Latest vulnerabilities [Wednesday, February 07, 2024]

Latest vulnerabilities [Wednesday, February 07, 2024]
{{titre}}

Last update performed on 02/07/2024 at 11:57:05 PM

(5) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : github.com

Vulnerability ID : CVE-2024-24811

First published on : 07-02-2024 15:15:08
Last modified on : 07-02-2024 17:04:54

Description :
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.

CVE ID : CVE-2024-24811
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/zopefoundation/Products.SQLAlchemyDA/commit/e682b99f8406f20bc3f0f2c77153ed7345fd215a | source : security-advisories@github.com
https://github.com/zopefoundation/Products.SQLAlchemyDA/security/advisories/GHSA-r3jc-3qmm-w3pw | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-24563

First published on : 07-02-2024 17:15:10
Last modified on : 07-02-2024 17:38:33

Description :
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist. There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check.

CVE ID : CVE-2024-24563
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541 | source : security-advisories@github.com
https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137 | source : security-advisories@github.com
https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2 | source : security-advisories@github.com

Vulnerability : CWE-129


Source : liferay.com

Vulnerability ID : CVE-2024-25145

First published on : 07-02-2024 15:15:09
Last modified on : 07-02-2024 17:04:54

Description :
Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.

CVE ID : CVE-2024-25145
Source : security@liferay.com
CVSS Score : 9.6

References :
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145 | source : security@liferay.com

Vulnerability : CWE-79


Source : cisco.com

Vulnerability ID : CVE-2024-20252

First published on : 07-02-2024 17:15:09
Last modified on : 07-02-2024 17:38:33

Description :
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

CVE ID : CVE-2024-20252
Source : ykramarz@cisco.com
CVSS Score : 9.6

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 | source : ykramarz@cisco.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-20254

First published on : 07-02-2024 17:15:10
Last modified on : 07-02-2024 17:38:33

Description :
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

CVE ID : CVE-2024-20254
Source : ykramarz@cisco.com
CVSS Score : 9.6

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 | source : ykramarz@cisco.com

Vulnerability : CWE-352


(13) HIGH VULNERABILITIES [7.0, 8.9]

Source : hackerone.com

Vulnerability ID : CVE-2024-22022

First published on : 07-02-2024 01:15:08
Last modified on : 07-02-2024 13:41:21

Description :
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service.

CVE ID : CVE-2024-22022
Source : support@hackerone.com
CVSS Score : 8.8

References :
https://veeam.com/kb4541 | source : support@hackerone.com


Source : wordfence.com

Vulnerability ID : CVE-2024-1118

First published on : 07-02-2024 11:15:09
Last modified on : 07-02-2024 13:41:11

Description :
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE ID : CVE-2024-1118
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://github.com/podlove/podlove-subscribe-button-wp-plugin/commit/b16b7a2e98db4c642ca671b0aede4dbfce4578b3 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032152%40podlove-subscribe-button&new=3032152%40podlove-subscribe-button&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/f234f05f-e377-4e89-81e1-f47ff44eebc5?source=cve | source : security@wordfence.com


Source : github.com

Vulnerability ID : CVE-2024-24824

First published on : 07-02-2024 18:15:55
Last modified on : 07-02-2024 18:16:22

Description :
Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue.

CVE ID : CVE-2024-24824
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214 | source : security-advisories@github.com
https://github.com/Graylog2/graylog2-server/commit/75ef2b8d60e7d67f859b79fe712c8ae7b2e861d8 | source : security-advisories@github.com
https://github.com/Graylog2/graylog2-server/commit/7f8ef7fa8edf493106d5ef6f777d4da02c5194d9 | source : security-advisories@github.com
https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-p6gg-5hf4-4rgj | source : security-advisories@github.com

Vulnerability : CWE-284
Vulnerability : CWE-863


Vulnerability ID : CVE-2024-24810

First published on : 07-02-2024 03:15:50
Last modified on : 07-02-2024 13:41:11

Description :
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.

