High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| acowebs — pdf_invoices_and_packing_slips_for_woocommerce |
Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7. | 2024-03-28 | 8.2 | CVE-2024-30230 [email protected] |
| active_websight — seo_backlink_monitor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Active Websight SEO Backlink Monitor allows Reflected XSS.This issue affects SEO Backlink Monitor: from n/a through 1.5.0. | 2024-03-27 | 7.1 | CVE-2024-29907 [email protected] |
| adtribes.io — product_feed_pro_for_woocommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5. | 2024-03-27 | 7.1 | CVE-2024-24800 [email protected] |
| andy_moyle — church_admin |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. | 2024-03-28 | 8.5 | CVE-2024-30244 [email protected] |
| ansys — pyansys-geometry |
PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12. | 2024-03-26 | 7.4 | CVE-2024-29189 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| apache_software_foundation — apache_fineract |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | 2024-03-29 | 9.9 | CVE-2024-23538 [email protected] [email protected] |
| apache_software_foundation — apache_fineract |
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue. | 2024-03-29 | 8.4 | CVE-2024-23537 [email protected] [email protected] |
| apache_software_foundation — apache_fineract |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | 2024-03-29 | 8.3 | CVE-2024-23539 [email protected] [email protected] |
| appscreo — easy_social_share_buttons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 9.4. | 2024-03-27 | 7.1 | CVE-2024-30196 [email protected] |
| archetyped — cornerstone |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0. | 2024-03-28 | 7.1 | CVE-2024-28002 [email protected] |
| archetyped — favicon_rotator |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Archetyped Favicon Rotator allows Reflected XSS.This issue affects Favicon Rotator: from n/a through 1.2.10. | 2024-03-28 | 7.1 | CVE-2024-28001 [email protected] |
| artbees — jupiterx_core |
Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. | 2024-03-26 | 9 | CVE-2023-38388 [email protected] |
| automationdirect — c-more_ea9_hmi_ea9-t6cl |
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content. | 2024-03-26 | 7.5 | CVE-2024-25136 [email protected] |
| bdthemes — element_pack_elementor_addons |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3. | 2024-03-29 | 8.5 | CVE-2024-30496 [email protected] |
| benjamin_rojas — wp_editor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8. | 2024-03-27 | 7.1 | CVE-2024-24700 [email protected] |
| bestwebsoft — limit_attempts_by_bestwebsoft |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BestWebSoft Limit Attempts by BestWebSoft allows Reflected XSS.This issue affects Limit Attempts by BestWebSoft: from n/a through 1.2.9. | 2024-03-29 | 7.1 | CVE-2024-30439 [email protected] |
| bizswoop_a_cpf_concepts,_llc_brand — bizprint |
Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5. | 2024-03-27 | 7.1 | CVE-2024-29773 [email protected] |
| booking_activities_team — booking_activities |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Booking Activities Team Booking Activities allows Reflected XSS.This issue affects Booking Activities: from n/a through 1.15.19. | 2024-03-29 | 7.1 | CVE-2024-30449 [email protected] |
| bosch — network_synchronizer_enterprise |
Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device. | 2024-03-25 | 8.8 | CVE-2024-25002 [email protected] |
| brainstorm_force — spectra |
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. | 2024-03-28 | 7.1 | CVE-2023-36679 [email protected] |
| brainstorm_force — starter_templates_-_elementor_wordpress_&_beaver_builder_templates |
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates – Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates – Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4. | 2024-03-28 | 7.1 | CVE-2023-34370 [email protected] [email protected] |
| bulletin — wordpress_announcement_&_notification_banner_plugin_-_bulletin
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin – Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin – Bulletin: from n/a through 3.8.5. | 2024-03-29 | 7.6 | CVE-2024-30478 [email protected] |
| campcodes-house-rental-management-system
|
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file ajax.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257982 is the identifier assigned to this vulnerability. | 2024-03-26 | 7.3 | CVE-2024-2916 [email protected] [email protected] [email protected] [email protected] |
| castos — seriously_simple_podcasting |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2. | 2024-03-28 | 7.1 | CVE-2024-25599 [email protected] |
| checkemail — check_&_log_email |
The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement. | 2024-03-26 | 8.1 | CVE-2024-0866 [email protected] [email protected] |
| cilium — cilium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3. | 2024-03-27 | 8 | CVE-2024-28860 [email protected] [email protected] [email protected] [email protected] [email protected] |
| cisco — cisco_aironet_access_point_software |
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets. | 2024-03-27 | 8.6 | CVE-2024-20271 [email protected] |
| cisco — cisco_ios_xe_software |
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one. | 2024-03-27 | 8.6 | CVE-2024-20259 [email protected] |
| cisco — cisco_ios_xe_software |
A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition. | 2024-03-27 | 8.6 | CVE-2024-20314 [email protected] |
| cisco — cisco_ios_xe_software |
A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition. | 2024-03-27 | 7.4 | CVE-2024-20303 [email protected] |
| cisco — ios |
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.. | 2024-03-27 | 8.6 | CVE-2024-20308 [email protected] |
| cisco — ios |
A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This vulnerability could be exploited over either IPv4 or IPv6 transport. | 2024-03-27 | 8.6 | CVE-2024-20311 [email protected] |
| cisco — ios |
A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | 2024-03-27 | 7.4 | CVE-2024-20276 [email protected] |
| cisco — ios |
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency. | 2024-03-27 | 7.4 | CVE-2024-20312 [email protected] |
| code-projects — mobile_shop |
A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258000. | 2024-03-26 | 7.3 | CVE-2024-2927 [email protected] [email protected] [email protected] |
| code-projects — online_book_system |
A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258202 is the identifier assigned to this vulnerability. | 2024-03-27 | 7.3 | CVE-2024-3000 [email protected] [email protected] [email protected] [email protected] |
| codeigniter4 — codeigniter4 |
CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later. | 2024-03-29 | 7.5 | CVE-2024-29904 [email protected] [email protected] |
| codepeople — calculated_fields_form |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54. | 2024-03-27 | 7.1 | CVE-2024-29759 [email protected] |
| contact_form_with_captcha — contact_form_with_captcha |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8. | 2024-03-26 | 7.1 | CVE-2023-45771 [email protected] |
| contest_gallery — contest_gallery |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4. | 2024-03-28 | 8.5 | CVE-2024-30236 [email protected] |
| contest_gallery — contest_gallery |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2. | 2024-03-27 | 8.5 | CVE-2024-30238 [email protected] |
| contest_gallery — contest_gallery |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Contest Gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through 21.3.5. | 2024-03-29 | 7.1 | CVE-2024-30428 [email protected] |
| conversios — conversios.io |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Conversios Conversios.Io allows Reflected XSS.This issue affects Conversios.Io: from n/a through 6.9.1. | 2024-03-27 | 7.1 | CVE-2024-29794 [email protected] |
| creative_solutions — creative_image_slider_-_responsive_slider_plugin |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative Solutions Creative Image Slider – Responsive Slider Plugin allows Reflected XSS.This issue affects Creative Image Slider – Responsive Slider Plugin: from n/a through 2.1.3. | 2024-03-29 | 7.1 | CVE-2024-30447 [email protected] |
| crm_perks — crm_perks_forms |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | 2024-03-29 | 9.3 | CVE-2024-30498 [email protected] |
| crm_perks — crm_perks_forms |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | 2024-03-29 | 8.5 | CVE-2024-30499 [email protected] |
| cubewp — cubewp_-_all-in-one_dynamic_content_framework |
Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.12. | 2024-03-29 | 9.9 | CVE-2024-30500 [email protected] |
| cyberchimps — responsive |
The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site’s footer. | 2024-03-29 | 7.5 | CVE-2024-2848 [email protected] [email protected] |
| datalens-tech — datalens |
DataLens is a business intelligence and data visualization system. A specifically crafted request allowed the creation of a special chart type with the ability to pass custom javascript code that would later be executed in an unprotected sandbox on subsequent requests to that chart. The problem was fixed in the datalens-ui version `0.1449.0`. Restricting access to the API for creating or modifying charts (`/charts/api/charts/v1/`) would mitigate the issue. | 2024-03-29 | 8.8 | CVE-2024-29890 [email protected] |
| decalog — decalog |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in DecaLog.This issue affects DecaLog: from n/a through 3.9.0. | 2024-03-28 | 7.6 | CVE-2024-30245 [email protected] |
| dell — insightiq |
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data. | 2024-03-27 | 8.3 | CVE-2024-25962 [email protected] |
| dell — powerscale_onefs |
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. | 2024-03-28 | 7.9 | CVE-2024-25959 [email protected] |
| dell — powerscale_onefs |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | 2024-03-28 | 7.3 | CVE-2024-25960 [email protected] |
| dell — virtual_appliance_(vapp)_manager |
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | 2024-03-28 | 7.2 | CVE-2024-25946 [email protected] |
| dell — virtual_appliance_(vapp)_manager |
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity. | 2024-03-28 | 7.2 | CVE-2024-25955 [email protected] |
| digamber_pradhan — preview_e-mails_for_woocommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview E-mails for WooCommerce: from n/a through 2.2.1. | 2024-03-28 | 7.1 | CVE-2024-27999 [email protected] |
| echo_plugins — knowledge_base_for_documentation_faqs_with_ai_assistance |
Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2. | 2024-03-27 | 8.7 | CVE-2024-24842 [email protected] |
| eclipse_foundation — threadx |
In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. | 2024-03-26 | 7.3 | CVE-2024-2212 [email protected] |
| eclipse_foundation — threadx |
In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c | 2024-03-26 | 7 | CVE-2024-2214 [email protected] |
| eclipse_foundation — threadx |
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows. | 2024-03-26 | 7 | CVE-2024-2452 [email protected] |
| egehan_security — webpdks |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-29 | 9.8 | CVE-2023-6191 [email protected] |
| electron — packager |
Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1. | 2024-03-29 | 7.5 | CVE-2024-29900 [email protected] [email protected] |
| elementor.com — elementor_website_builder |
Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | 2024-03-26 | 9.9 | CVE-2023-48777 [email protected] |
| etoile_web_design — front_end_users |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25. | 2024-03-26 | 7.1 | CVE-2023-33322 [email protected] |
| everpress — mailster |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.6. | 2024-03-29 | 7.1 | CVE-2024-30503 [email protected] |
| expresstech — quiz_and_survey_master |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4. | 2024-03-26 | 9.3 | CVE-2023-28787 [email protected] |
| faboba — falang_multilanguage |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47. | 2024-03-29 | 7.6 | CVE-2024-30495 [email protected] |
| foliovision:_making_the_web_work_for_you — fv_flowplayer_video_player |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. | 2024-03-27 | 7.1 | CVE-2024-22299 [email protected] |
| forgerock — access_management |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. | 2024-03-27 | 8.1 | CVE-2023-0582 [email protected] [email protected] |
| fortra — robot_schedule_enterprise_agent |
Fortra’s Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges. | 2024-03-28 | 7.3 | CVE-2024-0259 df4dee71-de3a-4139-9588-11b62fe6c0ff df4dee71-de3a-4139-9588-11b62fe6c0ff |
| gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. | 2024-03-28 | 8.7 | CVE-2023-6371 [email protected] [email protected] |
| givewp — givewp |
Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2. | 2024-03-28 | 8 | CVE-2024-30229 [email protected] |
| gsheetconnector — cf7_google_sheets_connector |
Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.This issue affects CF7 Google Sheets Connector: from n/a through 5.0.5. | 2024-03-26 | 7.5 | CVE-2023-44989 [email protected] |
| hercules_design — hercules_core_ |
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4. | 2024-03-28 | 9.9 | CVE-2024-30228 [email protected] |
| hitachi — hitachi_virtual_storage_platform |
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows local users to gain sensitive information.This issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00. | 2024-03-25 | 9.9 | CVE-2022-36407 [email protected] |
| hitachi_energy — mach_scm |
SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code (RCE) on the SCM Server remotely. Malicious clients can execute any command by using this RCE vulnerability. | 2024-03-27 | 7.5 | CVE-2024-0400 [email protected] |
| hitachi_energy — mach_scm |
Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do. | 2024-03-27 | 7.5 | CVE-2024-2097 [email protected] |
| hitachi_energy — rtu500_series_cmu_firmware |
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file. | 2024-03-27 | 8.2 | CVE-2024-1531 [email protected] |
| hometory — mang_board_wp |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hometory Mang Board WP allows Reflected XSS.This issue affects Mang Board WP: from n/a through 1.8.0. | 2024-03-29 | 7.1 | CVE-2024-30431 [email protected] |
| i_thirteen_web_solution — wp_responsive_tabs_horizontal_vertical_and_accordion_tabs |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17. | 2024-03-29 | 8.5 | CVE-2024-30497 [email protected] |
| ibm — common_cryptographic_architecture |
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602. | 2024-03-26 | 7.5 | CVE-2023-47150 [email protected] [email protected] |
| icegram — email_subscribers_&_newsletters |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11. | 2024-03-27 | 7.1 | CVE-2024-22300 [email protected] |
| indianic — widgets_controller |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1. | 2024-03-27 | 7.1 | CVE-2024-25926 [email protected] |
| infinitum_form — geo_controller |
Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4. | 2024-03-28 | 9 | CVE-2024-30227 [email protected] |
| it_path_solutions — contact_form_to_any_api |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8. | 2024-03-28 | 8.5 | CVE-2024-30242 [email protected] |
| jetbrains — teamcity
|
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | 2024-03-28 | 7.4 | CVE-2024-31136 [email protected] |
| johnbillion — wp-crontrol |
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met, the site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core, the site’s database is compromised at the hosting level, the site is vulnerable to a method of updating arbitrary options in the wp_options table, or the site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters. As a hardening measure, WP Crontrol version 1.16.2 ships with a new feature that prevents tampering of the code stored in a PHP cron event. | 2024-03-25 | 8.1 | CVE-2024-28850 [email protected] [email protected] |
| jonathankissam — action_network |
The Action Network plugin for WordPress is vulnerable to SQL Injection via the ‘bulk-action’ parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-03-27 | 7.2 | CVE-2024-2954 [email protected] [email protected] |
| jordy_meow — ai_engine:_chatgpt_chatbot |
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4. | 2024-03-28 | 9.1 | CVE-2024-29100 [email protected] |
| julien_crego — manager_for_icomoon |
Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | 2024-03-26 | 9.1 | CVE-2023-29386 [email protected] |
| jumpserver — jumpserver |
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer’s Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | 2024-03-29 | 9.9 | CVE-2024-29201 [email protected] |
| jumpserver — jumpserver |
JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer’s Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | 2024-03-29 | 9.9 | CVE-2024-29202 [email protected] |
| jupyterhub — jupyterhub |
JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former’s session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user’s single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0. | 2024-03-27 | 8.1 | CVE-2024-28233 [email protected] [email protected] |
| kadence_wp — gutenberg_blocks_by_kadence_blocks |
Server-Side Request Forgery (SSRF) vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks.This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.2.19. | 2024-03-28 | 7.7 | CVE-2024-23500 [email protected] |
| kainelabs — youzify_-_buddypress_moderation |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in KaineLabs Youzify – Buddypress Moderation.This issue affects Youzify – Buddypress Moderation: from n/a through 1.2.5. | 2024-03-25 | 7.3 | CVE-2024-2864 [email protected] |
| katie_seaborn — zotpress |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Katie Seaborn Zotpress.This issue affects Zotpress: from n/a through 7.3.7. | 2024-03-29 | 8.5 | CVE-2024-30488 [email protected] |
| kienso — co-marquage_service-public.fr |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.72. | 2024-03-27 | 7.1 | CVE-2024-29758 [email protected] |
| kindspells — astro-shield |
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be “allow-listing” malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0. | 2024-03-28 | 7.5 | CVE-2024-29896 [email protected] [email protected] |
