Latest vulnerabilities [Wednesday, January 24, 2024]

Latest vulnerabilities [Wednesday, January 24, 2024]
{{titre}}

Last update performed on 01/24/2024 at 11:57:07 PM

(1) CRITICAL VULNERABILITIES [9.0, 10.0]

Source : patchstack.com

Vulnerability ID : CVE-2023-52221

First published on : 24-01-2024 12:15:56
Last modified on : 24-01-2024 13:49:03

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1.

CVE ID : CVE-2023-52221
Source : audit@patchstack.com
CVSS Score : 10.0

References :
https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-434


(10) HIGH VULNERABILITIES [7.0, 8.9]

Source : github.com

Vulnerability ID : CVE-2024-23648

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue.

CVE ID : CVE-2024-23648
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j | source : security-advisories@github.com

Vulnerability : CWE-74


Vulnerability ID : CVE-2024-23646

First published on : 24-01-2024 20:15:53
Last modified on : 24-01-2024 20:15:53

Description :
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.

CVE ID : CVE-2024-23646
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2 | source : security-advisories@github.com
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv | source : security-advisories@github.com

Vulnerability : CWE-89


Vulnerability ID : CVE-2024-23641

First published on : 24-01-2024 17:15:08
Last modified on : 24-01-2024 18:45:34

Description :
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.

CVE ID : CVE-2024-23641
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9 | source : security-advisories@github.com
https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49 | source : security-advisories@github.com

Vulnerability : CWE-20


Vulnerability ID : CVE-2024-23649

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied.

CVE ID : CVE-2024-23649
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://github.com/LemmyNet/lemmy/commit/bc32b408b523b9b64aa57b8e47748f96cce0dae5 | source : security-advisories@github.com
https://github.com/LemmyNet/lemmy/security/advisories/GHSA-r64r-5h43-26qv | source : security-advisories@github.com

Vulnerability : CWE-200
Vulnerability : CWE-285


Source : patchstack.com

Vulnerability ID : CVE-2024-22284

First published on : 24-01-2024 12:15:57
Last modified on : 24-01-2024 13:49:03

Description :
Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.

CVE ID : CVE-2024-22284
Source : audit@patchstack.com
CVSS Score : 8.7

References :
https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-7-2-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2024-22309

First published on : 24-01-2024 12:15:58
Last modified on : 24-01-2024 13:49:03

Description :
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.

CVE ID : CVE-2024-22309
Source : audit@patchstack.com
CVSS Score : 8.7

References :
https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-5-1-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-502


Vulnerability ID : CVE-2024-22135

First published on : 24-01-2024 12:15:57
Last modified on : 24-01-2024 13:49:03

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3.

CVE ID : CVE-2024-22135
Source : audit@patchstack.com
CVSS Score : 8.0

References :
https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-3-arbitrary-file-upload-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-22152

First published on : 24-01-2024 12:15:57
Last modified on : 24-01-2024 13:49:03

Description :
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.

CVE ID : CVE-2024-22152
Source : audit@patchstack.com
CVSS Score : 8.0

References :
https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-3-7-arbitrary-file-upload-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-434


Vulnerability ID : CVE-2024-22154

First published on : 24-01-2024 13:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.

CVE ID : CVE-2024-22154
Source : audit@patchstack.com
CVSS Score : 7.5

References :
https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-sensitive-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Source : nvidia.com

Vulnerability ID : CVE-2023-31037

First published on : 24-01-2024 03:15:08
Last modified on : 24-01-2024 13:49:03

Description :
NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.

CVE ID : CVE-2023-31037
Source : psirt@nvidia.com
CVSS Score : 7.2

References :
https://nvidia.custhelp.com/app/answers/detail/a_id/5511 | source : psirt@nvidia.com

Vulnerability : CWE-94


(12) MEDIUM VULNERABILITIES [4.0, 6.9]

Source : github.com

Vulnerability ID : CVE-2024-23644

First published on : 24-01-2024 20:15:53
Last modified on : 24-01-2024 20:15:53

Description :
Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.

