-2024-20817

First published on : 06-02-2024 03:15:09
Last modified on : 06-02-2024 13:53:38

Description :
Out out bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

CVE ID : CVE-2024-20817
Source : mobile.security@samsung.com
CVSS Score : 6.6

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20818

First published on : 06-02-2024 03:15:09
Last modified on : 06-02-2024 13:53:38

Description :
Out out bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

CVE ID : CVE-2024-20818
Source : mobile.security@samsung.com
CVSS Score : 6.6

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20819

First published on : 06-02-2024 03:15:09
Last modified on : 06-02-2024 13:53:38

Description :
Out out bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

CVE ID : CVE-2024-20819
Source : mobile.security@samsung.com
CVSS Score : 6.6

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20822

First published on : 06-02-2024 03:15:09
Last modified on : 06-02-2024 13:53:38

Description :
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

CVE ID : CVE-2024-20822
Source : mobile.security@samsung.com
CVSS Score : 5.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20823

First published on : 06-02-2024 03:15:10
Last modified on : 06-02-2024 13:53:38

Description :
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

CVE ID : CVE-2024-20823
Source : mobile.security@samsung.com
CVSS Score : 5.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20824

First published on : 06-02-2024 03:15:10
Last modified on : 06-02-2024 13:53:38

Description :
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

CVE ID : CVE-2024-20824
Source : mobile.security@samsung.com
CVSS Score : 5.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20825

First published on : 06-02-2024 03:15:10
Last modified on : 06-02-2024 13:53:38

Description :
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

CVE ID : CVE-2024-20825
Source : mobile.security@samsung.com
CVSS Score : 5.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20826

First published on : 06-02-2024 03:15:10
Last modified on : 06-02-2024 13:53:38

Description :
Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.

CVE ID : CVE-2024-20826
Source : mobile.security@samsung.com
CVSS Score : 5.5

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20811

First published on : 06-02-2024 03:15:07
Last modified on : 06-02-2024 13:53:38

Description :
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.

CVE ID : CVE-2024-20811
Source : mobile.security@samsung.com
CVSS Score : 5.1

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20827

First published on : 06-02-2024 03:15:10
Last modified on : 06-02-2024 13:53:38

Description :
Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.

CVE ID : CVE-2024-20827
Source : mobile.security@samsung.com
CVSS Score : 4.6

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20820

First published on : 06-02-2024 03:15:09
Last modified on : 06-02-2024 13:53:38

Description :
Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read.

CVE ID : CVE-2024-20820
Source : mobile.security@samsung.com
CVSS Score : 4.4

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20814

First published on : 06-02-2024 03:15:08
Last modified on : 06-02-2024 13:53:38

Description :
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information.

CVE ID : CVE-2024-20814
Source : mobile.security@samsung.com
CVSS Score : 4.0

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Source : hq.dhs.gov

Vulnerability ID : CVE-2023-45213

First published on : 06-02-2024 22:16:13
Last modified on : 06-02-2024 22:16:13

Description :
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.

CVE ID : CVE-2023-45213
Source : ics-cert@hq.dhs.gov
CVSS Score : 6.6

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-942


Vulnerability ID : CVE-2023-40544

First published on : 06-02-2024 22:16:13
Last modified on : 06-02-2024 22:16:13

Description :
An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.

CVE ID : CVE-2023-40544
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.7

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-40143

First published on : 06-02-2024 22:16:13
Last modified on : 06-02-2024 22:16:13

Description :
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter.

CVE ID : CVE-2023-40143
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-42765

First published on : 06-02-2024 22:16:13
Last modified on : 06-02-2024 22:16:13

Description :
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.

CVE ID : CVE-2023-42765
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45222

First published on : 06-02-2024 22:16:13
Last modified on : 06-02-2024 22:16:13

Description :
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter.

CVE ID : CVE-2023-45222
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-79


Vulnerability ID : CVE-2023-45227

First published on : 06-02-2024 22:16:14
Last modified on : 06-02-2024 22:16:14

Description :
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.