| klbtheme — cosmetsy_theme_(core_plugin) |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme (core plugin), KlbTheme Furnob theme (core plugin), KlbTheme Clotya theme (core plugin) allows Reflected XSS.This issue affects Cosmetsy theme (core plugin): from n/a through 1.3.0; Partdo theme (core plugin): from n/a through 1.0.9; Bacola theme (core plugin): from n/a through 1.3.3; Medibazar theme (core plugin): from n/a through 1.2.3; Furnob theme (core plugin): from n/a through 1.1.7; Clotya theme (core plugin): from n/a through 1.1.5. | 2024-03-26 | 7.1 | CVE-2023-49839 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| kylephillips — favorites |
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘user_favorites’ shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘no_favorites’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 7.2 | CVE-2024-2948 [email protected] [email protected] |
| lg_electronics — lg_led_assistant |
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | 2024-03-25 | 9.1 | CVE-2024-2862 [email protected] |
| mad_fish_digital — bulk_noindex_&_nofollow_toolkit |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01. | 2024-03-27 | 7.1 | CVE-2024-29791 [email protected] |
| mainwp — mainwp_file_uploader_extension |
Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. | 2024-03-26 | 10 | CVE-2023-23656 [email protected] |
| mainwp — mainwp_links_manager_extension |
Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. | 2024-03-28 | 8.1 | CVE-2023-23649 [email protected] |
| max_foundry — media_library_folders |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.7. | 2024-03-29 | 8.5 | CVE-2024-30486 [email protected] |
| mergen_software — quality_management_system |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: through 25032024. | 2024-03-25 | 9.8 | CVE-2024-2865 [email protected] |
| metagauss — profilegrid_ |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 2024-03-29 | 9.3 | CVE-2024-30490 [email protected] |
| metagauss — profilegrid_ |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1. | 2024-03-28 | 8.5 | CVE-2024-30241 [email protected] |
| metagauss — profilegrid_ |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 2024-03-29 | 8.5 | CVE-2024-30491 [email protected] |
| mndpsingh287 — theme_editor |
Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1. | 2024-03-26 | 7.2 | CVE-2023-6091 [email protected] |
| n/a — cockpit |
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer. | 2024-03-28 | 7.3 | CVE-2024-2947 [email protected] [email protected] [email protected] [email protected] |
| n/a — oss_aliyun |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ?? OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10. | 2024-03-29 | 7.6 | CVE-2024-30494 [email protected] |
| n/a — pcp |
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the ‘Metrics settings’ page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer. | 2024-03-28 | 8.8 | CVE-2024-3019 [email protected] [email protected] |
| n/a — web3-utils |
Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object’s prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions. | 2024-03-25 | 7.5 | CVE-2024-21505 [email protected] [email protected] |
| n/a — xz |
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. | 2024-03-29 | 10 | CVE-2024-3094 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| n_squared — simply_schedule_appointments |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20. | 2024-03-27 | 7.1 | CVE-2024-22311 [email protected] |
| netweblogic — meta_tag_manager |
The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-03-28 | 8.8 | CVE-2024-1770 [email protected] [email protected] |
| nextcloud — nextcloudpi | NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1. | 2024-03-29 | 10 | CVE-2024-30247 [email protected] |
| nvidia — gpu_display_driver,_vgpu_driver_cloud_gaming_driver |
NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering. | 2024-03-27 | 7.1 | CVE-2024-0074 [email protected] |
| nvidia — gpu_display_driver_vgpu_driver,_cloud_gaming_driver |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2024-03-27 | 7.8 | CVE-2024-0071 [email protected] |
| nvidia — gpu_display_driver_vgpu_driver_cloud_gaming_driver |
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2024-03-27 | 7.8 | CVE-2024-0073 [email protected] |
| nvidia — vgpu_driver_cloud_gaming_driver |
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2024-03-27 | 7.8 | CVE-2024-0077 [email protected] |
| oliver_seidel_bastian_germann — cformsii |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5. | 2024-03-27 | 7.1 | CVE-2024-22149 [email protected] |
| onthegosystems — types |
Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17. | 2024-03-26 | 7.2 | CVE-2023-27440 [email protected] |
| openeuler — a-tune-collector |
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0. | 2024-03-25 | 8.1 | CVE-2024-24897 [email protected] [email protected] [email protected] [email protected] |
| openeuler — aops-zeus |
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0. | 2024-03-25 | 7.2 | CVE-2024-24899 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| openeuler — gala-gopher |
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2. | 2024-03-25 | 7.8 | CVE-2024-24890 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| openeuler — isulad |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2. | 2024-03-25 | 7 | CVE-2021-33632 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| openeuler — migration-tools |
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1. | 2024-03-25 | 8.1 | CVE-2024-24892 [email protected] [email protected] |
| opentext — secure_content_manager |
By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. | 2024-03-25 | 8.5 | CVE-2024-1973 [email protected] |
| opentextâ- — zenworks_configuration_management_(zcm) |
Incorrect Authorization vulnerability in OpenTextâ„¢ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4. | 2024-03-27 | 7.4 | CVE-2023-6400 [email protected] |
| ossrs — srs |
SRS is a simple, high-efficiency, real-time video server. SRS’s `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn’t filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121. | 2024-03-28 | 7.2 | CVE-2024-29882 [email protected] [email protected] |
| perfectwpthemes — glaze_blog_lite |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4. | 2024-03-26 | 7.1 | CVE-2023-28687 [email protected] [email protected] [email protected] [email protected] |
| photo_gallery_team — photo_gallery_by_ays |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by Ays: from n/a through 5.5.2. | 2024-03-27 | 7.1 | CVE-2024-29919 [email protected] |
| phpgurukul — emergency_ambulance_hiring_portal |
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability. | 2024-03-30 | 7.3 | CVE-2024-3085 [email protected] [email protected] [email protected] [email protected] |
| phpgurukul — emergency_ambulance_hiring_portal |
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680. | 2024-03-30 | 7.3 | CVE-2024-3087 [email protected] [email protected] [email protected] [email protected] |
| phpgurukul — emergency_ambulance_hiring_portal |
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability. | 2024-03-30 | 7.3 | CVE-2024-3088 [email protected] [email protected] [email protected] [email protected] |
| pi-hole — pi-hole |
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of “Adslists” begins with “file*” it is understood that it is updating from a local file, on the other hand if it does not begin with “file*” depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18. | 2024-03-27 | 7.6 | CVE-2024-28247 [email protected] [email protected] |
| pi-hole — pi-hole |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10. | 2024-03-28 | 7.6 | CVE-2024-30237 [email protected] |
| pickplugins — post_grid |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins Post Grid allows Reflected XSS.This issue affects Post Grid: from n/a through 2.2.74. | 2024-03-29 | 7.1 | CVE-2024-30441 [email protected] |
| pluggabl_llc — booster_for_woocommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7. | 2024-03-27 | 7.1 | CVE-2024-29760 [email protected] |
| podlove — podlove_podcast_publisher |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9. | 2024-03-27 | 7.1 | CVE-2024-29915 [email protected] |
| posimyth — the_plus_blocks_for_block_editor_|_gutenberg |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg allows Reflected XSS.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through 3.2.5. | 2024-03-29 | 7.1 | CVE-2024-30435 [email protected] |
| pretty_links — shortlinks_by_pretty_links |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2. | 2024-03-27 | 7.1 | CVE-2024-29770 [email protected] |
| princeahmed — integrate_google_drive_-_browse_upload_download_embed,_play_share_gallery_and_manage_your_google_drive_files_into_your_wordpress_site |
The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin. | 2024-03-30 | 10 | CVE-2024-2086 [email protected] [email protected] |
| propertyhive — propertyhive |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PropertyHive allows Reflected XSS.This issue affects PropertyHive: from n/a through 2.0.8. | 2024-03-27 | 7.1 | CVE-2024-29923 [email protected] |
| realmag777 — bear |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 BEAR allows Reflected XSS.This issue affects BEAR: from n/a through 1.1.4.2. | 2024-03-28 | 7.1 | CVE-2024-30200 [email protected] |
| realmag777 — husky_-_products_filter_professional_for_woocommerce |
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the ‘type’ parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-03-29 | 7.2 | CVE-2024-3061 [email protected] [email protected] |
| realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf) |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3. | 2024-03-27 | 7.1 | CVE-2024-29763 [email protected] |
| repute_infosystems — armember |
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | 2024-03-28 | 9 | CVE-2024-30223 [email protected] |
| repute_infosystems — armember |
Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | 2024-03-28 | 8.5 | CVE-2024-30222 [email protected] |
| reservation_diary — redi_restaurant_reservation |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. | 2024-03-27 | 7.1 | CVE-2024-29806 [email protected] |
| rockwell_automation — arena_simulation |
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | 2024-03-26 | 7.8 | CVE-2024-21912 [email protected] |
| rockwell_automation — arena_simulation |
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | 2024-03-26 | 7.8 | CVE-2024-21913 [email protected] |
| rockwell_automation — arena_simulation |
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | 2024-03-26 | 7.8 | CVE-2024-21918 [email protected] |
| rockwell_automation — arena_simulation |
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | 2024-03-26 | 7.8 | CVE-2024-21919 [email protected] |
| rockwell_automation — arena_simulation |
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | 2024-03-26 | 7.8 | CVE-2024-2929 [email protected] |
| rockwell_automation_ — powerflex-_527 |
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it. | 2024-03-25 | 7.5 | CVE-2024-2425 [email protected] |
| rockwell_automation_ — powerflex-_527 |
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it. | 2024-03-25 | 7.5 | CVE-2024-2426 [email protected] |
| rockwell_automation_ — powerflex-_527 |
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover. | 2024-03-25 | 7.5 | CVE-2024-2427 [email protected] |
| ruijie — rg-eg350 |
A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the component HTTP POST Request Handler. The manipulation of the argument bandwidth leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2909 [email protected] [email protected] [email protected] [email protected] |
| salon_booking_system — salon_booking_system |
Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5. | 2024-03-29 | 10 | CVE-2024-30510 [email protected] |
| semenov — new_royalslider |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Semenov New RoyalSlider allows Reflected XSS.This issue affects New RoyalSlider: from n/a through 3.4.2. | 2024-03-27 | 7.1 | CVE-2024-30195 [email protected] |
| serverpod — serverpod |
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue. | 2024-03-27 | 7.4 | CVE-2024-29887 [email protected] [email protected] |
| shopup — shipping_with_venipak_for_woocommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5. | 2024-03-27 | 7.1 | CVE-2024-29805 [email protected] |
| sonaar_music — mp3_audio_player_for_music_radio_&_podcast_by_sonaar |
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1. | 2024-03-29 | 7.6 | CVE-2024-30487 [email protected] |
| sourcecodester — music_gallery_site |
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258001 was assigned to this vulnerability. | 2024-03-27 | 7.3 | CVE-2024-2930 [email protected] [email protected] [email protected] [email protected] |
| spiffy_plugins — spiffy_calendar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7. | 2024-03-29 | 7.1 | CVE-2024-30427 [email protected] |
| splunk — splunk_enterprise |
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. | 2024-03-27 | 8.1 | CVE-2024-29946 [email protected] [email protected] |
| splunk — splunk_enterprise |
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. | 2024-03-27 | 7.2 | CVE-2024-29945 [email protected] [email protected] |
| squirrly — seo_plugin_by_squirrly_seo |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16. | 2024-03-27 | 7.1 | CVE-2024-29790 [email protected] |
| stylemix — masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education |
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the ‘wp_ajax_nopriv_stm_lms_register’ AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled. | 2024-03-29 | 9.8 | CVE-2024-2409 [email protected] [email protected] [email protected] |
| stylemix — masterstudy_lms_wordpress_plugin_-_for_online_courses_and_education |
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the ‘modal’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-03-29 | 9.8 | CVE-2024-2411 [email protected] [email protected] [email protected] |
| survey_maker_team — survey_maker |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6. | 2024-03-27 | 7.1 | CVE-2024-29918 [email protected] |
| synology — surveillance_station |
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | 2024-03-28 | 9.9 | CVE-2024-29241 [email protected] |
| synology — surveillance_station |
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2024-03-28 | 7.7 | CVE-2024-29228 [email protected] |
| synology — surveillance_station |
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2024-03-28 | 7.7 | CVE-2024-29229 [email protected] |
| sysaid — sysaid |
SysAid before version 23.2.14 b18 – CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user’s NTLMv2 hash | 2024-03-28 | 7.2 | CVE-2024-27775 [email protected] |
| teamviewer — remote_client |
Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink. | 2024-03-26 | 7.1 | CVE-2024-1933 [email protected] |
| tenda — ac10_firmware |
A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-24 | 9.8 | CVE-2024-2856 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac10u_firmware |
A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-24 | 9.8 | CVE-2024-2853 [email protected] [email protected] [email protected] |
| tenda — ac15_firmware |
A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-24 | 9.8 | CVE-2024-2850 [email protected] [email protected] [email protected] |
| tenda — ac15_firmware |
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-24 | 9.8 | CVE-2024-2851 [email protected] [email protected] [email protected] |
| tenda — ac15_firmware |
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-24 | 9.8 | CVE-2024-2852 [email protected] [email protected] [email protected] |
| tenda — ac15_firmware |
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-24 | 9.8 | CVE-2024-2855 [email protected] [email protected] [email protected] |
| tenda — ac18_firmware |
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-24 | 9.8 | CVE-2024-2854 [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2891 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2892 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2893 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. This affects the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2894 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. This vulnerability affects the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257938 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2895 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. This issue affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257939. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2896 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2898 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257942 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2899 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257943. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2900 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257944. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2901 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257945 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2902 [email protected] [email protected] [email protected] [email protected] |
| tenda — ac7 |
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257946 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 8.8 | CVE-2024-2903 [email protected] [email protected] [email protected] [email protected] |
| tenda — f1203 |
A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2976 [email protected] [email protected] [email protected] [email protected] |
| tenda — f1203 |
A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2977 [email protected] [email protected] [email protected] [email protected] |
| tenda — f1203 |
A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2978 [email protected] [email protected] [email protected] [email protected] |
| tenda — f1203 |
A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2979 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2980 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2981 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2983 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2984 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2985 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2986 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2987 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability classified as critical was found in Tenda FH1203 2.0.1.6. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2988 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability, which was classified as critical, has been found in Tenda FH1203 2.0.1.6. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2989 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1203 |
A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. This affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2990 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1203 |