CVE ID : CVE-2024-24810
Source : security-advisories@github.com
CVSS Score : 8.2

References :
https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 | source : security-advisories@github.com

Vulnerability : CWE-426


Vulnerability ID : CVE-2024-24771

First published on : 07-02-2024 15:15:08
Last modified on : 07-02-2024 17:04:54

Description :
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication bypassed if an attacker somehow managed to authenticate to Open Forms. The maintainers of Open Forms do not believe it is or has been possible to perform this login. However, if this were possible, the victim's account may be abused to view (potentially sensitive) submission data or have been used to impersonate other staff accounts to view and/or modify data. Three mitigating factors to help prevent exploitation include: the usual login page (at `/admin/login/`) does not fully log in the user until the second factor was succesfully provided; the additional non-MFA protected login page at `/api/v2/api-authlogin/` was misconfigured and could not be used to log in; and there are no additional ways to log in. This also requires credentials of a superuser to be compromised to be exploitable. Versions 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain the following patches to address these weaknesses: Move and only enable the API auth endpoints (`/api/v2/api-auth/login/`) with `settings.DEBUG = True`. `settings.DEBUG = True` is insecure and should never be applied in production settings. Additionally, apply a custom permission check to the hijack flow to only allow second-factor-verified superusers to perform user hijacking.

CVE ID : CVE-2024-24771
Source : security-advisories@github.com
CVSS Score : 7.7

References :
https://github.com/open-formulieren/open-forms/releases/tag/2.2.9 | source : security-advisories@github.com
https://github.com/open-formulieren/open-forms/releases/tag/2.3.7 | source : security-advisories@github.com
https://github.com/open-formulieren/open-forms/releases/tag/2.4.5 | source : security-advisories@github.com
https://github.com/open-formulieren/open-forms/releases/tag/2.5.2 | source : security-advisories@github.com
https://github.com/open-formulieren/open-forms/security/advisories/GHSA-64r3-x3gf-vp63 | source : security-advisories@github.com

Vulnerability : CWE-284
Vulnerability : CWE-287
Vulnerability : CWE-654


Vulnerability ID : CVE-2024-24806

First published on : 07-02-2024 22:15:10
Last modified on : 07-02-2024 22:15:10

Description :
libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE ID : CVE-2024-24806
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 | source : security-advisories@github.com
https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 | source : security-advisories@github.com
https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488 | source : security-advisories@github.com
https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39 | source : security-advisories@github.com
https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 | source : security-advisories@github.com

Vulnerability : CWE-918


Source : us.ibm.com

Vulnerability ID : CVE-2023-43017

First published on : 07-02-2024 17:15:09
Last modified on : 07-02-2024 17:38:33

Description :
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155.

CVE ID : CVE-2023-43017
Source : psirt@us.ibm.com
CVSS Score : 8.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/266155 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-295


Vulnerability ID : CVE-2023-32328

First published on : 07-02-2024 17:15:08
Last modified on : 07-02-2024 17:38:33

Description :
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957.

CVE ID : CVE-2023-32328
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254657 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-319


Vulnerability ID : CVE-2023-32330

First published on : 07-02-2024 17:15:08
Last modified on : 07-02-2024 17:38:33

Description :
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.

CVE ID : CVE-2023-32330
Source : psirt@us.ibm.com
CVSS Score : 7.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254977 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-295


Source : cisco.com

Vulnerability ID : CVE-2024-20255

First published on : 07-02-2024 17:15:10
Last modified on : 07-02-2024 17:38:33

Description :
A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.

CVE ID : CVE-2024-20255
Source : ykramarz@cisco.com
CVSS Score : 8.2

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 | source : ykramarz@cisco.com

Vulnerability : CWE-352


Vulnerability ID : CVE-2024-20290

First published on : 07-02-2024 17:15:10
Last modified on : 07-02-2024 17:38:33

Description :
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

CVE ID : CVE-2024-20290
Source : ykramarz@cisco.com
CVSS Score : 7.5

References :
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t | source : ykramarz@cisco.com

Vulnerability : CWE-126


Source : apache.org

Vulnerability ID : CVE-2023-51437

First published on : 07-02-2024 10:15:08
Last modified on : 07-02-2024 13:41:11

Description :
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file. Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker. 2.11 Pulsar users should upgrade to at least 2.11.3. 3.0 Pulsar users should upgrade to at least 3.0.2. 3.1 Pulsar users should upgrade to at least 3.1.1. Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions. For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .

CVE ID : CVE-2023-51437
Source : security@apache.org
CVSS Score : 7.4

References :
http://www.openwall.com/lists/oss-security/2024/02/07/1 | source : security@apache.org
https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5 | source : security@apache.org

Vulnerability : CWE-200


Source : mitre.org

Vulnerability ID : CVE-2024-23769

First published on : 07-02-2024 19:15:08
Last modified on : 07-02-2024 22:02:11

Description :
Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.

CVE ID : CVE-2024-23769
Source : cve@mitre.org
CVSS Score : 7.3

References :
https://semiconductor.samsung.com/support/quality-support/product-security-updates/ | source : cve@mitre.org


(36) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : gitlab.com

Vulnerability ID : CVE-2023-6840

First published on : 07-02-2024 22:15:09
Last modified on : 07-02-2024 22:15:09

Description :
An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.

CVE ID : CVE-2023-6840
Source : cve@gitlab.com
CVSS Score : 6.7

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/435500 | source : cve@gitlab.com
https://hackerone.com/reports/2280292 | source : cve@gitlab.com

Vulnerability : CWE-284


Vulnerability ID : CVE-2023-6736

First published on : 07-02-2024 22:15:09
Last modified on : 07-02-2024 22:15:09

Description :
An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.6.7, all versions starting from 16.7 before 16.7.5, all versions starting from 16.8 before 16.8.2. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.

CVE ID : CVE-2023-6736
Source : cve@gitlab.com
CVSS Score : 6.5

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/435036 | source : cve@gitlab.com
https://hackerone.com/reports/2269023 | source : cve@gitlab.com

Vulnerability : CWE-400


Vulnerability ID : CVE-2024-1066

First published on : 07-02-2024 22:15:09
Last modified on : 07-02-2024 22:15:09

Description :
An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`

CVE ID : CVE-2024-1066
Source : cve@gitlab.com
CVSS Score : 6.5

References :
https://gitlab.com/gitlab-org/gitlab/-/issues/420341 | source : cve@gitlab.com

Vulnerability : CWE-400


Source : tenable.com

Vulnerability ID : CVE-2024-0971

First published on : 07-02-2024 00:15:55
Last modified on : 07-02-2024 01:11:27

Description :
A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content.

CVE ID : CVE-2024-0971
Source : vulnreport@tenable.com
CVSS Score : 6.5

References :
https://www.tenable.com/security/tns-2024-01 | source : vulnreport@tenable.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-0955

First published on : 07-02-2024 00:15:55
Last modified on : 07-02-2024 01:11:27

Description :
A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts.

CVE ID : CVE-2024-0955
Source : vulnreport@tenable.com
CVSS Score : 4.8

References :
https://www.tenable.com/security/tns-2024-01 | source : vulnreport@tenable.com

Vulnerability : CWE-20


Source : hackerone.com

Vulnerability ID : CVE-2024-22021

First published on : 07-02-2024 01:15:08
Last modified on : 07-02-2024 13:41:21

Description :
Vulnerability?CVE-2024-22021 allows?a?Veeam Recovery Orchestrator user with a low?privileged?role (Plan?Author)?to retrieve?plans?from?a?Scope other than the one they are assigned to.

CVE ID : CVE-2024-22021
Source : support@hackerone.com
CVSS Score : 6.5

References :
https://veeam.com/kb4541 | source : support@hackerone.com


Source : elastic.co

Vulnerability ID : CVE-2024-23446

First published on : 07-02-2024 04:15:07
Last modified on : 07-02-2024 13:41:11

Description :
An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.