CVE ID : CVE-2024-23644
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d | source : security-advisories@github.com
https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999 | source : security-advisories@github.com
https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf | source : security-advisories@github.com

Vulnerability : CWE-113


Vulnerability ID : CVE-2024-23638

First published on : 24-01-2024 00:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.

CVE ID : CVE-2024-23638
Source : security-advisories@github.com
CVSS Score : 6.5

References :
http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch | source : security-advisories@github.com
http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch | source : security-advisories@github.com
https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b | source : security-advisories@github.com
https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8 | source : security-advisories@github.com
https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx | source : security-advisories@github.com
https://megamansec.github.io/Squid-Security-Audit/stream-assert.html | source : security-advisories@github.com

Vulnerability : CWE-825


Vulnerability ID : CVE-2024-23633

First published on : 24-01-2024 00:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. `data_import/uploader.py` lines 125C5 through 146 showed that if a URL passed the server side request forgery verification checks, the contents of the file would be downloaded using the filename in the URL. The downloaded file path could then be retrieved by sending a request to `/api/projects/{project_id}/file-uploads?ids=[{download_id}]` where `{project_id}` was the ID of the project and `{download_id}` was the ID of the downloaded file. Once the downloaded file path was retrieved by the previous API endpoint, `data_import/api.py`lines 595C1 through 616C62 demonstrated that the `Content-Type` of the response was determined by the file extension, since `mimetypes.guess_type` guesses the `Content-Type` based on the file extension. Since the `Content-Type` was determined by the file extension of the downloaded file, an attacker could import in a `.html` file that would execute JavaScript when visited. Version 1.10.1 contains a patch for this issue. Other remediation strategies are also available. For all user provided files that are downloaded by Label Studio, set the `Content-Security-Policy: sandbox;` response header when viewed on the site. The `sandbox` directive restricts a page's actions to prevent popups, execution of plugins and scripts and enforces a `same-origin` policy. Alternatively, restrict the allowed file extensions that may be downloaded.

CVE ID : CVE-2024-23633
Source : security-advisories@github.com
CVSS Score : 4.7

References :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox | source : security-advisories@github.com
https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/api.py#L595C1-L616C62 | source : security-advisories@github.com
https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/uploader.py#L125C5-L146 | source : security-advisories@github.com
https://github.com/HumanSignal/label-studio/security/advisories/GHSA-fq23-g58m-799r | source : security-advisories@github.com

Vulnerability : CWE-79


Source : emc.com

Vulnerability ID : CVE-2023-44281

First published on : 24-01-2024 16:15:08
Last modified on : 24-01-2024 18:45:34

Description :
Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service.

CVE ID : CVE-2023-44281
Source : security_alert@emc.com
CVSS Score : 6.6

References :
https://www.dell.com/support/kbdoc/en-us/000219185/dsa-2023-141 | source : security_alert@emc.com

Vulnerability : CWE-264


Source : patchstack.com

Vulnerability ID : CVE-2024-22141

First published on : 24-01-2024 15:15:08
Last modified on : 24-01-2024 18:45:34

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0.

CVE ID : CVE-2024-22141
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-totp-secret-key-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-22294

First published on : 24-01-2024 12:15:58
Last modified on : 24-01-2024 13:49:03

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.This issue affects IP2Location Country Blocker: from n/a through 2.33.3.

CVE ID : CVE-2024-22294
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-33-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-22301

First published on : 24-01-2024 12:15:58
Last modified on : 24-01-2024 13:49:03

Description :
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6.

CVE ID : CVE-2024-22301
Source : audit@patchstack.com
CVSS Score : 5.3

References :
https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-sensitive-data-exposure-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-200


Vulnerability ID : CVE-2024-22134

First published on : 24-01-2024 12:15:57
Last modified on : 24-01-2024 13:49:03

Description :
Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.