A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2992 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1203 |
A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classified as critical. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2993 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1203 |
A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258163. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-2994 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1205 |
A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromSetRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument entrys leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258292. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-3006 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1205 |
A vulnerability, which was classified as critical, has been found in Tenda FH1205 2.0.0.7(775). This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258293 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-3007 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1205 |
A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258294 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 8.8 | CVE-2024-3008 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1205 |
A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-28 | 8.8 | CVE-2024-3010 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1205 |
A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258297 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-28 | 8.8 | CVE-2024-3011 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1205 |
A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as critical. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258298 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-28 | 8.8 | CVE-2024-3012 [email protected] [email protected] [email protected] [email protected] |
| teosoft_software — teobase |
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 9.8 | CVE-2023-6153 [email protected] |
| teosoft_software — teobase |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in TeoSOFT Software TeoBASE allows SQL Injection.This issue affects TeoBASE: through 27032024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 9.8 | CVE-2023-6173 [email protected] |
| terry_lin — wp_githuber_md |
Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2. | 2024-03-26 | 9.1 | CVE-2023-47846 [email protected] |
| themefusion — avada |
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | 2024-03-26 | 8.5 | CVE-2023-39307 [email protected] |
| themefusion — avada |
Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | 2024-03-28 | 7.7 | CVE-2023-39313 [email protected] |
| themefusion — fusion_builder |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. | 2024-03-28 | 8.5 | CVE-2023-39309 [email protected] |
| themefusion — fusion_builder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1. | 2024-03-27 | 7.1 | CVE-2023-39306 [email protected] |
| themefusion — fusion_builder |
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. | 2024-03-27 | 7.1 | CVE-2023-39311 [email protected] |
| thorsten — phpmyfaq |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the “Add News” functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP’s `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6. | 2024-03-25 | 8.8 | CVE-2024-27299 [email protected] [email protected] [email protected] |
| thorsten — phpmyfaq |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6. | 2024-03-25 | 8.8 | CVE-2024-28107 [email protected] [email protected] |
| thorsten — phpmyfaq |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6. | 2024-03-25 | 7.2 | CVE-2024-28105 [email protected] [email protected] |
| tomas — wordpress_tooltips |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5. | 2024-03-28 | 8.5 | CVE-2024-30243 [email protected] |
| tp-link — tp-link_ex20v_ax1800_tp-link_archer_c5v_ac1200_tp-link_td-w9970_tp-link_td-w9970v3_tp-link_vx220-g2u_tp-link_vn020-g2u_ |
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command Injection.This issue affects TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3 : through 20240328. Also the vulnerability continues in the TP-Link VX220-G2u and TP-Link VN020-G2u models due to the products not being produced and supported. | 2024-03-28 | 9.8 | CVE-2023-6437 [email protected] |
| trustindex.io — widgets_for_google_reviews |
Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2. | 2024-03-26 | 8 | CVE-2023-48275 [email protected] |
| trustindex.io — wp_testimonials |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3. | 2024-03-28 | 7.6 | CVE-2024-25924 [email protected] |
| tumult_inc. — tumult_hype_animations |
Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12. | 2024-03-28 | 9.1 | CVE-2024-2890 [email protected] |
| typps — calendarista |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7. | 2024-03-28 | 8.5 | CVE-2024-30240 [email protected] |
| unlimited_elements — unlimited_elements_for_elementor_(free_widgets_addons,_templates) |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.93. | 2024-03-27 | 7.1 | CVE-2024-29792 [email protected] |
| venalean — tuleap |
Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6. | 2024-03-29 | 7.6 | CVE-2024-30246 [email protected] [email protected] [email protected] [email protected] |
| verapdf — verapdf-library |
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This vulnerability is fixed in 1.24.2. | 2024-03-28 | 8.1 | CVE-2024-28109 [email protected] [email protected] [email protected] [email protected] [email protected] |
| vsourz_digital — all_in_one_redirection |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vsourz Digital All In One Redirection allows Stored XSS.This issue affects All In One Redirection: from n/a through 2.2.0. | 2024-03-29 | 7.1 | CVE-2024-30506 [email protected] |
| w3_eden_inc. — premium_packages |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through 5.8.2. | 2024-03-27 | 7.1 | CVE-2024-29924 [email protected] |
| wapppress_team — wapppress |
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. | 2024-03-27 | 10 | CVE-2023-49815 [email protected] |
| webdzier — button |
The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-03-29 | 8.8 | CVE-2024-1872 [email protected] [email protected] |
| webtoffee — product_import_export_for_woocommerce |
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. | 2024-03-26 | 9.1 | CVE-2024-30231 [email protected] |
| webtoffee — woocommerce_pdf_invoices,_packing_slips,_delivery_notes_and_shipping_labels |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0. | 2024-03-27 | 7.1 | CVE-2024-22288 [email protected] |
| wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting |
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the ’email’ parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-03-29 | 8.8 | CVE-2024-0608 [email protected] [email protected] |
| wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting |
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-29 | 7.2 | CVE-2024-0609 [email protected] [email protected] |
| wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting |
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied status and customer_id parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges and higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-03-29 | 7.2 | CVE-2024-0913 [email protected] [email protected] |
| wedevs — wp_erp_|_complete_hr_solution_with_recruitment_&_job_listings_|_woocommerce_crm_&_accounting |
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin or accounting manager privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-03-29 | 7.2 | CVE-2024-0956 [email protected] [email protected] |
| wen_solutions — wp_child_theme_generator |
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9. | 2024-03-26 | 9.1 | CVE-2023-47873 [email protected] |
| wholesale_team — wholesalex |
Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. | 2024-03-28 | 10 | CVE-2024-30224 [email protected] |
| wireshark_foundation — wireshark |
NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file | 2024-03-26 | 7.8 | CVE-2023-6175 [email protected] [email protected] |
| wireshark_foundation — wireshark |
T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file | 2024-03-26 | 7.8 | CVE-2024-2955 [email protected] [email protected] |
| wixtoolset — issues
|
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:WindowsTemp to drop and load multiple binaries. Standard users can hijack the binary before it’s loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5. | 2024-03-24 | 7.3 | CVE-2024-29187 [email protected] [email protected] [email protected] |
| wixtoolset — issues |
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX’s `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5. | 2024-03-24 | 7.9 | CVE-2024-29188 [email protected] [email protected] [email protected] |
| wobbie.nl — doneren_met_mollie |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wobbie.Nl Doneren met Mollie allows Reflected XSS.This issue affects Doneren met Mollie: from n/a through 2.10.2. | 2024-03-27 | 7.1 | CVE-2024-29767 [email protected] |
| wolfssl — wolfssl |
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. | 2024-03-25 | 7.5 | CVE-2024-0901 [email protected] [email protected] |
| wolfssl_inc. — wolfssh |
A vulnerability was found in wolfSSH’s server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access. | 2024-03-25 | 9.1 | CVE-2024-2873 [email protected] [email protected] [email protected] |
| wp_codeus — advanced_sermons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.1. | 2024-03-27 | 7.1 | CVE-2024-29928 [email protected] |
| wp_go_maps_(formerly_wp_google_maps) — wp_google_maps |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29. | 2024-03-27 | 7.1 | CVE-2024-29931 [email protected] |
| wp_lab — wp-lister_lite_for_amazon |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.8. | 2024-03-27 | 7.1 | CVE-2024-30199 [email protected] |
| wp_sunshine — sunshine_photo_cart |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. | 2024-03-27 | 7.1 | CVE-2024-30194 [email protected] |
| wp_travel_engine — wp_travel_engine |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. | 2024-03-29 | 9.3 | CVE-2024-30502 [email protected] |
| wp_travel_engine — wp_travel_engine |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. | 2024-03-29 | 7.6 | CVE-2024-30504 [email protected] |
| wpchill — download_monitor |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4. | 2024-03-29 | 7.6 | CVE-2024-30501 [email protected] |
| wpdevelop_/_oplugins — booking_calendar |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3. | 2024-03-26 | 7.6 | CVE-2023-23991 [email protected] |
| wpdeveloper — betterdocs |
Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. | 2024-03-28 | 9 | CVE-2024-30226 [email protected] |
| wpdevteam — essential_addons_for_elementor_-_best_elementor_templates,_widgets_kits_&_woocommerce_builders |
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the ‘error_resetpassword’ attribute of the “Login | Register Form” widget (disabled by default). This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-03-30 | 8.8 | CVE-2024-3018 [email protected] [email protected] |
| wpdirectorykit — wp_directory_kit |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9. | 2024-03-27 | 7.1 | CVE-2024-29774 [email protected] |
| wpengine,_inc. — wp_migrate |
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. | 2024-03-28 | 10 | CVE-2024-30225 [email protected] |
| wpeverest — user_registration |
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. | 2024-03-26 | 7.4 | CVE-2023-27459 [email protected] |
| wpjobboard — jobeleon_theme |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1. | 2024-03-29 | 7.1 | CVE-2022-47153 [email protected] |
| wpmu_dev — forminator |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPMU DEV Forminator allows Reflected XSS.This issue affects Forminator: from n/a through 1.29.0. | 2024-03-27 | 7.1 | CVE-2024-29777 [email protected] |
| xpeedstudio — elementskit_elementor_addons |
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-03-30 | 8.8 | CVE-2024-2047 [email protected] [email protected] [email protected] |
| xylus_themes — wordpress_importer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4. | 2024-03-27 | 7.1 | CVE-2024-30201 [email protected] |
| zachary_segal — catablog |
Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | 2024-03-26 | 9.1 | CVE-2023-47842 [email protected] |
| zitadel — zitadel |
ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim’s account in certain scenarios. A possible victim would need to directly open the supposed image in the browser, where a session in ZITADEL needs to be active for this exploit to work. The exploit could only be reproduced if the victim was using Firefox. Chrome, Safari as well as Edge did not execute the code. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17. | 2024-03-27 | 8.7 | CVE-2024-29891 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| zoho_campaigns — zoho_campaigns |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6. | 2024-03-28 | 8.5 | CVE-2024-30239 [email protected] |
| zscaler — client_connector |
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later. | 2024-03-26 | 7.3 | CVE-2023-41969 [email protected] |
| zscaler — client_connector |
In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later. | 2024-03-26 | 7.3 | CVE-2023-41972 [email protected] |
| zscaler — client_connector |
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later. | 2024-03-26 | 7.3 | CVE-2023-41973 [email protected] |
| zscaler — client_connector |
The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later. | 2024-03-26 | 7 | CVE-2024-23482 [email protected] |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 10web — photogallery
|
The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue. Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited. | 2024-03-26 | 6.1 | CVE-2024-29832 [email protected] [email protected] |
| 10web — photogallery |
The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. | 2024-03-26 | 5.4 | CVE-2024-29808 [email protected] [email protected] |
| 10web — photogallery |
The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. | 2024-03-26 | 5.4 | CVE-2024-29809 [email protected] [email protected] |
| 10web — photogallery |
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. | 2024-03-26 | 5.4 | CVE-2024-29810 [email protected] [email protected] |
| 10web — photogallery |
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users. | 2024-03-26 | 5.4 | CVE-2024-29833 [email protected] [email protected] |
| accessally — popupally |
Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. | 2024-03-26 | 4.3 | CVE-2024-23520 [email protected] |
| algoritim — e-commerce_software |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2. | 2024-03-29 | 6.1 | CVE-2023-6047 [email protected] |
| alireza_sedghi — aparat_for_wordpress
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0. | 2024-03-27 | 6.5 | CVE-2024-29765 [email protected] |
| all_in_one_wp_security_&_firewall_team — all_in_one_wp_security_&_firewall |
Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.6. | 2024-03-29 | 4.3 | CVE-2024-30468 [email protected] |
| alordiel — dropdown_multisite_selector
|
A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 6.3 | CVE-2024-2991 [email protected] [email protected] [email protected] [email protected] |
| alordiel — dropdown_multisite_selector
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2. | 2024-03-27 | 6.5 | CVE-2024-29910 [email protected] |
| aminur_islam — wp_change_email_sender |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0. | 2024-03-27 | 5.9 | CVE-2024-29815 [email protected] |
| ampache — ampache |
Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.1 | 2024-03-27 | 6.1 | CVE-2024-28852 [email protected] [email protected] |
| andy_moyle — church_admin
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17. | 2024-03-27 | 6.5 | CVE-2024-30193 [email protected] |
| andy_moyle — church_admin
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26. | 2024-03-27 | 6.5 | CVE-2024-30197 [email protected] |
| andy_moyle — church_admin |
Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18. | 2024-03-29 | 5.4 | CVE-2024-30505 [email protected] |
| andy_moyle — church_admin |
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7. | 2024-03-29 | 4.3 | CVE-2024-30493 [email protected] |
| antoine_hurkmans — football_pool
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3. | 2024-03-27 | 6.5 | CVE-2024-29802 [email protected] |
| appneta — tcpreplay |
A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-28 | 5.3 | CVE-2024-3024 [email protected] [email protected] [email protected] [email protected] [email protected] |
| appsmav — gratisfaction
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Appsmav Gratisfaction allows Stored XSS.This issue affects Gratisfaction: from n/a through 4.3.4. | 2024-03-27 | 6.5 | CVE-2024-29798 [email protected] |
| argoproj — argo-cd
|
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it’s possible to crash the repo server component through an out of memory error by pointing it to a malicious Helm registry. The loadRepoIndex() function in the ArgoCD’s helm package, does not limit the size nor time while fetching the data. It fetches it and creates a byte slice from the retrieved data in one go. If the registry is implemented to push data continuously, the repo server will keep allocating memory until it runs out of it. A patch for this vulnerability has been released in v2.10.3, v2.9.8, and v2.8.12. | 2024-03-29 | 6.5 | CVE-2024-29893 [email protected] [email protected] [email protected] [email protected] |
| athemes — sydney_toolbox
|
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-29 | 6.4 | CVE-2024-2936 [email protected] [email protected] |
| automationdirect — c-more_ea9_hmi_ea9-t6cl |
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device. | 2024-03-26 | 6.5 | CVE-2024-25138 [email protected] |
| automationdirect — c-more_ea9_hmi_ea9-t6cl |
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can lead to denial-of-service conditions. | 2024-03-26 | 4.3 | CVE-2024-25137 [email protected] |
| azure — azure-c-shared-utility
|
The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2. | 2024-03-26 | 6 | CVE-2024-29195 [email protected] [email protected] |
| backie — wp-eggdrop |
The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptions() function. This makes it possible for unauthenticated attackers to update the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-03-29 | 5.4 | CVE-2024-2969 [email protected] [email protected] |
| backie — wp-eggdrop |
The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-03-29 | 4.4 | CVE-2024-2968 [email protected] [email protected] |