CVE ID : CVE-2024-23446
Source : bressers@elastic.co
CVSS Score : 6.5

References :
https://discuss.elastic.co/t/kibana-8-12-1-security-update-esa-2024-01/352686 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-284


Vulnerability ID : CVE-2024-23448

First published on : 07-02-2024 22:15:09
Last modified on : 07-02-2024 22:15:09

Description :
An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs.

CVE ID : CVE-2024-23448
Source : bressers@elastic.co
CVSS Score : 5.7

References :
https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-532


Vulnerability ID : CVE-2024-23447

First published on : 07-02-2024 04:15:07
Last modified on : 07-02-2024 13:41:11

Description :
An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.

CVE ID : CVE-2024-23447
Source : bressers@elastic.co
CVSS Score : 5.3

References :
https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687 | source : bressers@elastic.co
https://www.elastic.co/community/security | source : bressers@elastic.co

Vulnerability : CWE-284


Source : liferay.com

Vulnerability ID : CVE-2024-25143

First published on : 07-02-2024 15:15:08
Last modified on : 07-02-2024 17:04:54

Description :
The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.

CVE ID : CVE-2024-25143
Source : security@liferay.com
CVSS Score : 6.5

References :
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143 | source : security@liferay.com

Vulnerability : CWE-400


Source : github.com

Vulnerability ID : CVE-2024-24822

First published on : 07-02-2024 18:15:54
Last modified on : 07-02-2024 18:16:22

Description :
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.

CVE ID : CVE-2024-24822
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/pull/412 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq | source : security-advisories@github.com

Vulnerability : CWE-862


Vulnerability ID : CVE-2024-24815

First published on : 07-02-2024 16:15:47
Last modified on : 07-02-2024 18:15:54

Description :
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.

CVE ID : CVE-2024-24815
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata | source : security-advisories@github.com
https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html | source : security-advisories@github.com
https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html | source : security-advisories@github.com
https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb | source : security-advisories@github.com
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24816

First published on : 07-02-2024 17:15:11
Last modified on : 07-02-2024 17:38:33

Description :
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.

CVE ID : CVE-2024-24816
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://ckeditor.com/cke4/addon/preview | source : security-advisories@github.com
https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb | source : security-advisories@github.com
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76 | source : security-advisories@github.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-24823

First published on : 07-02-2024 18:15:54
Last modified on : 07-02-2024 18:16:22

Description :
Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable.

CVE ID : CVE-2024-24823
Source : security-advisories@github.com
CVSS Score : 5.7

References :
https://github.com/Graylog2/graylog2-server/commit/1596b749db86368ba476662f23a0f0c5ec2b5097 | source : security-advisories@github.com
https://github.com/Graylog2/graylog2-server/commit/b93a66353f35a94a4e8f3f75ac4f5cdc5a2d4a6a | source : security-advisories@github.com
https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3xf8-g8gr-g7rh | source : security-advisories@github.com

Vulnerability : CWE-384


Vulnerability ID : CVE-2024-24812

First published on : 07-02-2024 15:15:08
Last modified on : 07-02-2024 17:04:54

Description :
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available.

CVE ID : CVE-2024-24812
Source : security-advisories@github.com
CVSS Score : 5.4

References :
https://github.com/frappe/frappe/releases/tag/v14.59.0 | source : security-advisories@github.com
https://github.com/frappe/frappe/releases/tag/v15.5.0 | source : security-advisories@github.com
https://github.com/frappe/frappe/security/advisories/GHSA-7p3m-h76m-hg9v | source : security-advisories@github.com

Vulnerability : CWE-79
Vulnerability : CWE-80


Source : redhat.com

Vulnerability ID : CVE-2023-6356

First published on : 07-02-2024 21:15:08
Last modified on : 07-02-2024 22:02:11

Description :
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

CVE ID : CVE-2023-6356
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/errata/RHSA-2024:0723 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0724 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0725 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-6356 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254054 | source : secalert@redhat.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-6535

First published on : 07-02-2024 21:15:08
Last modified on : 07-02-2024 22:02:11

Description :
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

CVE ID : CVE-2023-6535
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/errata/RHSA-2024:0723 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0724 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0725 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-6535 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254053 | source : secalert@redhat.com