CVE ID : CVE-2024-22134
Source : audit@patchstack.com
CVSS Score : 4.9

References :
https://patchstack.com/database/vulnerability/contact-form-7-mailchimp-extension/wordpress-contact-form-7-extension-for-mailchimp-plugin-0-5-70-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-918


Source : wordfence.com

Vulnerability ID : CVE-2024-0665

First published on : 24-01-2024 08:15:37
Last modified on : 24-01-2024 13:49:03

Description :
The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2024-0665
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/changeset/3025865/customer-area/trunk/src/php/core-addons/admin-area/templates/dashboard-page.template.php | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve | source : security@wordfence.com


Vulnerability ID : CVE-2023-6697

First published on : 24-01-2024 14:15:08
Last modified on : 24-01-2024 18:45:34

Description :
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE ID : CVE-2023-6697
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/changeset/3022232/wp-google-maps/trunk/html/atlas-novus/map-edit-page/map-edit-page.html.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c3115b-8921-429d-b517-b946edab1cd5?source=cve | source : security@wordfence.com


Source : ubuntu.com

Vulnerability ID : CVE-2022-4964

First published on : 24-01-2024 01:15:07
Last modified on : 24-01-2024 13:49:03

Description :
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.

CVE ID : CVE-2022-4964
Source : security@ubuntu.com
CVSS Score : 5.5

References :
https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707/ | source : security@ubuntu.com
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964 | source : security@ubuntu.com
https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1779 | source : security@ubuntu.com
https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567 | source : security@ubuntu.com


Source : synology.com

Vulnerability ID : CVE-2024-0854

First published on : 24-01-2024 10:15:09
Last modified on : 24-01-2024 13:49:03

Description :
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

CVE ID : CVE-2024-0854
Source : security@synology.com
CVSS Score : 4.1

References :
https://www.synology.com/en-global/security/advisory/Synology_SA_24_02 | source : security@synology.com

Vulnerability : CWE-601


(2) LOW VULNERABILITIES [0.1, 3.9]

Source : patchstack.com

Vulnerability ID : CVE-2024-22308

First published on : 24-01-2024 12:15:58
Last modified on : 24-01-2024 13:49:03

Description :
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.

CVE ID : CVE-2024-22308
Source : audit@patchstack.com
CVSS Score : 3.4

References :
https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-4-1-open-redirection-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-601


Source : emc.com

Vulnerability ID : CVE-2024-22229

First published on : 24-01-2024 17:15:08
Last modified on : 24-01-2024 18:45:34

Description :
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

CVE ID : CVE-2024-22229
Source : security_alert@emc.com
CVSS Score : 3.1

References :
https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-117


(65) NO SCORE VULNERABILITIES [0.0, 0.0]

Source : google.com

Vulnerability ID : CVE-2024-0804

First published on : 24-01-2024 00:15:07
Last modified on : 24-01-2024 13:49:03

Description :
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVE ID : CVE-2024-0804
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1515137 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0805

First published on : 24-01-2024 00:15:07
Last modified on : 24-01-2024 13:49:03

Description :
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)

CVE ID : CVE-2024-0805
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1514925 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0806

First published on : 24-01-2024 00:15:07
Last modified on : 24-01-2024 13:49:03

Description :
Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

CVE ID : CVE-2024-0806
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1505176 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0807

First published on : 24-01-2024 00:15:07
Last modified on : 24-01-2024 13:49:03

Description :
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-0807
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1505080 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0808

First published on : 24-01-2024 00:15:07
Last modified on : 24-01-2024 13:49:03

Description :
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

CVE ID : CVE-2024-0808
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1504936 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0809

First published on : 24-01-2024 00:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

CVE ID : CVE-2024-0809
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1497985 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0810

First published on : 24-01-2024 00:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)

CVE ID : CVE-2024-0810
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1496250 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0811

First published on : 24-01-2024 00:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

CVE ID : CVE-2024-0811
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1494490 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0812

First published on : 24-01-2024 00:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

CVE ID : CVE-2024-0812
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1484394 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0813

First published on : 24-01-2024 00:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

CVE ID : CVE-2024-0813
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1477151 | source : chrome-cve-admin@google.com


Vulnerability ID : CVE-2024-0814

First published on : 24-01-2024 00:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE ID : CVE-2024-0814
Source : chrome-cve-admin@google.com
CVSS Score : /

References :
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | source : chrome-cve-admin@google.com
https://crbug.com/1463935 | source : chrome-cve-admin@google.com


Source : jpcert.or.jp

Vulnerability ID : CVE-2024-23453

First published on : 24-01-2024 00:15:08
Last modified on : 24-01-2024 13:49:03

Description :
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.