| baptiste_placé — icalendrier
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Baptiste Placé iCalendrier allows Stored XSS.This issue affects iCalendrier: from n/a through 1.80. | 2024-03-27 | 6.5 | CVE-2024-29912 [email protected] |
| bdthemes — element_pack_elementor_addons
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3. | 2024-03-27 | 6.5 | CVE-2024-30185 [email protected] |
| bdthemes — prime_slider_-_addons_for_elementor
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1. | 2024-03-27 | 6.5 | CVE-2024-30186 [email protected] |
| betteraddons — better_elementor_addons
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BetterAddons Better Elementor Addons allows Stored XSS.This issue affects Better Elementor Addons: from n/a through 1.3.7. | 2024-03-29 | 6.5 | CVE-2024-30423 [email protected] |
| blocksera — image_hover_effects_-_elementor_addon
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4. | 2024-03-27 | 6.5 | CVE-2024-29936 [email protected] |
| boldgrid — boldgrid_easy_seo_-_simple_and_effective_seo |
The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-1692 [email protected] [email protected] |
| boldgrid — post_and_page_builder_by_boldgrid_-_visual_drag_and_drop_editor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2. | 2024-03-26 | 6.5 | CVE-2024-2888 [email protected] |
| boldthemes — bold_page_builder
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6. | 2024-03-27 | 6.5 | CVE-2024-30179 [email protected] |
| boldthemes — bold_page_builder
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.8.0. | 2024-03-29 | 6.5 | CVE-2024-30442 [email protected] |
| booster — booster_plus_for_woocommerce |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. | 2024-03-28 | 6.5 | CVE-2023-52231 [email protected] |
| booster — booster_plus_for_woocommerce |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.This issue affects Booster Elite for WooCommerce: from n/a before 7.1.2. | 2024-03-28 | 6.5 | CVE-2023-52234 [email protected] |
| bplugins — b_slider_-_slider_for_your_block_editor
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins B Slider – Slider for your block editor allows Stored XSS.This issue affects B Slider – Slider for your block editor: from n/a through 1.1.12. | 2024-03-29 | 6.5 | CVE-2024-30432 [email protected] |
| bplugins — print_page_block
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bPlugins Print Page block allows Stored XSS.This issue affects Print Page block: from n/a through 1.0.8. | 2024-03-29 | 6.5 | CVE-2024-30438 [email protected] |
| brainstorm_force — astra |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4. | 2024-03-27 | 5.9 | CVE-2024-29768 [email protected] |
| brainstormforce — ultimate_addons_for_beaver_builder_-_lite | The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-2141 [email protected] [email protected] [email protected] |
| brainstormforce — ultimate_addons_for_beaver_builder_-_lite | The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-2142 [email protected] [email protected] [email protected] |
| brainstormforce — ultimate_addons_for_beaver_builder_-_lite | The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-2143 [email protected] [email protected] |
| brainstormforce — ultimate_addons_for_beaver_builder_-_lite | The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-2144 [email protected] [email protected] [email protected] |
| brainstormforce — ultimate_addons_for_beaver_builder_-_lite |
The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-2140 [email protected] [email protected] |
| brave — brave_popup_builder |
Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5. | 2024-03-29 | 5.4 | CVE-2024-30453 [email protected] |
| brice_capobianco — simple_revisions_delete |
Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3. | 2024-03-29 | 4.3 | CVE-2024-30482 [email protected] |
| camille_verrier — travelers’_map
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Camille Verrier Travelers’ Map allows Stored XSS.This issue affects Travelers’ Map: from n/a through 2.2.0. | 2024-03-27 | 6.5 | CVE-2024-29909 [email protected] |
| campcodes — house_rental_management_system |
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983. | 2024-03-26 | 5.4 | CVE-2024-2917 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_art_gallery_management_system
|
A vulnerability classified as critical has been found in Campcodes Online Art Gallery Management System 1.0. This affects an unknown part of the file /admin/adminHome.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258201 was assigned to this vulnerability. | 2024-03-27 | 6.3 | CVE-2024-2999 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_examination_system
|
A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258029 was assigned to this vulnerability. | 2024-03-27 | 6.3 | CVE-2024-2938 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_examination_system
|
A vulnerability, which was classified as critical, has been found in Campcodes Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpanel/admin/query/loginExe.php. The manipulation of the argument pass leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258032. | 2024-03-27 | 6.3 | CVE-2024-2941 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_examination_system
|
A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. This affects an unknown part of the file /adminpanel/admin/query/deleteQuestionExe.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258033 was assigned to this vulnerability. | 2024-03-27 | 6.3 | CVE-2024-2942 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_examination_system
|
A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/deleteExamExe.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258034 is the identifier assigned to this vulnerability. | 2024-03-27 | 6.3 | CVE-2024-2943 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_examination_system
|
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. This issue affects some unknown processing of the file /adminpanel/admin/query/deleteCourseExe.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258035. | 2024-03-27 | 6.3 | CVE-2024-2944 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_examination_system
|
A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036. | 2024-03-27 | 6.3 | CVE-2024-2945 [email protected] [email protected] [email protected] [email protected] |
| carrierwaveuploader — carrierwave |
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn’t fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what’s allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6. | 2024-03-24 | 6.8 | CVE-2024-29034 [email protected] [email protected] |
| cartflows_inc. — funnel_builder_by_cartflows |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through 2.0.1. | 2024-03-27 | 5.9 | CVE-2024-29813 [email protected] |
| cincopa — post_video_players |
Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159. | 2024-03-27 | 5.4 | CVE-2024-23515 [email protected] |
| cisco — cisco_aironet_access_point_software |
A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition. | 2024-03-27 | 4.7 | CVE-2024-20354 [email protected] |
| cisco — cisco_digital_network_architecture_center_(dna_center) |
A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field. | 2024-03-27 | 4.3 | CVE-2024-20333 [email protected] |
| cisco — cisco_ios_xe_software |
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root. | 2024-03-27 | 6.5 | CVE-2024-20278 [email protected] |
| cisco — cisco_ios_xe_software |
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system. | 2024-03-27 | 6 | CVE-2024-20306 [email protected] |
| cisco — cisco_ios_xe_software |
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised. | 2024-03-27 | 5.9 | CVE-2024-20265 [email protected] |
| cisco — cisco_ios_xe_software |
A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition. | 2024-03-27 | 5.6 | CVE-2024-20309 [email protected] |
| cisco — cisco_ios_xe_software |
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device. | 2024-03-27 | 5.8 | CVE-2024-20316 [email protected] |
| cisco — cisco_ios_xe_software |
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access. | 2024-03-27 | 5.5 | CVE-2024-20324 [email protected] |
| cisco — ios |
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. | 2024-03-27 | 6.8 | CVE-2024-20307 [email protected] |
| cloudways — breeze |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cloudways Breeze allows Stored XSS.This issue affects Breeze: from n/a through 2.1.3. | 2024-03-27 | 5.9 | CVE-2024-27188 [email protected] |
| code-projects — online_book_system
|
A vulnerability, which was classified as critical, has been found in code-projects Online Book System 1.0. This issue affects some unknown processing of the file /Product.php. The manipulation of the argument value leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258203. | 2024-03-27 | 6.3 | CVE-2024-3001 [email protected] [email protected] [email protected] [email protected] |
| code-projects — online_book_system
|
A vulnerability, which was classified as critical, was found in code-projects Online Book System 1.0. Affected is an unknown function of the file /description.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258204. | 2024-03-27 | 6.3 | CVE-2024-3002 [email protected] [email protected] [email protected] [email protected] |
| code-projects — online_book_system
|
A vulnerability has been found in code-projects Online Book System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cart.php. The manipulation of the argument quantity/remove leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258205 was assigned to this vulnerability. | 2024-03-27 | 6.3 | CVE-2024-3003 [email protected] [email protected] [email protected] [email protected] |
| codepeople — google_maps_cp |
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43. | 2024-03-25 | 4.3 | CVE-2023-25039 [email protected] |
| codesupplyco — networker_-_tech_news_wordpress_theme_with_dark_mode |
The Networker – Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus. | 2024-03-27 | 5.3 | CVE-2024-2962 [email protected] [email protected] [email protected] |
| codexthemes — thegem_(elementor) |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. | 2024-03-26 | 6.5 | CVE-2023-32237 [email protected] [email protected] |
| collect.chat_inc. — collectchat
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Collect.Chat Inc. Collectchat allows Stored XSS.This issue affects Collectchat: from n/a through 2.4.1. | 2024-03-29 | 6.5 | CVE-2024-30436 [email protected] |
| crm_perks — crm_perks_forms
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4. | 2024-03-29 | 6.5 | CVE-2024-30446 [email protected] |
| currencyrate.today — crypto_converter_widget
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.4. | 2024-03-27 | 6.5 | CVE-2024-29930 [email protected] |
| currencyrate.today — exchange_rates_widget
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CurrencyRate.Today Exchange Rates Widget allows Stored XSS.This issue affects Exchange Rates Widget: from n/a through 1.4.0. | 2024-03-27 | 6.5 | CVE-2024-29814 [email protected] |
| cyberaz0r — webrat |
A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability. | 2024-03-24 | 6.3 | CVE-2020-36825 [email protected] [email protected] [email protected] |
| dearhive — dearflip
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DearHive DearFlip allows Stored XSS.This issue affects DearFlip: from n/a through 2.2.26. | 2024-03-27 | 6.5 | CVE-2024-29807 [email protected] |
| deepak_anand — wp_dummy_content_generator |
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2. | 2024-03-26 | 4.3 | CVE-2024-24805 [email protected] |
| dell — dell_openmanage_enterprise |
Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application. | 2024-03-29 | 5.7 | CVE-2024-25944 [email protected] |
| dell — grab_for_windows |
Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption. | 2024-03-26 | 6.7 | CVE-2024-25958 [email protected] |
| dell — grab_for_windows |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0. | 2024-03-26 | 5.9 | CVE-2023-25965 [email protected] |
| dell — grab_for_windows |
Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information. | 2024-03-26 | 5.5 | CVE-2024-25956 [email protected] |
| dell — grab_for_windows |
Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges. | 2024-03-26 | 4.8 | CVE-2024-25957 [email protected] |
| dell — powerprotect_data_manager |
Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. | 2024-03-28 | 5.5 | CVE-2024-25971 [email protected] |
| dell — powerscale_onefs |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 2024-03-28 | 6 | CVE-2024-25952 [email protected] |
| dell — powerscale_onefs |
Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 2024-03-28 | 6 | CVE-2024-25953 [email protected] |
| dell — powerscale_onefs |
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | 2024-03-28 | 6 | CVE-2024-25961 [email protected] |
| dell — powerscale_onefs |
Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | 2024-03-28 | 5.3 | CVE-2024-25954 [email protected] |
| dell — powerscale_onefs |
Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure. | 2024-03-28 | 5.9 | CVE-2024-25963 [email protected] |
| dell — powerscale_onefs |
Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | 2024-03-25 | 5.3 | CVE-2024-25964 [email protected] |
| dglingren — media_library_assistant |
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-29 | 6.4 | CVE-2024-2475 [email protected] [email protected] [email protected] [email protected] |
| easy_social_feed — easy_social_feed
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3. | 2024-03-27 | 6.5 | CVE-2024-30180 [email protected] |
| elastic — elasticsearch |
An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files. | 2024-03-29 | 4.3 | CVE-2024-23449 [email protected] |
| elastic — elasticsearch |
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. | 2024-03-27 | 4.9 | CVE-2024-23450 [email protected] [email protected] |
| elastic — elasticsearch |
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue. | 2024-03-27 | 4.4 | CVE-2024-23451 [email protected] |
| envialosimple — envÃÂÂalosimple |
Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvÃÂaloSimple.This issue affects EnvÃÂaloSimple: from n/a through 2.3. | 2024-03-26 | 6.5 | CVE-2023-51416 [email protected] |
| epsiloncool — wp_fast_total_search
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Epsiloncool WP Fast Total Search allows Stored XSS.This issue affects WP Fast Total Search: from n/a through 1.59.211. | 2024-03-27 | 6.5 | CVE-2024-29799 [email protected] |
| espressif — esp-idf |
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1. | 2024-03-25 | 6.1 | CVE-2024-28183 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| exclusive_addons — exclusive_addons_elementor
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8. | 2024-03-27 | 6.5 | CVE-2024-30177 [email protected] |
| exclusive_addons — exclusive_addons_elementor
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9. | 2024-03-26 | 6.5 | CVE-2024-30232 [email protected] |
| expressjs — express |
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3. | 2024-03-25 | 6.1 | CVE-2024-29041 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| extend_themes — calliope | Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33. | 2024-03-26 | 4.3 | CVE-2024-2904 [email protected] |
| extendthemes — colibri_page_builder |
Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. | 2024-03-28 | 5.4 | CVE-2024-28004 [email protected] |
| fernandobt — list_category_posts |
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘catlist’ shortcode in all versions up to, and including, 0.89.6 due to insufficient input sanitization and output escaping on user supplied attributes like ‘title_tag’. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-1051 [email protected] [email protected] [email protected] |
| flector — easy_textillate |
The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘textillate’ shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-26 | 6.4 | CVE-2024-2303 [email protected] [email protected] |
| flir — ax8
|
A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User Registration. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258299. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-28 | 6.3 | CVE-2024-3013 [email protected] [email protected] [email protected] [email protected] |
| fr-d-ric_gilles — fg_prestashop_to_woocommerce |
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. | 2024-03-29 | 5.3 | CVE-2024-30511 [email protected] |
| gamipress — gamipress |
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5. | 2024-03-29 | 4.3 | CVE-2024-30455 [email protected] |
| geonode — geonode |
GeoNode is a geospatial content management system, a platform for the management and publication of geospatial data. An issue exists within GEONODE where the current rich text editor is vulnerable to Stored XSS. The applications cookies are set securely, but it is possible to retrieve a victims CSRF token and issue a request to change another user’s email address to perform a full account takeover. Due to the script element not impacting the CORS policy, requests will succeed. This vulnerability is fixed in 4.2.3. | 2024-03-27 | 6.1 | CVE-2024-27091 [email protected] [email protected] |
| ghozylab_inc. — web_icons
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. | 2024-03-27 | 6.5 | CVE-2024-29933 [email protected] |
| ghozylab_inc. — web_icons
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. | 2024-03-29 | 6.5 | CVE-2024-30445 [email protected] |
| gitlab — gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels. | 2024-03-28 | 4.3 | CVE-2024-2818 [email protected] |
| grafana — grafana |
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized. Grafana Labs would like to thank Ravid Mazon and Jay Chen of Palo Alto Research for discovering and disclosing this vulnerability. This issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. | 2024-03-26 | 6.5 | CVE-2024-1313 [email protected] |
| gs_plugins — gs_testimonial_slider
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GS Plugins GS Testimonial Slider allows Stored XSS.This issue affects GS Testimonial Slider: from n/a through 3.1.4. | 2024-03-29 | 6.5 | CVE-2024-30443 [email protected] |
| hans_matzen — wp-forecast
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hans Matzen allows Stored XSS.This issue affects wp-forecast: from n/a through 9.2. | 2024-03-29 | 6.5 | CVE-2024-30429 [email protected] |
| hashthemes — hash_elements
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HashThemes Hash Elements allows Stored XSS.This issue affects Hash Elements: from n/a through 1.3.3. | 2024-03-29 | 6.5 | CVE-2024-30426 [email protected] |