CVE ID : CVE-2023-45227
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.4

References :
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-79


Source : vmware.com

Vulnerability ID : CVE-2024-22238

First published on : 06-02-2024 20:16:03
Last modified on : 06-02-2024 20:16:03

Description :
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.

CVE ID : CVE-2024-22238
Source : security@vmware.com
CVSS Score : 6.4

References :
https://www.vmware.com/security/advisories/VMSA-2024-0002.html | source : security@vmware.com


Vulnerability ID : CVE-2024-22239

First published on : 06-02-2024 20:16:03
Last modified on : 06-02-2024 20:16:03

Description :
Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access.

CVE ID : CVE-2024-22239
Source : security@vmware.com
CVSS Score : 5.3

References :
https://www.vmware.com/security/advisories/VMSA-2024-0002.html | source : security@vmware.com


Vulnerability ID : CVE-2024-22240

First published on : 06-02-2024 20:16:03
Last modified on : 06-02-2024 20:16:03

Description :
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.

CVE ID : CVE-2024-22240
Source : security@vmware.com
CVSS Score : 4.9

References :
https://www.vmware.com/security/advisories/VMSA-2024-0002.html | source : security@vmware.com


Vulnerability ID : CVE-2024-22241

First published on : 06-02-2024 20:16:04
Last modified on : 06-02-2024 20:16:04

Description :
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.

CVE ID : CVE-2024-22241
Source : security@vmware.com
CVSS Score : 4.3

References :
https://www.vmware.com/security/advisories/VMSA-2024-0002.html | source : security@vmware.com


Source : vuldb.com

Vulnerability ID : CVE-2024-1259

First published on : 06-02-2024 21:15:08
Last modified on : 06-02-2024 21:15:08

Description :
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-1259
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/rCt6PpJxBvuI | source : cna@vuldb.com
https://vuldb.com/?ctiid.252998 | source : cna@vuldb.com
https://vuldb.com/?id.252998 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-1260

First published on : 06-02-2024 22:16:14
Last modified on : 06-02-2024 22:16:14

Description :
A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999.

CVE ID : CVE-2024-1260
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/H73DuWdyifaI | source : cna@vuldb.com
https://vuldb.com/?ctiid.252999 | source : cna@vuldb.com
https://vuldb.com/?id.252999 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-1261

First published on : 06-02-2024 22:16:14
Last modified on : 06-02-2024 22:16:14

Description :
A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000.

CVE ID : CVE-2024-1261
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/v2JpHJngvw7E | source : cna@vuldb.com
https://vuldb.com/?ctiid.253000 | source : cna@vuldb.com
https://vuldb.com/?id.253000 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-1251

First published on : 06-02-2024 16:15:51
Last modified on : 06-02-2024 17:52:56

Description :
A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1251
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/rockersiyuan/CVE/blob/main/TongDa%20Sql%20inject.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.252990 | source : cna@vuldb.com
https://vuldb.com/?id.252990 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-1252

First published on : 06-02-2024 17:15:10
Last modified on : 06-02-2024 17:52:56

Description :
A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991.

CVE ID : CVE-2024-1252
Source : cna@vuldb.com
CVSS Score : 5.5

References :
https://github.com/b51s77/cve/blob/main/sql.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.252991 | source : cna@vuldb.com
https://vuldb.com/?id.252991 | source : cna@vuldb.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-1255

First published on : 06-02-2024 19:15:10
Last modified on : 06-02-2024 19:15:10

Description :
A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1255
Source : cna@vuldb.com
CVSS Score : 5.3

References :
https://vuldb.com/?ctiid.252994 | source : cna@vuldb.com
https://vuldb.com/?id.252994 | source : cna@vuldb.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-1253

First published on : 06-02-2024 17:15:10
Last modified on : 06-02-2024 17:52:56

Description :
A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1253
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/b51s77/cve/blob/main/upload.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.252992 | source : cna@vuldb.com
https://vuldb.com/?id.252992 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-1254

First published on : 06-02-2024 19:15:09
Last modified on : 06-02-2024 19:15:09

Description :
A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-1254
Source : cna@vuldb.com
CVSS Score : 4.7

References :
https://github.com/rockersiyuan/CVE/blob/main/Smart%20S20.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.252993 | source : cna@vuldb.com
https://vuldb.com/?id.252993 | source : cna@vuldb.com

Vulnerability : CWE-89


Source : us.ibm.com

Vulnerability ID : CVE-2024-22331

First published on : 06-02-2024 17:15:10
Last modified on : 06-02-2024 17:52:56

Description :
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.