CVE ID : CVE-2024-23453
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN96154238/ | source : vultures@jpcert.or.jp
https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US | source : vultures@jpcert.or.jp
https://spoon-support.spooncast.net/jp/update | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-21765

First published on : 24-01-2024 02:15:07
Last modified on : 24-01-2024 13:49:03

Description :
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

CVE ID : CVE-2024-21765
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
http://www.cals-ed.go.jp/checksys-release-20231130/ | source : vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN77736613/ | source : vultures@jpcert.or.jp
https://www.ysk.nilim.go.jp/cals/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-21796

First published on : 24-01-2024 02:15:07
Last modified on : 24-01-2024 13:49:03

Description :
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

CVE ID : CVE-2024-21796
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN40049211/ | source : vultures@jpcert.or.jp
https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-22380

First published on : 24-01-2024 02:15:07
Last modified on : 24-01-2024 13:49:03

Description :
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

CVE ID : CVE-2024-22380
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN01434915/ | source : vultures@jpcert.or.jp
https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-22366

First published on : 24-01-2024 05:15:13
Last modified on : 24-01-2024 13:49:03

Description :
Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier.

CVE ID : CVE-2024-22366
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html | source : vultures@jpcert.or.jp
https://jvn.jp/en/vu/JVNVU99896362/ | source : vultures@jpcert.or.jp


Vulnerability ID : CVE-2024-22372

First published on : 24-01-2024 05:15:14
Last modified on : 24-01-2024 13:49:03

Description :
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and earlier, WRC-X1800GSA-B v1.17 and earlier, WRC-X1800GSH-B v1.17 and earlier, WRC-X6000XS-G v1.09, and WRC-X6000XST-G v1.12 and earlier.

CVE ID : CVE-2024-22372
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU90908488/ | source : vultures@jpcert.or.jp
https://www.elecom.co.jp/news/security/20240123-01/ | source : vultures@jpcert.or.jp


Source : mitre.org

Vulnerability ID : CVE-2023-43317

First published on : 24-01-2024 07:15:46
Last modified on : 24-01-2024 13:49:03

Description :
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component.

CVE ID : CVE-2023-43317
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/amjadali-110/CVE-2023-43317/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51711

First published on : 24-01-2024 07:15:47
Last modified on : 24-01-2024 13:49:03

Description :
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.

CVE ID : CVE-2023-51711
Source : cve@mitre.org
CVSS Score : /

References :
https://excellium-services.com/cert-xlm-advisory/cve-2023-51711/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-43988

First published on : 24-01-2024 10:15:08
Last modified on : 24-01-2024 13:49:03

Description :
An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43988
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43988.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43989

First published on : 24-01-2024 10:15:08
Last modified on : 24-01-2024 13:49:03

Description :
An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43989
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43989.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43990

First published on : 24-01-2024 10:15:08
Last modified on : 24-01-2024 13:49:03

Description :
An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43990
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43990.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43991

First published on : 24-01-2024 10:15:08
Last modified on : 24-01-2024 13:49:03

Description :
An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43991
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43991.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43992

First published on : 24-01-2024 10:15:08
Last modified on : 24-01-2024 13:49:03

Description :
An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43992
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43992.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43993

First published on : 24-01-2024 10:15:08
Last modified on : 24-01-2024 13:49:03

Description :
An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43993
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43993.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43994

First published on : 24-01-2024 10:15:08
Last modified on : 24-01-2024 13:49:03

Description :
An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43994
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43994.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43995

First published on : 24-01-2024 10:15:08
Last modified on : 24-01-2024 13:49:03

Description :
An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43995
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43995.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43996