| hashthemes — viral_news |
Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0. | 2024-03-25 | 4.3 | CVE-2023-33923 [email protected] [email protected] [email protected] |
| hastheme — wishsuite
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasTheme WishSuite allows Stored XSS.This issue affects WishSuite: from n/a through 1.3.7. | 2024-03-27 | 6.5 | CVE-2024-29927 [email protected] |
| hasthemes — ht_mega
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3. | 2024-03-27 | 6.5 | CVE-2024-30182 [email protected] |
| hasthemes — wc_builder
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HasThemes WC Builder allows Stored XSS.This issue affects WC Builder: from n/a through 1.0.18. | 2024-03-27 | 6.5 | CVE-2024-29926 [email protected] |
| hewlett_packard_enterprise_(hpe) — arubaos-s_switch |
Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon | 2024-03-26 | 4.9 | CVE-2024-26303 [email protected] |
| hewlett_packard_enterprise_(hpe) — icewall_gen11_icewall_sso_agent |
A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service. | 2024-03-26 | 6.5 | CVE-2024-22436 [email protected] |
| hitachi_energy — asset_suite_eam |
REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential combinations. | 2024-03-27 | 5.3 | CVE-2024-2244 [email protected] |
| hitachi_energy — rtu500_series_cmu_firmware |
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file. | 2024-03-27 | 6.8 | CVE-2024-1532 [email protected] |
| hot_themes — hot_random_image
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Hot Themes Hot Random Image allows Stored XSS.This issue affects Hot Random Image: from n/a through 1.8.1. | 2024-03-27 | 6.5 | CVE-2024-29796 [email protected] |
| htdat — woo_viet |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2. | 2024-03-27 | 5.9 | CVE-2024-29816 [email protected] |
| https://elementor.com/ — elementor_website_builder_pro |
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget’s custom_id in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-27 | 6.4 | CVE-2024-1364 [email protected] [email protected] |
| https://elementor.com/ — elementor_website_builder_pro |
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an SVGZ file uploaded via the Form widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is only exploitable on web servers running NGINX. It is not exploitable on web servers running Apache HTTP Server. | 2024-03-27 | 6.4 | CVE-2024-1521 [email protected] [email protected] |
| https://elementor.com/ — elementor_website_builder_pro |
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_html_tag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-27 | 6.4 | CVE-2024-2781 [email protected] [email protected] |
| https://elementor.com/ — elementor_website_builder_pro |
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Post Navigation widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-27 | 5.4 | CVE-2024-2120 [email protected] [email protected] |
| https://elementor.com/ — elementor_website_builder_pro |
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Media Carousel widget in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-27 | 5.4 | CVE-2024-2121 [email protected] [email protected] |
| ibm — app_connect_enterprise |
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893. | 2024-03-26 | 4.9 | CVE-2024-22356 [email protected] [email protected] |
| ibm — qradar_siem |
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893. | 2024-03-27 | 5.4 | CVE-2024-28784 [email protected] [email protected] |
| ibm — qradar_siem |
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939. | 2024-03-27 | 4.8 | CVE-2023-50961 [email protected] [email protected] |
| ibm — websphere_application_server_liberty |
IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576. | 2024-03-27 | 4.7 | CVE-2024-27270 [email protected] [email protected] |
| ideaboxcreations — powerpack_addons_for_elementor_(free_widgets_extensions_and_templates) |
The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-2491 [email protected] [email protected] |
| infinitum_form — geo_controller
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in INFINITUM FORM Geo Controller allows Stored XSS.This issue affects Geo Controller: from n/a through 8.6.4. | 2024-03-29 | 6.5 | CVE-2024-30451 [email protected] |
| inspirythemes — realhomes |
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2. | 2024-03-25 | 5.4 | CVE-2023-37886 [email protected] |
| inspirythemes — realhomes |
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2. | 2024-03-25 | 4.3 | CVE-2023-37885 [email protected] |
| interfacelab — media_cloud_for_amazon_s3_imgix_google_cloud_storage_digitalocean_spaces_and_more
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Interfacelab Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more allows Stored XSS.This issue affects Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more: from n/a through 4.5.24. | 2024-03-27 | 6.5 | CVE-2024-29795 [email protected] |
| jeff_starr — user_submitted_posts |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901. | 2024-03-26 | 6.5 | CVE-2023-7251 [email protected] |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | 2024-03-28 | 6.5 | CVE-2024-31134 [email protected] |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | 2024-03-28 | 6.1 | CVE-2024-31135 [email protected] |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | 2024-03-28 | 6.8 | CVE-2024-31137 [email protected] |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | 2024-03-28 | 5.9 | CVE-2024-31139 [email protected] |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | 2024-03-28 | 4.6 | CVE-2024-31138 [email protected] |
| jetbrains — teamcity |
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | 2024-03-28 | 4.1 | CVE-2024-31140 [email protected] |
| jewel_theme — master_addons_for_elementor
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | 2024-03-27 | 6.5 | CVE-2024-29911 [email protected] |
| jordy_meow — ai_engine:_chatgpt_chatbot
|
Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4. | 2024-03-28 | 6.8 | CVE-2024-29090 [email protected] |
| jory_hogeveen — off-canvas_sidebars_&_menus_(slidebars)
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1. | 2024-03-27 | 6.5 | CVE-2024-29762 [email protected] |
| jumpserver — jumpserver |
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data. This vulnerability is fixed in v3.10.6. | 2024-03-29 | 4.6 | CVE-2024-29020 [email protected] |
| jumpserver — jumpserver |
JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager’s bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. This vulnerability is fixed in v3.10.6. | 2024-03-29 | 4.6 | CVE-2024-29024 [email protected] |
| katex — katex |
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user’s KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability. | 2024-03-25 | 6.5 | CVE-2024-28243 [email protected] [email protected] |
| katex — katex |
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `def` or `newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for “Unicode (sub|super)script characters” allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10. | 2024-03-25 | 6.5 | CVE-2024-28244 [email protected] [email protected] |
| katex — katex |
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability. | 2024-03-25 | 6.3 | CVE-2024-28245 [email protected] [email protected] |
| katex — katex |
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX’s `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== ‘javascript’`. Upgrade to KaTeX v0.16.10 to remove this vulnerability. | 2024-03-25 | 5.5 | CVE-2024-28246 [email protected] [email protected] |
| kienso — co-marquage_service-public.fr
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kienso Co-marquage service-public.Fr allows Stored XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.71. | 2024-03-27 | 6.5 | CVE-2024-29908 [email protected] |
| kimai — kimai
|
Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0. | 2024-03-28 | 6.8 | CVE-2024-29200 [email protected] |
| kitforest — better_elementor_addons |
The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-29 | 6.4 | CVE-2024-2280 [email protected] [email protected] |
| klarna — klarna_payments_for_woocommerce |
Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. | 2024-03-29 | 5.3 | CVE-2024-30477 [email protected] |
| klbtheme — clotya_theme |
Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme, KlbTheme Machic theme.This issue affects Clotya theme: from n/a through 1.1.6; Cosmetsy theme: from n/a through 1.7.7; Furnob theme: from n/a through 1.2.2; Bacola theme: from n/a through 1.3.3; Partdo theme: from n/a through 1.1.1; Medibazar theme: from n/a through 1.8.6; Machic theme: from n/a through 1.2.8. | 2024-03-26 | 4.3 | CVE-2023-49838 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| krunal_prajapati — wp_post_disclaimer
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3. | 2024-03-27 | 6.5 | CVE-2024-29761 [email protected] |
| kstover — ninja_forms_contact_form_-_the_drag_and_drop_form_builder_for_wordpress |
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-29 | 4.6 | CVE-2024-2108 [email protected] [email protected] |
| kstover — ninja_forms_contact_form_-_the_drag_and_drop_form_builder_for_wordpress |
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to missing or incorrect nonce validation on the nf_download_all_subs AJAX action. This makes it possible for unauthenticated attackers to trigger an export of a form’s submission to a publicly accessible location via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-03-29 | 4.3 | CVE-2024-2113 [email protected] [email protected] |
| kurudrive — vk_all_in_one_expansion_unit |
The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘className.’ This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-26 | 6.4 | CVE-2024-2170 [email protected] [email protected] |
| labib_ahmed — carousel_anything_for_wpbakery_page_builder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Labib Ahmed Carousel Anything For WPBakery Page Builder allows Stored XSS.This issue affects Carousel Anything For WPBakery Page Builder: from n/a through 2.1. | 2024-03-29 | 6.5 | CVE-2024-30520 [email protected] |
| landingi — landingi_landing_pages |
Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1. | 2024-03-29 | 5.4 | CVE-2024-30521 [email protected] |
| lg_electronics — lg_led_assistant |
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | 2024-03-25 | 5.3 | CVE-2024-2863 [email protected] |
| litonice13 — master_addons_-_free_widgets_hover_effects_toggle_conditions_animations_for_elementor |
The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in all versions up to, and including, 2.0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-27 | 6.4 | CVE-2024-2139 [email protected] [email protected] |
| livemesh — livemesh_addons_for_wpbakery_page_builder
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.7. | 2024-03-27 | 6.5 | CVE-2024-30183 [email protected] |
| loncar — easy_appointments |
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ea_full_calendar’ shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-29 | 6.4 | CVE-2024-2842 [email protected] [email protected] |
| loncar — easy_appointments |
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders. | 2024-03-29 | 4.3 | CVE-2024-2844 [email protected] [email protected] [email protected] |
| looking_forward_software_incorporated. — popup_builder
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Looking Forward Software Incorporated. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 4.2.6. | 2024-03-27 | 6.5 | CVE-2024-30184 [email protected] |
| lordicon — lordicon_animated_icons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lordicon Lordicon Animated Icons allows Stored XSS.This issue affects Lordicon Animated Icons: from n/a through 2.0.1. | 2024-03-29 | 6.5 | CVE-2024-30519 [email protected] |
| mailmunch — mailchimp_forms_by_mailmunch
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MailMunch MailChimp Forms by MailMunch allows Stored XSS.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.2. | 2024-03-27 | 6.5 | CVE-2024-29793 [email protected] |
| mainwp — mainwp_wordfence_extension |
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7. | 2024-03-25 | 5.4 | CVE-2023-22699 [email protected] |
| mark_kinchin — beds24_online_booking |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24. | 2024-03-27 | 6.5 | CVE-2023-52228 [email protected] |
| martyn_chamberlin — don’t_muck_my_markup |
Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don’t Muck My Markup.This issue affects Don’t Muck My Markup: from n/a through 1.8. | 2024-03-27 | 4.3 | CVE-2024-23510 [email protected] |
| marubon — pocket_news_generator |
The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the option_page() function. This makes it possible for unauthenticated attackers to update the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-03-29 | 5.4 | CVE-2024-2964 [email protected] [email protected] |
| marubon — pocket_news_generator |
The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as “Consumer Key” and “Access Token” in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-03-29 | 4.4 | CVE-2024-2963 [email protected] [email protected] |
| megamenu — max_mega_menu |
Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3. | 2024-03-28 | 5.4 | CVE-2024-28003 [email protected] |
| mehanoid.pro — flatpm
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mehanoid.Pro FlatPM allows Stored XSS.This issue affects FlatPM: from n/a before 3.1.05. | 2024-03-27 | 6.5 | CVE-2024-29803 [email protected] |
| metagauss — eventprime |
Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | 2024-03-27 | 5.9 | CVE-2024-29776 [email protected] |
| metagauss — profilegrid_ |
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2. | 2024-03-29 | 6.5 | CVE-2024-30513 [email protected] |
| metagauss — registrationmagic |
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0. | 2024-03-26 | 4.3 | CVE-2024-2951 [email protected] |
| miraheze — createwiki |
CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it. | 2024-03-26 | 4.9 | CVE-2024-29883 [email protected] [email protected] [email protected] |
| miraheze — createwiki |
CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request’s entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937. | 2024-03-28 | 4.9 | CVE-2024-29897 [email protected] [email protected] [email protected] [email protected] |
| miraheze — createwiki |
CreateWiki is Miraheze’s MediaWiki extension for requesting & creating wikis. An oversight during the writing of the patch for CVE-2024-29897 may have exposed suppressed wiki requests to private wikis that added Special:RequestWikiQueue to the read whitelist to users without the `(read)` permission. This vulnerability is fixed in 8f8442ed5299510ea3e58416004b9334134c149c. | 2024-03-28 | 4.9 | CVE-2024-29898 [email protected] [email protected] [email protected] |
| molongui — molongui
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7. | 2024-03-27 | 6.5 | CVE-2024-29764 [email protected] |
| motopress — stratum
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MotoPress Stratum allows Stored XSS.This issue affects Stratum: from n/a through 1.3.15. | 2024-03-27 | 6.5 | CVE-2024-29914 [email protected] |
| moveaddons — move_addons_for_elementor
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.2.9. | 2024-03-27 | 6.5 | CVE-2024-29920 [email protected] |
| muffingroup — betheme |
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | 2024-03-25 | 5.4 | CVE-2022-45351 [email protected] |
| muffingroup — betheme |
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | 2024-03-25 | 5.4 | CVE-2022-45352 [email protected] |
| muffingroup — betheme |
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | 2024-03-25 | 5.4 | CVE-2022-45356 [email protected] |
| muffingroup — betheme |
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | 2024-03-25 | 4.3 | CVE-2022-45349 [email protected] |
| multivendorx — wc_marketplace
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MultiVendorX WC Marketplace allows Stored XSS.This issue affects WC Marketplace: from n/a through 4.1.3. | 2024-03-29 | 6.5 | CVE-2024-30433 [email protected] |
| munirkamal — gutenberg_block_editor_toolkit_-_editorskit |
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘editorskit’ shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-2794 [email protected] [email protected] |
| n/a — compact_wp_audio_player
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9. | 2024-03-27 | 6.5 | CVE-2024-29917 [email protected] |
| n/a — portfolio_gallery_-_image_gallery_plugin
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Portfolio Gallery – Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery – Image Gallery Plugin: from n/a through 1.5.6. | 2024-03-27 | 6.5 | CVE-2024-29769 [email protected] |
| n/a — qdrant |
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is able to address this issue. The patch is named 3ab5172e9c8f14fa1f7b24e7147eac74e2412b62. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-258611. | 2024-03-29 | 5.5 | CVE-2024-3078 [email protected] [email protected] [email protected] [email protected] [email protected] |
| n/a — wp-crm_system |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP-CRM System allows Stored XSS.This issue affects WP-CRM System: from n/a through 3.2.9. | 2024-03-29 | 5.9 | CVE-2024-30434 [email protected] |
| netentsec — ns-asg_application_security_gateway
|
A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_crl_conf. The manipulation of the argument CRLId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258429 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-28 | 6.3 | CVE-2024-3040 [email protected] [email protected] [email protected] [email protected] |
| netentsec — ns-asg_application_security_gateway
|
A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. This vulnerability affects unknown code of the file /protocol/log/listloginfo.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-28 | 6.3 | CVE-2024-3041 [email protected] [email protected] [email protected] [email protected] |
| netty — netty |
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final. | 2024-03-25 | 5.3 | CVE-2024-29025 [email protected] [email protected] [email protected] |
| netweblogic — events_manager_-_calendar_bookings_tickets_and_more! |
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-28 | 6.4 | CVE-2024-2111 [email protected] [email protected] |
| netweblogic — events_manager_-_calendar_bookings_tickets_and_more! |
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-03-28 | 4.3 | CVE-2024-2110 [email protected] [email protected] |
| nickys — image_map_pro |
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9. | 2024-03-28 | 6.1 | CVE-2022-45850 [email protected] |
| niteothemes — cmp_-_coming_soon_&_maintenance |
Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10. | 2024-03-28 | 5.5 | CVE-2023-50374 [email protected] |
| nuuo — camera |
A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258197 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 5.4 | CVE-2024-2995 [email protected] [email protected] [email protected] [email protected] |
| nvidia — gpu_display_driver_vgpu_driver_cloud_gaming_driver |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure. | 2024-03-27 | 6.1 | CVE-2024-0075 [email protected] |
| nvidia — gpu_display_driver_vgpu_driver_cloud_gaming_driver |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service. | 2024-03-27 | 6.5 | CVE-2024-0078 [email protected] |
| nvidia — vgpu_driver,_cloud_gaming_driver |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service. | 2024-03-27 | 6.5 | CVE-2024-0079 [email protected] |
| oceanwp — oceanwp |
The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys. | 2024-03-29 | 4.3 | CVE-2024-2476 [email protected] [email protected] |
| oroinc — orocommerce |
OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4. | 2024-03-25 | 4.3 | CVE-2023-48296 [email protected] [email protected] |
| oroinc — platform |
OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4. | 2024-03-25 | 4.3 | CVE-2023-45824 [email protected] [email protected] |
| paid_memberships_pro — paid_memberships_pro_-_payfast_gateway_add_on |
Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: from n/a through 1.4.1. | 2024-03-29 | 5.3 | CVE-2024-30514 [email protected] |
| patrick_posner — simply_static |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3. | 2024-03-27 | 5.9 | CVE-2024-30178 [email protected] |
| peepso — community_by_peepso |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0. | 2024-03-26 | 5.3 | CVE-2023-27630 [email protected] |
| peepso — community_by_peepso |
Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0. | 2024-03-28 | 5.3 | CVE-2024-25923 [email protected] |
| petri_damstén — fullscreen_galleria
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Petri Damstén Fullscreen Galleria allows Stored XSS.This issue affects Fullscreen Galleria: from n/a through 1.6.11. | 2024-03-27 | 6.5 | CVE-2024-29801 [email protected] |
| phpgurukul — emergency_ambulance_hiring_portal |
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability. | 2024-03-30 | 4.3 | CVE-2024-3084 [email protected] [email protected] [email protected] [email protected] |
| phpgurukul — emergency_ambulance_hiring_portal |
A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679. | 2024-03-30 | 4.3 | CVE-2024-3086 [email protected] [email protected] [email protected] [email protected] |
| phpgurukul — emergency_ambulance_hiring_portal |
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability. | 2024-03-30 | 4.3 | CVE-2024-3089 [email protected] [email protected] [email protected] [email protected] |
| pimcore — pimcore
|
Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a preview. This no longer applies. Previews are broad open to any user and with just the hint of a restricted link one could gain access to possible confident / unreleased information. This vulnerability is fixed in 11.2.2 and 11.1.6.1. | 2024-03-26 | 6.5 | CVE-2024-29197 [email protected] [email protected] |
| piotnet — piotnet_addons_for_elementor
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25. | 2024-03-27 | 6.5 | CVE-2024-29934 [email protected] |
| pixelite — events_manager |
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. | 2024-03-28 | 4.3 | CVE-2024-30421 [email protected] |
| plainware — locatoraid_store_locator |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30. | 2024-03-27 | 5.9 | CVE-2024-30181 [email protected] |
| pluginops — landing_page_builder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PluginOps Landing Page Builder allows Stored XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.7. | 2024-03-29 | 5.9 | CVE-2024-30452 [email protected] |
| podlove — podlove_web_player
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1. | 2024-03-27 | 6.5 | CVE-2024-29788 [email protected] |
| poll_maker_&_voting_plugin_team_(infotheme) — wp_poll_maker |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker allows Stored XSS.This issue affects WP Poll Maker: from n/a through 3.1. | 2024-03-27 | 5.9 | CVE-2024-29818 [email protected] |
| posimyththemes — the_plus_addons_for_elementor |
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-03-27 | 6.4 | CVE-2024-2203 [email protected] [email protected] |
| posimyththemes — the_plus_addons_for_elementor |
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-03-27 | 6.4 | CVE-2024-2210 [email protected] [email protected] |
| propertyhive — propertyhive |
Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6. | 2024-03-26 | 4.3 | CVE-2024-24718 [email protected] |
| quantum_cloud — slider_hero |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1. | 2024-03-27 | 5.9 | CVE-2024-29922 [email protected] |
| realmag777 — bear |
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3. | 2024-03-29 | 4.3 | CVE-2024-30463 [email protected] |
| realmag777 — husky_-_products_filter_for_woocommerce_(formerly_woof) |
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1. | 2024-03-29 | 4.3 | CVE-2024-30462 [email protected] |
| realmag777 — woocs_-_woocommerce_currency_switcher |
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7. | 2024-03-29 | 4.3 | CVE-2024-30458 [email protected] |
| realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf)
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. | 2024-03-27 | 6.5 | CVE-2024-29906 [email protected] |
| realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf)
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. | 2024-03-27 | 6.5 | CVE-2024-29932 [email protected] |
| realmag777 — wordpress_meta_data_and_taxonomies_filter_(mdtf) |
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.1. | 2024-03-29 | 4.3 | CVE-2024-30457 [email protected] |
| realmag777 — wpcs |
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1. | 2024-03-29 | 4.3 | CVE-2024-30456 [email protected] |
| rednao — pdf_builder_for_wpforms
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in RedNao PDF Builder for WPForms allows Stored XSS.This issue affects PDF Builder for WPForms: from n/a through 1.2.88. | 2024-03-27 | 6.5 | CVE-2024-29820 [email protected] |
| reviewx — reviewx
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. | 2024-03-27 | 6.5 | CVE-2024-29812 [email protected] |
| rockwell_automation — arena_simulation |
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | 2024-03-26 | 4.4 | CVE-2024-21920 [email protected] |
| rockwell_automation — factorytalk-_view_me |
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelViewâ„¢ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelViewâ„¢ product. | 2024-03-25 | 5.3 | CVE-2024-21914 [email protected] |
| ruijie — rg-eg350
|
A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=set_vpn of the component HTTP POST Request Handler. The manipulation of the argument ip/port/user/pass/dns/startIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257978 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 6.3 | CVE-2024-2910 [email protected] [email protected] [email protected] [email protected] |
| saleor — saleor |
Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`. | 2024-03-27 | 4.2 | CVE-2024-29888 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| seraphinite_solutions — seraphinite_accelerator
|
Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47. | 2024-03-28 | 5.3 | CVE-2024-22138 [email protected] |
| serverpod — serverpod |
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6. | 2024-03-27 | 5.3 | CVE-2024-29886 [email protected] [email protected] |
| servit_software_solutions — affiliate-toolkit
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Stored XSS.This issue affects affiliate-toolkit: from n/a through 3.4.5. | 2024-03-27 | 6.5 | CVE-2024-29817 [email protected] |
| shanghai_brad_technology — bladex
|
A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-28 | 6.3 | CVE-2024-3039 [email protected] [email protected] [email protected] [email protected] |
| sharethis — sharethis_dashboard_for_google_analytics |
Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. | 2024-03-25 | 5.4 | CVE-2022-45851 [email protected] |
| simple_sponsorships — sponsors
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Simple Sponsorships Sponsors allows Stored XSS.This issue affects Sponsors: from n/a through 3.5.1. | 2024-03-29 | 6.5 | CVE-2024-30483 [email protected] |
| sinaextra — sina_extension_for_elementor
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0. | 2024-03-27 | 6.5 | CVE-2024-29935 [email protected] |
| snp_digital — salesking |
Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. | 2024-03-26 | 6.5 | CVE-2024-22156 [email protected] |
| softlab — dracula_dark_mode_-_the_revolutionary_dark_mode_plugin_for_wordpress
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoftLab Dracula Dark Mode – The Revolutionary Dark Mode Plugin For WordPress allows Stored XSS.This issue affects Dracula Dark Mode – The Revolutionary Dark Mode Plugin For WordPress: from n/a through 1.0.8. | 2024-03-27 | 6.5 | CVE-2024-29771 [email protected] |
| softlab — radio_player
|
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | 2024-03-26 | 6.5 | CVE-2024-2906 [email protected] |
| softlab — radio_player
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73. | 2024-03-27 | 6.5 | CVE-2024-29811 [email protected] |
| sourcecodester — online_chatting_system
|
A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012. | 2024-03-27 | 6.3 | CVE-2024-2932 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — simple_subscription_website
|
A vulnerability classified as critical has been found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file Actions.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258300. | 2024-03-28 | 6.3 | CVE-2024-3014 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — simple_subscription_website
|
A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Affected by this vulnerability is an unknown functionality of the file manage_plan.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258301 was assigned to this vulnerability. | 2024-03-28 | 6.3 | CVE-2024-3015 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — simple_subscription_website
|
A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258431. | 2024-03-28 | 6.3 | CVE-2024-3042 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — todo_list_in_kanban_board
|
A vulnerability classified as critical was found in SourceCodester Todo List in Kanban Board 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-todo.php. The manipulation of the argument list leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258013 was assigned to this vulnerability. | 2024-03-27 | 6.3 | CVE-2024-2934 [email protected] [email protected] [email protected] [email protected] |
| sparkle_wp — educenter |
Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5. | 2024-03-25 | 4.3 | CVE-2023-30480 [email protected] |
| specialk — simple_ajax_chat_-_add_a_fast_secure_chat_box |
The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-03-27 | 4.4 | CVE-2024-2956 [email protected] [email protected] |
| squirrly — seo_plugin_by_squirrly_seo |
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20. | 2024-03-25 | 6.3 | CVE-2022-44626 [email protected] |
| step-byte-service_gmbh — openstreetmap_for_gutenberg_and_wpbakery_page_builder_(formerly_visual_composer)
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Step-Byte-Service GmbH OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) allows Stored XSS.This issue affects OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer): from n/a through 1.1.1. | 2024-03-29 | 6.5 | CVE-2024-30450 [email protected] |
| stormhill_media — mybooktable_bookstore
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stormhill Media MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.3.7. | 2024-03-27 | 6.5 | CVE-2024-29772 [email protected] |
| streamweasels — streamweasels_twitch_integration
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in StreamWeasels StreamWeasels Twitch Integration allows Stored XSS.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.5. | 2024-03-27 | 6.5 | CVE-2024-29766 [email protected] |
| supsystic — photo_gallery_by_supsystic |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Supsystic Photo Gallery by Supsystic allows Stored XSS.This issue affects Photo Gallery by Supsystic: from n/a through 1.15.16. | 2024-03-27 | 5.9 | CVE-2024-29921 [email protected] |
| supsystic — slider_by_supsystic |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Supsystic Slider by Supsystic allows Stored XSS.This issue affects Slider by Supsystic: from n/a through 1.8.10. | 2024-03-29 | 5.9 | CVE-2024-30448 [email protected] |
| swift-server — swift-prometheus |
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format — including creating unbounded numbers of stored metrics, inflating server memory usage, or causing “bogus” metrics. This vulnerability is fixed in2.0.0-alpha.2. | 2024-03-29 | 5.9 | CVE-2024-28867 [email protected] [email protected] |
| syam_mohan — wpfront_notification_bar |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2. | 2024-03-27 | 5.9 | CVE-2024-29819 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29227 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29230 [email protected] |
| synology — surveillance_station |
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29231 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29232 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29233 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29234 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29235 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29236 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29237 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29238 [email protected] |
| synology — surveillance_station |
Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors. | 2024-03-28 | 5.4 | CVE-2024-29239 [email protected] |
| synology — surveillance_station |
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | 2024-03-28 | 4.3 | CVE-2024-29240 [email protected] |
| team_heateor — fancy_comments_wordpress
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14. | 2024-03-27 | 6.5 | CVE-2024-29804 [email protected] |
| technocrackers — christmas_greetings |
The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the code parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-03-29 | 6.1 | CVE-2024-2116 [email protected] [email protected] |
| tenda — ac7 |
A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 6.3 | CVE-2024-2897 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1202 |
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 5.5 | CVE-2024-2982 [email protected] [email protected] [email protected] [email protected] |
| tenda — fh1205
|
A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-28 | 6.3 | CVE-2024-3009 [email protected] [email protected] [email protected] [email protected] |
| the_beaver_builder_team — beaver_builder
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.7.4.4. | 2024-03-29 | 6.5 | CVE-2024-30425 [email protected] |
| themehunk — advance_wordpress_search_plugin |
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1. | 2024-03-25 | 6.5 | CVE-2022-38057 [email protected] |
| themeisle — multiple_page_generator_plugin_-_mpg |
Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | 2024-03-26 | 4.3 | CVE-2024-30235 [email protected] |
| themeisle — otter_blocks_-_gutenberg_blocks_page_builder_for_gutenberg_editor_&_fse |
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as ‘id’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-29 | 6.4 | CVE-2024-2841 [email protected] [email protected] |
| themekraft — buddyforms |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5. | 2024-03-27 | 5.8 | CVE-2024-30198 [email protected] |
| themelocation — custom_woocommerce_checkout_fields_editor |
Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. | 2024-03-29 | 4.3 | CVE-2024-30518 [email protected] |
| themeum — tutor_lms_elementor_addons
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3. | 2024-03-27 | 6.5 | CVE-2024-29913 [email protected] |
| themify — themify_event_post |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themify Themify Event Post allows Stored XSS.This issue affects Themify Event Post: from n/a through 1.2.7. | 2024-03-29 | 5.9 | CVE-2024-30440 [email protected] |
| themifyme — themify_shortcodes |
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-26 | 5.4 | CVE-2024-2732 [email protected] [email protected] |
| thimpress — wp_hotel_booking |
Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. | 2024-03-29 | 6.5 | CVE-2024-30508 [email protected] |
| thorsten — phpmyfaq |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ’s user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP’s `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user’s phpMyFAQ session. This vulnerability is fixed in 3.2.6. | 2024-03-25 | 5.5 | CVE-2024-27300 [email protected] [email protected] [email protected] |
| thorsten — phpmyfaq |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6. | 2024-03-25 | 4.3 | CVE-2024-28106 [email protected] [email protected] |
| thorsten — phpmyfaq |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn’t check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6. | 2024-03-25 | 4.7 | CVE-2024-28108 [email protected] [email protected] |
| tianjin — publicms |
A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257979. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-26 | 4.3 | CVE-2024-2911 [email protected] [email protected] [email protected] [email protected] |
| tinymce — tinymce |
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1. | 2024-03-26 | 4.3 | CVE-2024-29203 [email protected] [email protected] [email protected] [email protected] |
| tinymce — tinymce |
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0. | 2024-03-26 | 4.3 | CVE-2024-29881 [email protected] [email protected] [email protected] [email protected] |
| tsina — news_wall |
The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwap_newslist_page() function. This makes it possible for unauthenticated attackers to update the plugin’s settings and modify news lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-03-29 | 4.3 | CVE-2024-2970 [email protected] [email protected] |
| tumult_inc — tumult_hype_animations |
Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.11. | 2024-03-29 | 4.3 | CVE-2024-30460 [email protected] |
| uncanny_owl — uncanny_toolkit_for_learndash |
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. | 2024-03-27 | 4.7 | CVE-2023-34020 [email protected] |