Vulnerability : CWE-476


Vulnerability ID : CVE-2023-6536

First published on : 07-02-2024 21:15:08
Last modified on : 07-02-2024 22:02:11

Description :
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

CVE ID : CVE-2023-6536
Source : secalert@redhat.com
CVSS Score : 6.5

References :
https://access.redhat.com/errata/RHSA-2024:0723 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0724 | source : secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:0725 | source : secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2023-6536 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2254052 | source : secalert@redhat.com

Vulnerability : CWE-476


Source : wordfence.com

Vulnerability ID : CVE-2024-0256

First published on : 07-02-2024 05:15:08
Last modified on : 07-02-2024 13:41:11

Description :
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-0256
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset/3029599/starbox | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1037

First published on : 07-02-2024 07:15:08
Last modified on : 07-02-2024 13:41:11

Description :
The All-In-One Security (AIOS) โ€“ Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2024-1037
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L32 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L50 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset/3032127/all-in-one-wp-security-and-firewall/tags/5.2.6/admin/wp-security-list-404.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1055

First published on : 07-02-2024 07:15:09
Last modified on : 07-02-2024 13:41:11

Description :
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1055
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/browser/powerpack-lite-for-elementor/trunk/modules/buttons/widgets/buttons.php#L1544 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030473%40powerpack-lite-for-elementor&new=3030473%40powerpack-lite-for-elementor&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/036cf299-80c2-48a8-befc-02899ab96e3c?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1079

First published on : 07-02-2024 08:15:43
Last modified on : 07-02-2024 13:41:11

Description :
The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.

CVE ID : CVE-2024-1079
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://plugins.trac.wordpress.org/changeset/3032035/quiz-maker/tags/6.5.2.5/admin/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/602df370-cd5b-46dc-a653-6522aef0c62f?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1109

First published on : 07-02-2024 11:15:08
Last modified on : 07-02-2024 13:41:11

Description :
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.

CVE ID : CVE-2024-1109
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://github.com/podlove/podlove-publisher/commit/0ac83d1955aa964a358833b1b5ce790fff45b3f4 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a7b25b66-e9d1-448d-8367-cce4c0dec635?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1110

First published on : 07-02-2024 11:15:09
Last modified on : 07-02-2024 13:41:11

Description :
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.

CVE ID : CVE-2024-1110
Source : security@wordfence.com
CVSS Score : 5.3

References :
https://github.com/podlove/podlove-publisher/commit/7873ff520631087e2f10737860cdcd64d53187ba | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2c9cf461-572c-4be8-96e6-659acf3208f3?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-0977

First published on : 07-02-2024 08:15:41
Last modified on : 07-02-2024 13:41:11

Description :
The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image.

CVE ID : CVE-2024-0977
Source : security@wordfence.com
CVSS Score : 4.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029865%40timeline-widget-addon-for-elementor&new=3029865%40timeline-widget-addon-for-elementor&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/03073726-58d0-45b3-b7a6-7d12dbede919?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2024-1078

First published on : 07-02-2024 08:15:42
Last modified on : 07-02-2024 13:41:11

Description :
The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.

CVE ID : CVE-2024-1078
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset/3032035/quiz-maker/tags/6.5.2.5/admin/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ba2b270-5f02-4cd8-8a22-1723c3873d67?source=cve | source : security@wordfence.com


Source : vuldb.com

Vulnerability ID : CVE-2024-1264

First published on : 07-02-2024 00:15:55
Last modified on : 07-02-2024 01:11:27

Description :
A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003.

CVE ID : CVE-2024-1264
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://note.zhaoj.in/share/f8b2IX7GsZS5 | source : cna@vuldb.com
https://vuldb.com/?ctiid.253003 | source : cna@vuldb.com
https://vuldb.com/?id.253003 | source : cna@vuldb.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-1268

First published on : 07-02-2024 02:15:55
Last modified on : 07-02-2024 13:41:21

Description :
A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011.