CVE ID : CVE-2024-22331
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/279971 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7114131 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2023-46183

First published on : 06-02-2024 16:15:51
Last modified on : 06-02-2024 17:52:56

Description :
IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695.

CVE ID : CVE-2023-46183
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/269695 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7114982 | source : psirt@us.ibm.com

Vulnerability : CWE-200


Source : jetbrains.com

Vulnerability ID : CVE-2024-24941

First published on : 06-02-2024 10:15:11
Last modified on : 06-02-2024 13:53:38

Description :
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL

CVE ID : CVE-2024-24941
Source : cve@jetbrains.com
CVSS Score : 6.1

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2024-24938

First published on : 06-02-2024 10:15:10
Last modified on : 06-02-2024 13:53:38

Description :
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

CVE ID : CVE-2024-24938
Source : cve@jetbrains.com
CVSS Score : 5.3

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-23


Vulnerability ID : CVE-2024-24942

First published on : 06-02-2024 10:15:11
Last modified on : 06-02-2024 13:53:38

Description :
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

CVE ID : CVE-2024-24942
Source : cve@jetbrains.com
CVSS Score : 5.3

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-23


Vulnerability ID : CVE-2024-24943

First published on : 06-02-2024 10:15:11
Last modified on : 06-02-2024 13:53:38

Description :
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image

CVE ID : CVE-2024-24943
Source : cve@jetbrains.com
CVSS Score : 5.3

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2024-24937

First published on : 06-02-2024 10:15:09
Last modified on : 06-02-2024 13:53:38

Description :
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible

CVE ID : CVE-2024-24937
Source : cve@jetbrains.com
CVSS Score : 4.6

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24936

First published on : 06-02-2024 10:15:09
Last modified on : 06-02-2024 13:53:38

Description :
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed

CVE ID : CVE-2024-24936
Source : cve@jetbrains.com
CVSS Score : 4.3

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-285


Source : puiterwijk.org

Vulnerability ID : CVE-2024-0684

First published on : 06-02-2024 09:15:52
Last modified on : 06-02-2024 13:53:38

Description :
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

CVE ID : CVE-2024-0684
Source : patrick@puiterwijk.org
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2024-0684 | source : patrick@puiterwijk.org
https://bugzilla.redhat.com/show_bug.cgi?id=2258948 | source : patrick@puiterwijk.org
https://www.openwall.com/lists/oss-security/2024/01/18/2 | source : patrick@puiterwijk.org

Vulnerability : CWE-122


Vulnerability ID : CVE-2024-0911

First published on : 06-02-2024 15:15:08
Last modified on : 06-02-2024 17:53:00

Description :
A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash.

CVE ID : CVE-2024-0911
Source : patrick@puiterwijk.org
CVSS Score : 5.5

References :
https://access.redhat.com/security/cve/CVE-2024-0911 | source : patrick@puiterwijk.org
https://bugzilla.redhat.com/show_bug.cgi?id=2260399 | source : patrick@puiterwijk.org

Vulnerability : CWE-122


Source : github.com

Vulnerability ID : CVE-2024-23344

First published on : 06-02-2024 16:15:52
Last modified on : 06-02-2024 17:52:56

Description :
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.

CVE ID : CVE-2024-23344
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42 | source : security-advisories@github.com
https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w | source : security-advisories@github.com
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42 | source : security-advisories@github.com
https://tuleap.net/plugins/tracker/?aid=35862 | source : security-advisories@github.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-24808

First published on : 06-02-2024 04:15:08
Last modified on : 06-02-2024 13:53:38

Description :
pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.