| unitecms — unlimited_elements_for_elementor_(free_widgets,_addons,_templates) |
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget (e.g., ‘Button Link’) in all versions up to, and including, 1.5.96 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-0367 [email protected] [email protected] |
| uriahs_victor — location_picker_at_checkout_for_woocommerce |
Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. | 2024-03-26 | 4.3 | CVE-2024-24719 [email protected] |
| veronalabs — wp_sms |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4. | 2024-03-27 | 6.5 | CVE-2024-25920 [email protected] |
| veronalabs — wp_sms |
Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2. | 2024-03-29 | 4.3 | CVE-2024-30454 [email protected] |
| vinoth06. — frontend_dashboard
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vinoth06. Frontend Dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through 2.2.1. | 2024-03-27 | 6.5 | CVE-2024-29775 [email protected] |
| voidcoders — void_contact_form_7_widget_for_elementor_page_builder |
Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3. | 2024-03-26 | 4.3 | CVE-2023-52214 [email protected] |
| walter_pinem — oneclick_chat_to_order
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5. | 2024-03-27 | 6.5 | CVE-2024-29789 [email protected] |
| wc_lovers — wcfm_-_frontend_manager_for_woocommerce |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through 6.7.8. | 2024-03-27 | 5.9 | CVE-2024-29929 [email protected] |
| weblizar — lightbox_slider_-_responsive_lightbox_gallery |
The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-03-29 | 5.4 | CVE-2024-1858 [email protected] [email protected] |
| webtechstreet — elementor_addon_elements |
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-28 | 5.4 | CVE-2024-2091 [email protected] [email protected] [email protected] |
| webtoffee — import_export_wordpress_users |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. | 2024-03-29 | 4.3 | CVE-2024-30492 [email protected] |
| wedevs — woocommerce_conversion_tracking |
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | 2024-03-26 | 4.3 | CVE-2024-24711 [email protected] |
| wholesale_team — wholesalex
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | 2024-03-26 | 6.5 | CVE-2024-30233 [email protected] |
| wholesale_team — wholesalex
|
Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | 2024-03-26 | 6.5 | CVE-2024-30234 [email protected] |
| woocommerce — woocommerce_box_office |
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. | 2024-03-26 | 6.5 | CVE-2024-24799 [email protected] |
| woocommerce — woocommerce_stripe_payment_gateway |
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0. | 2024-03-27 | 5.4 | CVE-2023-44999 [email protected] |
| workos — authkit-nextjs |
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2. | 2024-03-29 | 4.8 | CVE-2024-29901 [email protected] [email protected] [email protected] |
| wp_darko — grid_shortcodes
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1. | 2024-03-27 | 6.5 | CVE-2024-29797 [email protected] |
| wp_email_newsletter_team_-_fluentcrm — fluent_crm |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Email Newsletter Team – FluentCRM Fluent CRM allows Stored XSS.This issue affects Fluent CRM: from n/a through 2.8.44. | 2024-03-29 | 5.9 | CVE-2024-30430 [email protected] |
| wp_lab — wp-lister_lite_for_amazon |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.11. | 2024-03-26 | 5.9 | CVE-2024-2889 [email protected] |
| wp_sunshine — sunshine_photo_cart |
Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. | 2024-03-28 | 5.4 | CVE-2024-30221 [email protected] |
| wp_swings — points_and_rewards_for_woocommerce |
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | 2024-03-25 | 6.5 | CVE-2023-27608 [email protected] |
| wpassist.me — wordpress_countdown_widget |
Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1. | 2024-03-27 | 6.1 | CVE-2022-45847 [email protected] |
| wpexperts — wholesale_for_woocommerce |
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | 2024-03-29 | 5.3 | CVE-2024-30469 [email protected] |
| wppool — webinar_and_video_conference_with_jitsi_meet
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3. | 2024-03-29 | 6.5 | CVE-2024-30437 [email protected] |
| wpvibes — elementor_addon_elements
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1. | 2024-03-28 | 6.5 | CVE-2024-30422 [email protected] |
| wpwax — post_grid_slider_&_carousel_ultimate
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6. | 2024-03-27 | 6.5 | CVE-2024-29925 [email protected] |
| xpeedstudio — elementskit_elementor_addons |
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-30 | 6.4 | CVE-2024-1238 [email protected] [email protected] |
| xpro — 140+_widgets_|_best_addons_for_elementor_-_free |
The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-03-29 | 6.4 | CVE-2024-2250 [email protected] [email protected] |
| zephyrproject-rtos — zephyr |
An malicious BLE device can crash BLE victim device by sending malformed gatt packet | 2024-03-29 | 6.8 | CVE-2024-3077 [email protected] |
| zionbuilder.io — wordpress_page_builder_-_zion_builder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in zionbuilder.Io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.9. | 2024-03-29 | 5.9 | CVE-2024-30444 [email protected] |
| zitadel — zitadel
|
ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:iam:user:resourceowner:name`. To compensate for this we introduced a protection that does prevent actions from changing claims that start with `urn:zitadel:iam`. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17. | 2024-03-27 | 6.1 | CVE-2024-29892 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ampache — ampache |
Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1. | 2024-03-27 | 3.9 | CVE-2024-28853 [email protected] |
| awesomestcode — livebot |
A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Upgrading to version 0.1 is able to address this issue. The name of the patch is 57505527f838d1e46e8f93d567ba552a30185bfa. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257784. | 2024-03-25 | 3.5 | CVE-2020-36826 [email protected] [email protected] [email protected] [email protected] |
| bdtask — multi-store_inventory_management_system |
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258198 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 2.4 | CVE-2024-2996 [email protected] [email protected] [email protected] [email protected] |
| bdtask — multi-store_inventory_management_system |
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Name/Unit Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258199. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 2.4 | CVE-2024-2997 [email protected] [email protected] [email protected] [email protected] |
| bdtask — multi-store_inventory_management_system |
A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument Store Name/Store Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258200. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-03-27 | 2.4 | CVE-2024-2998 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_examination_system |
A vulnerability classified as problematic has been found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258030 is the identifier assigned to this vulnerability. | 2024-03-27 | 3.5 | CVE-2024-2939 [email protected] [email protected] [email protected] [email protected] |
| campcodes — online_examination_system |
A vulnerability classified as problematic was found in Campcodes Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258031. | 2024-03-27 | 3.5 | CVE-2024-2940 [email protected] [email protected] [email protected] [email protected] |
| code-projects — online_book_system |
A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258206 is the identifier assigned to this vulnerability. | 2024-03-27 | 3.5 | CVE-2024-3004 [email protected] [email protected] [email protected] [email protected] |
| easycorp — easyadmin |
A vulnerability was found in EasyCorp EasyAdmin up to 4.8.9. It has been declared as problematic. Affected by this vulnerability is the function Autocomplete of the file assets/js/autocomplete.js of the component Autocomplete. The manipulation of the argument item leads to cross site scripting. The attack can be launched remotely. Upgrading to version 4.8.10 is able to address this issue. The identifier of the patch is 127436e4c3f56276d548070f99e61b7234200a11. It is recommended to upgrade the affected component. The identifier VDB-258613 was assigned to this vulnerability. | 2024-03-29 | 3.5 | CVE-2024-3081 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| hcl_software — bigfix_platform |
An administrative user of WebReports may perform a Server Side Request Forgery (SSRF) exploit through SMTP configuration options. | 2024-03-28 | 3.5 | CVE-2023-45705 [email protected] |
| hcl_software — bigfix_platform
|
The console may experience a service interruption when processing file names with invalid characters. | 2024-03-28 | 3.5 | CVE-2023-45715 [email protected] |
| hcl_software — bigfix_platform
|
An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the Middle (MITM) exploit through SAML configuration. | 2024-03-28 | 2 | CVE-2023-45706 [email protected] |
| ibm — common_cryptographic_architecture |
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676. | 2024-03-26 | 3.7 | CVE-2023-33855 [email protected] [email protected] |
| molongui — molongui |
Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. | 2024-03-29 | 2.7 | CVE-2024-30507 [email protected] |
| nautobot — nautobot |
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9. | 2024-03-26 | 3.7 | CVE-2024-29199 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| phpgurukul — emergency_ambulance_hiring_portal |
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683. | 2024-03-30 | 2.4 | CVE-2024-3090 [email protected] [email protected] [email protected] [email protected] |
| phpgurukul — emergency_ambulance_hiring_portal |
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684. | 2024-03-30 | 2.4 | CVE-2024-3091 [email protected] [email protected] [email protected] [email protected] |
| sourcecodester — todo_list_in_kanban_board |
A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Affected by this issue is some unknown functionality of the component Add ToDo. The manipulation of the argument Todo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258014 is the identifier assigned to this vulnerability. | 2024-03-27 | 3.5 | CVE-2024-2935 [email protected] [email protected] [email protected] [email protected] |
| thorsten — phpmyfaq |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6. | 2024-03-26 | 3.8 | CVE-2024-29196 [email protected] [email protected] |
| xpdf — xpdf |
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file. | 2024-03-26 | 2.9 | CVE-2024-2971 [email protected] |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache_software_foundation — apache_airflow |
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow’s local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem. If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable. This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) – those images require to have group write permission set anyway. You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users. Also you should not be affected if your umask is 002 (group write enabled) – this is the default on many linux systems. Recommendation for users using Airflow outside of the containers: * if you are using root to run Airflow, change your Airflow user to use non-root * upgrade Apache Airflow to 2.8.4 or above * If you prefer not to upgrade, you can change the https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions to 0o755 (original value 0o775). * if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs in all your components and all parent directories of this directory and remove group write access for all the parent directories | 2024-03-26 | not yet calculated | CVE-2024-29735 [email protected] [email protected] |
| apple — ios_and_ipados |
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data. | 2024-03-28 | not yet calculated | CVE-2023-42893 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| apple — ios_and_ipados |
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to modify protected parts of the file system. | 2024-03-28 | not yet calculated | CVE-2023-42896 [email protected] [email protected] [email protected] [email protected] [email protected] |
| apple — ios_and_ipados |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data. | 2024-03-28 | not yet calculated | CVE-2023-42936 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| apple — ios_and_ipados |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox. | 2024-03-28 | not yet calculated | CVE-2023-42947 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| apple — ios_and_ipados |
This issue was addressed with improved checks This issue is fixed in iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. A remote attacker may be able to cause a denial-of-service. | 2024-03-28 | not yet calculated | CVE-2023-42962 [email protected] [email protected] |
| apple — ios_and_ipados |
A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges. | 2024-03-28 | not yet calculated | CVE-2023-42974 [email protected] [email protected] [email protected] [email protected] [email protected] |
| apple — macos |
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. | 2024-03-28 | not yet calculated | CVE-2023-40390 [email protected] |
| apple — macos |
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A local attacker may be able to elevate their privileges. | 2024-03-28 | not yet calculated | CVE-2023-42892 [email protected] [email protected] [email protected] |
| apple — macos |
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions. | 2024-03-28 | not yet calculated | CVE-2023-42913 [email protected] |
| apple — macos |
This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. An app may be able to modify protected parts of the file system. | 2024-03-28 | not yet calculated | CVE-2023-42930 [email protected] [email protected] [email protected] |
| apple — macos |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication. | 2024-03-28 | not yet calculated | CVE-2023-42931 [email protected] [email protected] [email protected] |
| apple — safari |
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 2024-03-28 | not yet calculated | CVE-2023-42950 [email protected] [email protected] [email protected] [email protected] [email protected] |
| apple — safari |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. | 2024-03-28 | not yet calculated | CVE-2023-42956 [email protected] [email protected] [email protected] |
| ari_susanto — easy-popup-show |
Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in. | 2024-03-25 | not yet calculated | CVE-2024-29009 [email protected] [email protected] |
| curl — curl |
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl –proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug. | 2024-03-27 | not yet calculated | CVE-2024-2004 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 |
| curl — curl |
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. | 2024-03-27 | not yet calculated | CVE-2024-2379 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 |
| curl — curl |
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. | 2024-03-27 | not yet calculated | CVE-2024-2398 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 |
| curl — curl |
libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). | 2024-03-27 | not yet calculated | CVE-2024-2466 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 2499f714-1537-4658-8207-48ae4bb9eae9 |
| devolutions — server |
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request. | 2024-03-26 | not yet calculated | CVE-2024-2915 [email protected] |
| devolutions — server |
Improper access control in PAM vault permissions in Devolutions Server 2024.1.6 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions. | 2024-03-26 | not yet calculated | CVE-2024-2921 [email protected] |
| flash_cgi — mini_thread |
Cross-site scripting vulnerability exists in Mini Thread Version 3.33?i. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33?i. | 2024-03-26 | not yet calculated | CVE-2024-28034 [email protected] |
| fortunefield — ffbull |
OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11. | 2024-03-26 | not yet calculated | CVE-2024-28048 [email protected] |
| google — chrome |
Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 2024-03-26 | not yet calculated | CVE-2024-2883 [email protected] [email protected] [email protected] [email protected] [email protected] |
| google — chrome |
Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-03-26 | not yet calculated | CVE-2024-2885 [email protected] [email protected] [email protected] [email protected] [email protected] |
| google — chrome |
Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2024-03-26 | not yet calculated | CVE-2024-2886 [email protected] [email protected] [email protected] [email protected] [email protected] |
| google — chrome |
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 2024-03-26 | not yet calculated | CVE-2024-2887 [email protected] [email protected] [email protected] [email protected] [email protected] |
| gradio-app — gradio-app/gradio |
Previously, it was possible to exfiltrate secrets in Gradio’s CI, but this is now fixed. | 2024-03-27 | not yet calculated | CVE-2024-1540 [email protected] [email protected] |
| gradio-app — gradio-app/gradio |
Th password check condition is vulnerable to timing attack to guess the password | 2024-03-29 | not yet calculated | CVE-2024-1729 [email protected] [email protected] |
| gradio-app — gradio-app/gradio |
The /proxy route allows a user to proxy arbitrary urls including potential internal endpoints. | 2024-03-27 | not yet calculated | CVE-2024-2206 [email protected] [email protected] |
| hp,_inc. — hp_printer_firmware_update_utility |
A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution. | 2024-03-27 | not yet calculated | CVE-2024-2209 [email protected] |
| kddi_corporation — hgw_bl1500hm |
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. | 2024-03-25 | not yet calculated | CVE-2024-28041 [email protected] [email protected] |
| kddi_corporation — hgw_bl1500hm |
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings. | 2024-03-25 | not yet calculated | CVE-2024-29071 [email protected] [email protected] |
| kddi_corporation — hgw_bl1500hm |
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. | 2024-03-25 | not yet calculated | CVE-2024-21865 [email protected] [email protected] |
| langchain-ai — langchain-ai/langchain |