CVE ID : CVE-2024-1268
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://drive.google.com/drive/folders/1utXNnlH67FjUaBsYhw1cQWyZsO9MLy1i?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.253011 | source : cna@vuldb.com
https://vuldb.com/?id.253011 | source : cna@vuldb.com

Vulnerability : CWE-434


Source : us.ibm.com

Vulnerability ID : CVE-2023-38369

First published on : 07-02-2024 17:15:09
Last modified on : 07-02-2024 17:38:33

Description :
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196.

CVE ID : CVE-2023-38369
Source : psirt@us.ibm.com
CVSS Score : 6.2

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/261196 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com

Vulnerability : CWE-521


Vulnerability ID : CVE-2023-47700

First published on : 07-02-2024 17:15:09
Last modified on : 07-02-2024 17:38:33

Description :
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016.

CVE ID : CVE-2023-47700
Source : psirt@us.ibm.com
CVSS Score : 5.9

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/271016 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7114767 | source : psirt@us.ibm.com

Vulnerability : CWE-295


Vulnerability ID : CVE-2023-31002

First published on : 07-02-2024 17:15:08
Last modified on : 07-02-2024 17:38:33

Description :
IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.

CVE ID : CVE-2023-31002
Source : psirt@us.ibm.com
CVSS Score : 5.1

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/254657 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7106586 | source : psirt@us.ibm.com


Source : fluidattacks.com

Vulnerability ID : CVE-2024-0849

First published on : 07-02-2024 03:15:50
Last modified on : 07-02-2024 13:41:21

Description :
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.

CVE ID : CVE-2024-0849
Source : help@fluidattacks.com
CVSS Score : 5.5

References :
https://fluidattacks.com/advisories/alesso | source : help@fluidattacks.com
https://github.com/leanote/desktop-app | source : help@fluidattacks.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2023-6388

First published on : 07-02-2024 03:15:49
Last modified on : 07-02-2024 13:41:21

Description :
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF.

CVE ID : CVE-2023-6388
Source : help@fluidattacks.com
CVSS Score : 5.0

References :
https://fluidattacks.com/advisories/leon/ | source : help@fluidattacks.com
https://github.com/salesagility/SuiteCRM/ | source : help@fluidattacks.com

Vulnerability : CWE-918


Source : patchstack.com

Vulnerability ID : CVE-2024-24706

First published on : 07-02-2024 17:15:11
Last modified on : 07-02-2024 17:38:33

Description :
Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.

CVE ID : CVE-2024-24706
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-352


Source : apache.org

Vulnerability ID : CVE-2023-39196

First published on : 07-02-2024 13:15:07
Last modified on : 07-02-2024 14:15:52

Description :
Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

CVE ID : CVE-2023-39196
Source : security@apache.org
CVSS Score : 5.3

References :
http://www.openwall.com/lists/oss-security/2024/02/07/2 | source : security@apache.org
https://lists.apache.org/thread/o96ct5t7kj5cgrmmfc6756m931t08nky | source : security@apache.org

Vulnerability : CWE-287


Source : hq.dhs.gov

Vulnerability ID : CVE-2024-23806

First published on : 07-02-2024 17:15:10
Last modified on : 07-02-2024 17:38:33

Description :
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.

CVE ID : CVE-2024-23806
Source : ics-cert@hq.dhs.gov
CVSS Score : 5.3

References :
https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02 | source : ics-cert@hq.dhs.gov
https://www.hidglobal.com/support | source : ics-cert@hq.dhs.gov

Vulnerability : CWE-287


(5) LOW VULNERABILITIES [0.1, 3.9]

Source : wordfence.com

Vulnerability ID : CVE-2024-0628

First published on : 07-02-2024 07:15:07
Last modified on : 07-02-2024 13:41:11

Description :
The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CVE ID : CVE-2024-0628
Source : security@wordfence.com
CVSS Score : 3.8

References :
https://plugins.trac.wordpress.org/changeset/3029525/wp-rss-aggregator | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/2154383e-eabb-4964-8991-423dd68d5efb?source=cve | source : security@wordfence.com


Source : vuldb.com

Vulnerability ID : CVE-2024-1267

First published on : 07-02-2024 01:15:08
Last modified on : 07-02-2024 13:41:21

Description :
A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-1267
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://drive.google.com/drive/folders/18N_20KuGPjrBbvOMSfbvBIc1sMKyycH3?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.253010 | source : cna@vuldb.com
https://vuldb.com/?id.253010 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-1265

First published on : 07-02-2024 00:15:56
Last modified on : 07-02-2024 01:11:27

Description :
A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253008.