CVE ID : CVE-2024-24808
Source : security-advisories@github.com
CVSS Score : 4.7

References :
https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd | source : security-advisories@github.com
https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5 | source : security-advisories@github.com

Vulnerability : CWE-601


(8) LOW VULNERABILITIES [0.1, 3.9]

Source : vuldb.com

Vulnerability ID : CVE-2024-1256

First published on : 06-02-2024 20:16:02
Last modified on : 06-02-2024 20:16:02

Description :
A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995.

CVE ID : CVE-2024-1256
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/sweatxi/BugHub/blob/main/filter_txet_do.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.252995 | source : cna@vuldb.com
https://vuldb.com/?id.252995 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-1257

First published on : 06-02-2024 20:16:03
Last modified on : 06-02-2024 20:16:03

Description :
A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996.

CVE ID : CVE-2024-1257
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/sweatxi/BugHub/blob/main/find_text_do.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.252996 | source : cna@vuldb.com
https://vuldb.com/?id.252996 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-1258

First published on : 06-02-2024 21:15:08
Last modified on : 06-02-2024 21:15:08

Description :
A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.

CVE ID : CVE-2024-1258
Source : cna@vuldb.com
CVSS Score : 3.1

References :
https://note.zhaoj.in/share/XblX1My7jNV7 | source : cna@vuldb.com
https://vuldb.com/?ctiid.252997 | source : cna@vuldb.com
https://vuldb.com/?id.252997 | source : cna@vuldb.com

Vulnerability : CWE-321


Source : samsung.com

Vulnerability ID : CVE-2024-20810

First published on : 06-02-2024 03:15:07
Last modified on : 06-02-2024 13:53:38

Description :
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information.

CVE ID : CVE-2024-20810
Source : mobile.security@samsung.com
CVSS Score : 3.3

References :
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Vulnerability ID : CVE-2024-20828

First published on : 06-02-2024 03:15:11
Last modified on : 06-02-2024 13:53:38

Description :
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.

CVE ID : CVE-2024-20828
Source : mobile.security@samsung.com
CVSS Score : 2.4

References :
https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | source : mobile.security@samsung.com


Source : jetbrains.com

Vulnerability ID : CVE-2024-24939

First published on : 06-02-2024 10:15:10
Last modified on : 06-02-2024 13:53:38

Description :
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible

CVE ID : CVE-2024-24939
Source : cve@jetbrains.com
CVSS Score : 3.3

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-532


Vulnerability ID : CVE-2024-24940

First published on : 06-02-2024 10:15:10
Last modified on : 06-02-2024 13:53:38

Description :
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives

CVE ID : CVE-2024-24940
Source : cve@jetbrains.com
CVSS Score : 2.8

References :
https://www.jetbrains.com/privacy-security/issues-fixed/ | source : cve@jetbrains.com

Vulnerability : CWE-23


Source : redhat.com

Vulnerability ID : CVE-2024-1048

First published on : 06-02-2024 18:15:59
Last modified on : 06-02-2024 19:15:09

Description :
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.

CVE ID : CVE-2024-1048
Source : secalert@redhat.com
CVSS Score : 3.3

References :
http://www.openwall.com/lists/oss-security/2024/02/06/3 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-1048 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2256827 | source : secalert@redhat.com
https://www.openwall.com/lists/oss-security/2024/02/06/3 | source : secalert@redhat.com

Vulnerability : CWE-459


(26) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : mitre.org

Vulnerability ID : CVE-2023-47354

First published on : 06-02-2024 00:15:08
Last modified on : 06-02-2024 01:00:55

Description :
An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent

CVE ID : CVE-2023-47354
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.bdrm.superreboot/blob/main/CWE-925.md | source : cve@mitre.org
https://play.google.com/store/apps/details?id=com.bdrm.superreboot | source : cve@mitre.org


Vulnerability ID : CVE-2024-24398

First published on : 06-02-2024 00:15:08
Last modified on : 06-02-2024 01:00:55

Description :
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.