First published on : 24-01-2024 10:15:09
Last modified on : 24-01-2024 13:49:03

Description :
An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43996
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43996.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43997

First published on : 24-01-2024 10:15:09
Last modified on : 24-01-2024 13:49:03

Description :
An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43997
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43997.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43998

First published on : 24-01-2024 10:15:09
Last modified on : 24-01-2024 13:49:03

Description :
An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43998
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43998.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-43999

First published on : 24-01-2024 10:15:09
Last modified on : 24-01-2024 13:49:03

Description :
An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-43999
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43999.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-44000

First published on : 24-01-2024 10:15:09
Last modified on : 24-01-2024 13:49:03

Description :
An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-44000
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-44000.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-44001

First published on : 24-01-2024 10:15:09
Last modified on : 24-01-2024 13:49:03

Description :
An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE ID : CVE-2023-44001
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-44001.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22651

First published on : 24-01-2024 16:15:08
Last modified on : 24-01-2024 18:45:34

Description :
There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.

CVE ID : CVE-2024-22651
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22725

First published on : 24-01-2024 16:15:08
Last modified on : 24-01-2024 18:45:34

Description :
Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.

CVE ID : CVE-2024-22725
Source : cve@mitre.org
CVSS Score : /

References :
https://orthanc.uclouvain.be/hg/orthanc/file/Orthanc-1.12.2/NEWS | source : cve@mitre.org
https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51885

First published on : 24-01-2024 17:15:08
Last modified on : 24-01-2024 18:45:34

Description :
Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.

CVE ID : CVE-2023-51885
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51886

First published on : 24-01-2024 17:15:08
Last modified on : 24-01-2024 18:45:34

Description :
Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath.

CVE ID : CVE-2023-51886
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51887

First published on : 24-01-2024 17:15:08
Last modified on : 24-01-2024 18:45:34

Description :
Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.

CVE ID : CVE-2023-51887
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ | source : cve@mitre.org


Vulnerability ID : CVE-2021-42143

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.

CVE ID : CVE-2021-42143
Source : cve@mitre.org
CVSS Score : /

References :
https://seclists.org/fulldisclosure/2024/Jan/16 | source : cve@mitre.org


Vulnerability ID : CVE-2021-42144

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message().

CVE ID : CVE-2021-42144
Source : cve@mitre.org
CVSS Score : /

References :
https://seclists.org/fulldisclosure/2024/Jan/17 | source : cve@mitre.org


Vulnerability ID : CVE-2023-51888

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.

CVE ID : CVE-2023-51888
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51889

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL.

CVE ID : CVE-2023-51889
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-51890

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL.

CVE ID : CVE-2023-51890
Source : cve@mitre.org
CVSS Score : /

References :
https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/ | source : cve@mitre.org


Vulnerability ID : CVE-2023-52038

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.

CVE ID : CVE-2023-52038
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/1/1.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-52039

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.

CVE ID : CVE-2023-52039
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/2/2.md | source : cve@mitre.org


Vulnerability ID : CVE-2023-52040

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.

CVE ID : CVE-2023-52040
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/3/3.md | source : cve@mitre.org


Vulnerability ID : CVE-2024-22720

First published on : 24-01-2024 18:15:08
Last modified on : 24-01-2024 18:45:30

Description :
Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.

CVE ID : CVE-2024-22720
Source : cve@mitre.org
CVSS Score : /

References :
https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b | source : cve@mitre.org


Vulnerability ID : CVE-2021-42145

First published on : 24-01-2024 19:15:08
Last modified on : 24-01-2024 19:43:42

Description :
An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service.

CVE ID : CVE-2021-42145
Source : cve@mitre.org
CVSS Score : /

References :
https://seclists.org/fulldisclosure/2024/Jan/18 | source : cve@mitre.org


Vulnerability ID : CVE-2021-42146

First published on : 24-01-2024 19:15:08
Last modified on : 24-01-2024 19:43:42

Description :
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).