CVE ID : CVE-2024-1265
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://drive.google.com/file/d/1AnzEcwDC0AP56i65zCqekFAeYQY6skBH/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.253008 | source : cna@vuldb.com
https://vuldb.com/?id.253008 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-1266

First published on : 07-02-2024 01:15:07
Last modified on : 07-02-2024 13:41:21

Description :
A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253009 was assigned to this vulnerability.

CVE ID : CVE-2024-1266
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://drive.google.com/file/d/16a9lQqUFBICw-Hhbe9bT5sSB7qwZjMwA/view?usp=sharing | source : cna@vuldb.com
https://vuldb.com/?ctiid.253009 | source : cna@vuldb.com
https://vuldb.com/?id.253009 | source : cna@vuldb.com

Vulnerability : CWE-79


Vulnerability ID : CVE-2024-1269

First published on : 07-02-2024 02:15:55
Last modified on : 07-02-2024 13:41:21

Description :
A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012.

CVE ID : CVE-2024-1269
Source : cna@vuldb.com
CVSS Score : 2.4

References :
https://github.com/PrecursorYork/Product-Management-System-Using-PHP-and-MySQL-Reflected-XSS-POC/blob/main/README.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.253012 | source : cna@vuldb.com
https://vuldb.com/?id.253012 | source : cna@vuldb.com

Vulnerability : CWE-79


(23) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : google.com

Vulnerability ID : CVE-2024-1283

First published on : 07-02-2024 00:15:56
Last modified on : 07-02-2024 01:11:27

Description :
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-1283
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html | source : chrome-cve-admin@google.com
https://issues.chromium.org/issues/41494860 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-1284

First published on : 07-02-2024 00:15:56
Last modified on : 07-02-2024 01:11:27

Description :
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-1284
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html | source : chrome-cve-admin@google.com
https://issues.chromium.org/issues/41494539 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-22012

First published on : 07-02-2024 16:15:47
Last modified on : 07-02-2024 17:04:54

Description :
In TBD of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE ID : CVE-2024-22012
Source : dsap-vuln-management@google.com
CVSS Score : /

References :
https://source.android.com/security/bulletin/pixel/2024-02-01 | source : dsap-vuln-management@google.com


Source : mitre.org

Vulnerability ID : CVE-2024-24001

First published on : 07-02-2024 00:15:56
Last modified on : 07-02-2024 01:11:27

Description :
jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.

CVE ID : CVE-2024-24001
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24001.txt | source : cve@mitre.org
https://github.com/jishenghua/jshERP/issues/99 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24002

First published on : 07-02-2024 00:15:56
Last modified on : 07-02-2024 01:11:27

Description :
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.

CVE ID : CVE-2024-24002
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24002.txt | source : cve@mitre.org
https://github.com/jishenghua/jshERP/issues/99 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24004

First published on : 07-02-2024 00:15:56
Last modified on : 07-02-2024 01:11:27

Description :
jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection.

CVE ID : CVE-2024-24004
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24004.txt | source : cve@mitre.org
https://github.com/jishenghua/jshERP/issues/99 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24019

First published on : 07-02-2024 01:15:08
Last modified on : 07-02-2024 13:41:21

Description :
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list

CVE ID : CVE-2024-24019
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/201206030/novel-plus | source : cve@mitre.org
https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24019.txt | source : cve@mitre.org


Vulnerability ID : CVE-2023-40355

First published on : 07-02-2024 08:15:40
Last modified on : 07-02-2024 13:41:11

Description :
Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.