CVE ID : CVE-2024-24398
Source : cve@mitre.org
CVSS Score : /

References :
http://stimulsoft.com | source : cve@mitre.org
https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R | source : cve@mitre.org
https://cves.at/posts/cve-2024-24398/writeup/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46359

First published on : 06-02-2024 01:15:07
Last modified on : 06-02-2024 13:53:38

Description :
An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.

CVE ID : CVE-2023-46359
Source : cve@mitre.org
CVSS Score : /

References :
http://hardy.com | source : cve@mitre.org
https://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-46360

First published on : 06-02-2024 01:15:07
Last modified on : 06-02-2024 13:53:38

Description :
Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.

CVE ID : CVE-2023-46360
Source : cve@mitre.org
CVSS Score : /

References :
http://hardy.com | source : cve@mitre.org
https://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-47022

First published on : 06-02-2024 01:15:07
Last modified on : 06-02-2024 13:53:38

Description :
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the payload parameter.

CVE ID : CVE-2023-47022
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.google.com/document/d/15s7NftTX2dxfcFnMqkFIyeN48xq3LceesWOhP-9xL4Y/edit?usp=sharing | source : cve@mitre.org
https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47022 | source : cve@mitre.org


Vulnerability ID : CVE-2023-47353

First published on : 06-02-2024 01:15:08
Last modified on : 06-02-2024 13:53:38

Description :
An issue in the com.oneed.dvr.service.DownloadFirmwareService component of IMOU GO v1.0.11 allows attackers to force the download of arbitrary files.

CVE ID : CVE-2023-47353
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/imou/blob/main/com.dahua.imou.go-V1.0.11.md | source : cve@mitre.org
https://play.google.com/store/apps/details?id=com.dahua.imou.go | source : cve@mitre.org


Vulnerability ID : CVE-2023-47889

First published on : 06-02-2024 01:15:08
Last modified on : 06-02-2024 13:53:38

Description :
The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode.

CVE ID : CVE-2023-47889
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/actuator/com.bdrm.superreboot/blob/main/CWE-925.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22773

First published on : 06-02-2024 01:15:09
Last modified on : 06-02-2024 13:53:38

Description :
Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass.

CVE ID : CVE-2024-22773
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/%40wagneralves_87750/poc-cve-2024-22773-febf0d3a5433 | source : cve@mitre.org
https://www.youtube.com/watch?v=-r0TWJq55DU&t=7s | source : cve@mitre.org


Vulnerability ID : CVE-2024-24112

First published on : 06-02-2024 01:15:09
Last modified on : 06-02-2024 13:53:38

Description :
xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.

CVE ID : CVE-2024-24112
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Exrick/xmall/issues/78 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22852

First published on : 06-02-2024 02:15:08
Last modified on : 06-02-2024 13:53:38

Description :
D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.

CVE ID : CVE-2024-22852
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/1/1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2024-22853

First published on : 06-02-2024 02:15:08
Last modified on : 06-02-2024 13:53:38

Description :
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.

CVE ID : CVE-2024-22853
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/2/2.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52239

First published on : 06-02-2024 07:15:10
Last modified on : 06-02-2024 13:53:38

Description :
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.

CVE ID : CVE-2023-52239
Source : cve@mitre.org
CVSS Score : /

References :
https://ds-security.com/post/xml_external_entity_injection_magic_xpi/ | source : cve@mitre.org
https://www2.magicsoftware.com/ver/docs/Downloads/Magicxpi/4.14/Windows/ReleaseNotes4.14.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2024-22365

First published on : 06-02-2024 08:15:52
Last modified on : 06-02-2024 13:53:38

Description :
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

CVE ID : CVE-2024-22365
Source : cve@mitre.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/18/3 | source : cve@mitre.org
https://github.com/linux-pam/linux-pam | source : cve@mitre.org
https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb | source : cve@mitre.org
https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25140

First published on : 06-02-2024 09:15:52
Last modified on : 06-02-2024 13:53:38

Description :
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.