CVE ID : CVE-2021-42146
Source : cve@mitre.org
CVSS Score : /

References :
https://seclists.org/fulldisclosure/2024/Jan/19 | source : cve@mitre.org


Vulnerability ID : CVE-2021-42147

First published on : 24-01-2024 19:15:08
Last modified on : 24-01-2024 19:43:42

Description :
Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet.

CVE ID : CVE-2021-42147
Source : cve@mitre.org
CVSS Score : /

References :
https://seclists.org/fulldisclosure/2024/Jan/20 | source : cve@mitre.org


Vulnerability ID : CVE-2021-43584

First published on : 24-01-2024 20:15:53
Last modified on : 24-01-2024 20:15:53

Description :
DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log.

CVE ID : CVE-2021-43584
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/NagiosEnterprises/ncpa/issues/830 | source : cve@mitre.org


Vulnerability ID : CVE-2023-24676

First published on : 24-01-2024 21:15:08
Last modified on : 24-01-2024 21:15:08

Description :
An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module.

CVE ID : CVE-2023-24676
Source : cve@mitre.org
CVSS Score : /

References :
https://medium.com/%40cupc4k3/reverse-shell-via-remote-file-inlusion-in-proccesswire-cms-a8fa5ace3255 | source : cve@mitre.org


Vulnerability ID : CVE-2024-22751

First published on : 24-01-2024 21:15:08
Last modified on : 24-01-2024 21:15:08

Description :
D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function.

CVE ID : CVE-2024-22751
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/5erua/vuls/blob/main/dir882.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org


Source : apache.org

Vulnerability ID : CVE-2023-50943

First published on : 24-01-2024 13:15:07
Last modified on : 24-01-2024 15:15:08

Description :
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

CVE ID : CVE-2023-50943
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/4 | source : security@apache.org
https://github.com/apache/airflow/pull/36255 | source : security@apache.org
https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn | source : security@apache.org

Vulnerability : CWE-502


Vulnerability ID : CVE-2023-50944

First published on : 24-01-2024 13:15:08
Last modified on : 24-01-2024 15:15:08

Description :
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

CVE ID : CVE-2023-50944
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/5 | source : security@apache.org
https://github.com/apache/airflow/pull/36257 | source : security@apache.org
https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h | source : security@apache.org

Vulnerability : CWE-862


Vulnerability ID : CVE-2023-51702

First published on : 24-01-2024 13:15:08
Last modified on : 24-01-2024 15:15:08

Description :
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.

CVE ID : CVE-2023-51702
Source : security@apache.org
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/3 | source : security@apache.org
https://github.com/apache/airflow/pull/29498 | source : security@apache.org
https://github.com/apache/airflow/pull/30110 | source : security@apache.org
https://github.com/apache/airflow/pull/36492 | source : security@apache.org
https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9 | source : security@apache.org

Vulnerability : CWE-312
Vulnerability : CWE-532


Source : googlegroups.com

Vulnerability ID : CVE-2024-23897

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

CVE ID : CVE-2024-23897
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/6 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2024-23898

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.

CVE ID : CVE-2024-23898
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/6 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2024-23899

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.

CVE ID : CVE-2024-23899
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/6 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2024-23900

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.

CVE ID : CVE-2024-23900
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/6 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2024-23901

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.

CVE ID : CVE-2024-23901
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/6 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3040 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2024-23902

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.

CVE ID : CVE-2024-23902
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/6 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3251 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2024-23903

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

CVE ID : CVE-2024-23903
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/6 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-2871 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2024-23904

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.

CVE ID : CVE-2024-23904
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/6 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3334 | source : jenkinsci-cert@googlegroups.com


Vulnerability ID : CVE-2024-23905

First published on : 24-01-2024 18:15:09
Last modified on : 24-01-2024 18:45:30

Description :
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.

CVE ID : CVE-2024-23905
Source : jenkinsci-cert@googlegroups.com
CVSS Score : /

References :
http://www.openwall.com/lists/oss-security/2024/01/24/6 | source : jenkinsci-cert@googlegroups.com
https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3322 | source : jenkinsci-cert@googlegroups.com


This website uses the NVD API, but is not approved or certified by it.

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.