CVE ID : CVE-2023-40355
Source : cve@mitre.org
CVSS Score : /

References :
https://www.axigen.com/knowledgebase/Axigen-WebMail-XSS-Vulnerability-CVE-2023-40355-_396.html | source : cve@mitre.org


Vulnerability ID : CVE-2023-46914

First published on : 07-02-2024 09:15:15
Last modified on : 07-02-2024 13:41:11

Description :
SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.

CVE ID : CVE-2023-46914
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/02/06/bookingcalendar.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-24303

First published on : 07-02-2024 09:15:15
Last modified on : 07-02-2024 13:41:11

Description :
SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.

CVE ID : CVE-2024-24303
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/02/06/hiadvancedgiftwrapping.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-24304

First published on : 07-02-2024 09:15:15
Last modified on : 07-02-2024 13:41:11

Description :
In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction.

CVE ID : CVE-2024-24304
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mailjet/prestashop-mailjet-plugin-apiv3/releases/tag/v3.5.1 | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2024/02/06/mailjet.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-24311

First published on : 07-02-2024 09:15:16
Last modified on : 07-02-2024 13:41:11

Description :
Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.

CVE ID : CVE-2024-24311
Source : cve@mitre.org
CVSS Score : /

References :
https://security.friendsofpresta.org/modules/2024/02/06/lgsitemaps.html | source : cve@mitre.org


Vulnerability ID : CVE-2024-24130

First published on : 07-02-2024 14:15:52
Last modified on : 07-02-2024 17:04:54

Description :
Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp.

CVE ID : CVE-2024-24130
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Hebing123/cve/issues/13 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24131

First published on : 07-02-2024 14:15:52
Last modified on : 07-02-2024 17:04:54

Description :
SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.

CVE ID : CVE-2024-24131
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Hebing123/cve/issues/14 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24133

First published on : 07-02-2024 14:15:52
Last modified on : 07-02-2024 17:04:54

Description :
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.

CVE ID : CVE-2024-24133
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Hebing123/cve/issues/16 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24186

First published on : 07-02-2024 14:15:52
Last modified on : 07-02-2024 17:04:54

Description :
Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.

CVE ID : CVE-2024-24186
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/pcmacdon/jsish/issues/98 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24188

First published on : 07-02-2024 14:15:52
Last modified on : 07-02-2024 17:04:54

Description :
Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.

CVE ID : CVE-2024-24188
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/pcmacdon/jsish/issues/100 | source : cve@mitre.org


Vulnerability ID : CVE-2024-24189

First published on : 07-02-2024 14:15:52
Last modified on : 07-02-2024 17:04:54

Description :
Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.

CVE ID : CVE-2024-24189
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/pcmacdon/jsish/issues/101 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25200

First published on : 07-02-2024 14:15:53
Last modified on : 07-02-2024 17:04:54

Description :
Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.

CVE ID : CVE-2024-25200
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/espruino/Espruino/issues/2457 | source : cve@mitre.org


Vulnerability ID : CVE-2024-25201

First published on : 07-02-2024 14:15:53
Last modified on : 07-02-2024 17:04:54

Description :
Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.

CVE ID : CVE-2024-25201
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/espruino/Espruino/issues/2456 | source : cve@mitre.org


Vulnerability ID : CVE-2023-38995

First published on : 07-02-2024 20:15:49
Last modified on : 07-02-2024 22:02:11

Description :
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.

CVE ID : CVE-2023-38995
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-38995-Schuhfried-Preauth-PrivEsc.pdf | source : cve@mitre.org


Vulnerability ID : CVE-2024-22984

First published on : 07-02-2024 20:15:49
Last modified on : 07-02-2024 20:15:49

Description :
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE ID : CVE-2024-22984
Source : cve@mitre.org
CVSS Score : /

References :


Vulnerability ID : CVE-2024-24488

First published on : 07-02-2024 20:15:49
Last modified on : 07-02-2024 22:02:11

Description :
An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component.

CVE ID : CVE-2024-24488
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/minj-ae/CVE-2024-24488 | source : cve@mitre.org


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.