CVE ID : CVE-2024-25140
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/rustdesk/rustdesk/discussions/6444 | source : cve@mitre.org
https://news.ycombinator.com/item?id=39256493 | source : cve@mitre.org
https://serverfault.com/questions/837994 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24000

First published on : 06-02-2024 16:15:52
Last modified on : 06-02-2024 17:52:56

Description :
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.

CVE ID : CVE-2024-24000
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24000.txt | source : cve@mitre.org
https://github.com/jishenghua/jshERP | source : cve@mitre.org


Vulnerability ID : CVE-2024-24013

First published on : 06-02-2024 16:15:52
Last modified on : 06-02-2024 17:52:56

Description :
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list

CVE ID : CVE-2024-24013
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24013.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24015

First published on : 06-02-2024 16:15:52
Last modified on : 06-02-2024 17:52:56

Description :
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit

CVE ID : CVE-2024-24015
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24015.txt | source : cve@mitre.org


Vulnerability ID : CVE-2024-24291

First published on : 06-02-2024 16:15:52
Last modified on : 06-02-2024 17:52:56

Description :
An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL.

CVE ID : CVE-2024-24291
Source : cve@mitre.org
CVSS Score : /

References :
https://gitee.com/wgd0ay/wgd0ay/issues/I8WSD1 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22514

First published on : 06-02-2024 21:15:09
Last modified on : 06-02-2024 21:15:09

Description :
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file.

CVE ID : CVE-2024-22514
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution | source : cve@mitre.org


Vulnerability ID : CVE-2024-22515

First published on : 06-02-2024 21:15:09
Last modified on : 06-02-2024 21:15:09

Description :
Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.

CVE ID : CVE-2024-22515
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability | source : cve@mitre.org


Vulnerability ID : CVE-2024-22519

First published on : 06-02-2024 22:16:14
Last modified on : 06-02-2024 22:16:14

Description :
An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets.

CVE ID : CVE-2024-22519
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Drone-Lab/opendroneid-vulnerability | source : cve@mitre.org


Vulnerability ID : CVE-2024-22520

First published on : 06-02-2024 22:16:14
Last modified on : 06-02-2024 22:16:14

Description :
An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.

CVE ID : CVE-2024-22520
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Drone-Lab/Dronetag-vulnerability | source : cve@mitre.org


Vulnerability ID : CVE-2024-24254

First published on : 06-02-2024 22:16:15
Last modified on : 06-02-2024 22:16:15

Description :
PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.

CVE ID : CVE-2024-24254
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Drone-Lab/PX4-Autopilot/blob/report-can-not-pause-vulnerability/Multi-Threaded%20Race%20Condition%20bug%20found%20in%20PX4%20cause%20drone%20can%20not%20PAUSE.md | source : cve@mitre.org
https://github.com/PX4/PX4-Autopilot | source : cve@mitre.org


Vulnerability ID : CVE-2024-24680

First published on : 06-02-2024 22:16:15
Last modified on : 06-02-2024 22:16:15

Description :
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.

CVE ID : CVE-2024-24680
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.djangoproject.com/en/5.0/releases/security/ | source : cve@mitre.org
https://groups.google.com/forum/#%21forum/django-announce | source : cve@mitre.org
https://www.djangoproject.com/weblog/2024/feb/06/security-releases/ | source : cve@mitre.org


Source : jpcert.or.jp

Vulnerability ID : CVE-2024-23304

First published on : 06-02-2024 05:15:10
Last modified on : 06-02-2024 13:53:38

Description :
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.

CVE ID : CVE-2024-23304
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://cs.cybozu.co.jp/2024/010691.html | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN18743512/ | source : vultures@jpcert.or.jp


Source : wordfence.com

Vulnerability ID : CVE-2023-5584

First published on : 06-02-2024 15:15:08
Last modified on : 06-02-2024 15:15:08

Description :
Rejected reason: We have rejected this CVE as it was determined a non-security issue by the vendor.

CVE ID : CVE-2023-5584
Source : security@wordfence.com
CVSS Score : /

References :


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.