The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service. A successful attack is predicated on: 1. Usage of XMLOutputParser 2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf 3. Exposing the component via a web-service | 2024-03-26 | not yet calculated | CVE-2024-1455 [email protected] |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn’t initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT originally contained only single value tc_skb_ext->chain its users used to just assign the chain value without setting whole extension memory to zero first. This assumption changed when TC_SKB_EXT extension was extended with additional fields but not all users were updated to initialize the new fields which leads to use of uninitialized memory afterwards. UBSAN log: [ 778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28 [ 778.301495] load of value 107 is not a valid value for type ‘_Bool’ [ 778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2 [ 778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 778.307901] Call Trace: [ 778.308680] <IRQ> [ 778.309358] dump_stack+0xbb/0x107 [ 778.310307] ubsan_epilogue+0x5/0x40 [ 778.311167] __ubsan_handle_load_invalid_value.cold+0x43/0x48 [ 778.312454] ? memset+0x20/0x40 [ 778.313230] ovs_flow_key_extract.cold+0xf/0x14 [openvswitch] [ 778.314532] ovs_vport_receive+0x19e/0x2e0 [openvswitch] [ 778.315749] ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch] [ 778.317188] ? create_prof_cpu_mask+0x20/0x20 [ 778.318220] ? arch_stack_walk+0x82/0xf0 [ 778.319153] ? secondary_startup_64_no_verify+0xb0/0xbb [ 778.320399] ? stack_trace_save+0x91/0xc0 [ 778.321362] ? stack_trace_consume_entry+0x160/0x160 [ 778.322517] ? lock_release+0x52e/0x760 [ 778.323444] netdev_frame_hook+0x323/0x610 [openvswitch] [ 778.324668] ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch] [ 778.325950] __netif_receive_skb_core+0x771/0x2db0 [ 778.327067] ? lock_downgrade+0x6e0/0x6f0 [ 778.328021] ? lock_acquire+0x565/0x720 [ 778.328940] ? generic_xdp_tx+0x4f0/0x4f0 [ 778.329902] ? inet_gro_receive+0x2a7/0x10a0 [ 778.330914] ? lock_downgrade+0x6f0/0x6f0 [ 778.331867] ? udp4_gro_receive+0x4c4/0x13e0 [ 778.332876] ? lock_release+0x52e/0x760 [ 778.333808] ? dev_gro_receive+0xcc8/0x2380 [ 778.334810] ? lock_downgrade+0x6f0/0x6f0 [ 778.335769] __netif_receive_skb_list_core+0x295/0x820 [ 778.336955] ? process_backlog+0x780/0x780 [ 778.337941] ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core] [ 778.339613] ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0 [ 778.341033] ? kvm_clock_get_cycles+0x14/0x20 [ 778.342072] netif_receive_skb_list_internal+0x5f5/0xcb0 [ 778.343288] ? __kasan_kmalloc+0x7a/0x90 [ 778.344234] ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core] [ 778.345676] ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core] [ 778.347140] ? __netif_receive_skb_list_core+0x820/0x820 [ 778.348351] ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core] [ 778.349688] ? napi_gro_flush+0x26c/0x3c0 [ 778.350641] napi_complete_done+0x188/0x6b0 [ 778.351627] mlx5e_napi_poll+0x373/0x1b80 [mlx5_core] [ 778.352853] __napi_poll+0x9f/0x510 [ 778.353704] ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core] [ 778.355158] net_rx_action+0x34c/0xa40 [ 778.356060] ? napi_threaded_poll+0x3d0/0x3d0 [ 778.357083] ? sched_clock_cpu+0x18/0x190 [ 778.358041] ? __common_interrupt+0x8e/0x1a0 [ 778.359045] __do_softirq+0x1ce/0x984 [ 778.359938] __irq_exit_rcu+0x137/0x1d0 [ 778.360865] irq_exit_rcu+0xa/0x20 [ 778.361708] common_interrupt+0x80/0xa0 [ 778.362640] </IRQ> [ 778.363212] asm_common_interrupt+0x1e/0x40 [ 778.364204] RIP: 0010:native_safe_halt+0xe/0x10 [ 778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00 [ 778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246 [ 778.370570] RAX —truncated— | 2024-03-25 | not yet calculated | CVE-2021-47136 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter. | 2024-03-25 | not yet calculated | CVE-2021-47137 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the register can lead to out-of-bound memory access. So, fix by using the saved server TID base when clearing filters. | 2024-03-25 | not yet calculated | CVE-2021-47138 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case, if user try to change the channel number or ring param, it may cause the hns3_set_rx_cpu_rmap() being called twice, and report bug. [47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0 [47199.430340] hns3 0000:35:00.0 eth1: already uninitialized [47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1 [47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1 [47200.163524] ————[ cut here ]———— [47200.171674] kernel BUG at lib/cpu_rmap.c:142! [47200.177847] Internal error: Oops – BUG: 0 [#1] PREEMPT SMP [47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge] [47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O 5.11.0-rc3+ #1 [47200.215601] Hardware name: , xxxxxx 02/04/2021 [47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=–) [47200.230188] pc : cpu_rmap_add+0x38/0x40 [47200.237472] lr : irq_cpu_rmap_add+0x84/0x140 [47200.243291] sp : ffff800010e93a30 [47200.247295] x29: ffff800010e93a30 x28: ffff082100584880 [47200.254155] x27: 0000000000000000 x26: 0000000000000000 [47200.260712] x25: 0000000000000000 x24: 0000000000000004 [47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0 [47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680 [47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0 [47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0 [47200.293456] x15: fffffc2082990600 x14: dead000000000122 [47200.300059] x13: ffffffffffffffff x12: 000000000000003e [47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000 [47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700 [47200.319682] x7 : 0000000000000000 x6 : 000000000000003f [47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20 [47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80 [47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004 [47200.346058] Call trace: [47200.349324] cpu_rmap_add+0x38/0x40 [47200.354300] hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3] [47200.362294] hns3_reset_notify_init_enet+0x1cc/0x340 [hns3] [47200.370049] hns3_change_channels+0x40/0xb0 [hns3] [47200.376770] hns3_set_channels+0x12c/0x2a0 [hns3] [47200.383353] ethtool_set_channels+0x140/0x250 [47200.389772] dev_ethtool+0x714/0x23d0 [47200.394440] dev_ioctl+0x4cc/0x640 [47200.399277] sock_do_ioctl+0x100/0x2a0 [47200.404574] sock_ioctl+0x28c/0x470 [47200.409079] __arm64_sys_ioctl+0xb4/0x100 [47200.415217] el0_svc_common.constprop.0+0x84/0x210 [47200.422088] do_el0_svc+0x28/0x34 [47200.426387] el0_svc+0x28/0x70 [47200.431308] el0_sync_handler+0x1a4/0x1b0 [47200.436477] el0_sync+0x174/0x180 [47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000) [47200.448869] —[ end trace a01efe4ce42e5f34 ]— The process is like below: excuting hns3_client_init | register_netdev() | hns3_set_channels() | | hns3_set_rx_cpu_rmap() hns3_reset_notify_uninit_enet() | | | quit without calling function | hns3_free_rx_cpu_rmap for flag | HNS3_NIC_STATE_INITED is unset. | | | hns3_reset_notify_init_enet() | | set HNS3_NIC_STATE_INITED call hns3_set_rx_cpu_rmap()– crash Fix it by calling register_netdev() at the end of function hns3_client_init(). | 2024-03-25 | not yet calculated | CVE-2021-47139 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf (“iommu: Add support to change default domain of an iommu group”) a user can switch a device between IOMMU and direct DMA through sysfs. This doesn’t work for AMD IOMMU at the moment because dev->dma_ops is not cleared when switching from a DMA to an identity IOMMU domain. The DMA layer thus attempts to use the dma-iommu ops on an identity domain, causing an oops: # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/unbind # echo identity > /sys/bus/pci/devices/0000:00:05.0/iommu_group/type # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/bind … BUG: kernel NULL pointer dereference, address: 0000000000000028 … Call Trace: iommu_dma_alloc e1000e_setup_tx_resources e1000e_open Since iommu_change_dev_def_domain() calls probe_finalize() again, clear the dma_ops there like Vt-d does. | 2024-03-25 | not yet calculated | CVE-2021-47140 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL pointer dereference if the driver is unloaded. | 2024-03-25 | not yet calculated | CVE-2021-47141 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sg_free_table+0x17/0x20 [ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu] | 2024-03-25 | not yet calculated | CVE-2021-47142 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcd_dev_list after failed device_add() If the device_add() for a smcd_dev fails, there’s no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list. Add some error handling that removes the device from the list. | 2024-03-25 | not yet calculated | CVE-2021-47143 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes | 2024-03-25 | not yet calculated | CVE-2021-47144 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:link_to_fixup_dir+0xd5/0xe0 RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216 RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0 RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000 RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001 R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800 R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065 FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0 Call Trace: replay_one_buffer+0x409/0x470 ? btree_read_extent_buffer_pages+0xd0/0x110 walk_up_log_tree+0x157/0x1e0 walk_log_tree+0xa6/0x1d0 btrfs_recover_log_trees+0x1da/0x360 ? replay_one_extent+0x7b0/0x7b0 open_ctree+0x1486/0x1720 btrfs_mount_root.cold+0x12/0xea ? __kmalloc_track_caller+0x12f/0x240 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 vfs_kern_mount.part.0+0x71/0xb0 btrfs_mount+0x10d/0x380 ? vfs_parse_fs_string+0x4d/0x90 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 path_mount+0x433/0xa10 __x64_sys_mount+0xe3/0x120 do_syscall_64+0x3d/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae We can get -EIO or any number of legitimate errors from btrfs_search_slot(), panicing here is not the appropriate response. The error path for this code handles errors properly, simply return the error. | 2024-03-25 | not yet calculated | CVE-2021-47145 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn’t allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skb_put(). Test commands: ip netns del A ip netns del B ip netns add A ip netns add B ip link add veth0 type veth peer name veth1 ip link set veth0 netns A ip link set veth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set veth0 up ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0 ip netns exec B ip link set lo up ip netns exec B ip link set veth1 up ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1 for i in {1..99} do let A=$i-1 ip netns exec A ip link add ip6gre$i type ip6gre local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100 ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i ip netns exec A ip link set ip6gre$i up ip netns exec B ip link add ip6gre$i type ip6gre local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100 ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i ip netns exec B ip link set ip6gre$i up done Splat looks like: kernel BUG at net/core/skbuff.c:110! invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:skb_panic+0x15d/0x15f Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83 41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89 34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20 RSP: 0018:ffff88810091f820 EFLAGS: 00010282 RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000 RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031 R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028 R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0 FS: 0000000000000000(0000) GS:ffff888117c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 skb_put.cold.104+0x22/0x22 ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? rcu_read_lock_sched_held+0x91/0xc0 mld_newpack+0x398/0x8f0 ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600 ? lock_contended+0xc40/0xc40 add_grhead.isra.33+0x280/0x380 add_grec+0x5ca/0xff0 ? mld_sendpack+0xf40/0xf40 ? lock_downgrade+0x690/0x690 mld_send_initial_cr.part.34+0xb9/0x180 ipv6_mc_dad_complete+0x15d/0x1b0 addrconf_dad_completed+0x8d2/0xbb0 ? lock_downgrade+0x690/0x690 ? addrconf_rs_timer+0x660/0x660 ? addrconf_dad_work+0x73c/0x10e0 addrconf_dad_work+0x73c/0x10e0 Allowing high order page allocation could fix this problem. | 2024-03-25 | not yet calculated | CVE-2021-47146 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful ‘pci_ioremap_bar()’ call, it must be undone by a corresponding ‘pci_iounmap()’ call, as already done in the remove function. | 2024-03-25 | not yet calculated | CVE-2021-47147 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() This function is called from ethtool_set_rxfh() and “*rss_context” comes from the user. Add some bounds checking to prevent memory corruption. | 2024-03-25 | not yet calculated | CVE-2021-47148 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure. | 2024-03-25 | not yet calculated | CVE-2021-47149 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues is failed, it can return error directly. | 2024-03-25 | not yet calculated | CVE-2021-47150 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: bcm-voter: add a missing of_node_put() Add a missing of_node_put() in of_bcm_voter_get() to avoid the reference leak. | 2024-03-25 | not yet calculated | CVE-2021-47151 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to ‘mptcp_frag_can_collapse_to()’ assuming that only MPTCP will use the given page_frag. If others – e.g. the plain TCP protocol – allocate page fragments, we can end-up re-using already allocated memory for mptcp_data_frag. Fix the issue ensuring that the to-be-expanded data fragment is located at the current page frag end. v1 -> v2: – added missing fixes tag (Mat) | 2024-03-25 | not yet calculated | CVE-2021-47152 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don’t generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction. | 2024-03-25 | not yet calculated | CVE-2021-47153 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: add error handling in sja1105_setup() If any of sja1105_static_config_load(), sja1105_clocking_setup() or sja1105_devlink_setup() fails, we can’t just return in the middle of sja1105_setup() or memory will leak. Add a cleanup path. | 2024-03-25 | not yet calculated | CVE-2021-47158 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it “count” is a negative error code such as -EOPNOTSUPP. Because “i” is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes. Fix this by checking for error codes and changing the type of “i” to just int. | 2024-03-25 | not yet calculated | CVE-2021-47159 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCR_MATRIX field was set to all 1’s when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlan_filtering 1 ip link add br1 type bridge vlan_filtering 1 ip link set swp0 master br0 ip link set swp1 master br1 ip link set br0 type bridge vlan_filtering 0 ip link set br1 type bridge vlan_filtering 0 # traffic in br0 and br1 will start leaking to each other As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the PCR_MATRIX write from mt7530_port_set_vlan_aware. | 2024-03-25 | not yet calculated | CVE-2021-47160 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix a resource leak in an error handling path ‘dspi_request_dma()’ should be undone by a ‘dspi_release_dma()’ call in the error handling path of the probe function, as already done in the remove function | 2024-03-25 | not yet calculated | CVE-2021-47161 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It’s not a good idea to append the frag skb to a skb’s frag_list if the frag_list already has skbs from elsewhere, such as this skb was created by pskb_copy() where the frag_list was cloned (all the skbs in it were skb_get’ed) and shared by multiple skbs. However, the new appended frag skb should have been only seen by the current skb. Otherwise, it will cause use after free crashes as this appended frag skb are seen by multiple skbs but it only got skb_get called once. The same thing happens with a skb updated by pskb_may_pull() with a skb_cloned skb. Li Shuang has reported quite a few crashes caused by this when doing testing over macvlan devices: [] kernel BUG at net/core/skbuff.c:1970! [] Call Trace: [] skb_clone+0x4d/0xb0 [] macvlan_broadcast+0xd8/0x160 [macvlan] [] macvlan_process_broadcast+0x148/0x150 [macvlan] [] process_one_work+0x1a7/0x360 [] worker_thread+0x30/0x390 [] kernel BUG at mm/usercopy.c:102! [] Call Trace: [] __check_heap_object+0xd3/0x100 [] __check_object_size+0xff/0x16b [] simple_copy_to_iter+0x1c/0x30 [] __skb_datagram_iter+0x7d/0x310 [] __skb_datagram_iter+0x2a5/0x310 [] skb_copy_datagram_iter+0x3b/0x90 [] tipc_recvmsg+0x14a/0x3a0 [tipc] [] ____sys_recvmsg+0x91/0x150 [] ___sys_recvmsg+0x7b/0xc0 [] kernel BUG at mm/slub.c:305! [] Call Trace: [] <IRQ> [] kmem_cache_free+0x3ff/0x400 [] __netif_receive_skb_core+0x12c/0xc40 [] ? kmem_cache_alloc+0x12e/0x270 [] netif_receive_skb_internal+0x3d/0xb0 [] ? get_rx_page_info+0x8e/0xa0 [be2net] [] be_poll+0x6ef/0xd00 [be2net] [] ? irq_exit+0x4f/0x100 [] net_rx_action+0x149/0x3b0 … This patch is to fix it by linearizing the head skb if it has frag_list set in tipc_buf_append(). Note that we choose to do this before calling skb_unshare(), as __skb_linearize() will avoid skb_copy(). Also, we can not just drop the frag_list either as the early time. | 2024-03-25 | not yet calculated | CVE-2021-47162 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done On some host, a crash could be triggered simply by repeating these commands several times: # modprobe tipc # tipc bearer enable media udp name UDP1 localip 127.0.0.1 # rmmod tipc [] BUG: unable to handle kernel paging request at ffffffffc096bb00 [] Workqueue: events 0xffffffffc096bb00 [] Call Trace: [] ? process_one_work+0x1a7/0x360 [] ? worker_thread+0x30/0x390 [] ? create_worker+0x1a0/0x1a0 [] ? kthread+0x116/0x130 [] ? kthread_flush_work_fn+0x10/0x10 [] ? ret_from_fork+0x35/0x40 When removing the TIPC module, the UDP tunnel sock will be delayed to release in a work queue as sock_release() can’t be done in rtnl_lock(). If the work queue is schedule to run after the TIPC module is removed, kernel will crash as the work queue function cleanup_beareri() code no longer exists when trying to invoke it. To fix it, this patch introduce a member wq_count in tipc_net to track the numbers of work queues in schedule, and wait and exit until all work queues are done in tipc_exit_net(). | 2024-03-25 | not yet calculated | CVE-2021-47163 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev. After setting the upper dev with bond_master_upper_dev_link() there is a second event and in that event we have an upper dev. | 2024-03-25 | not yet calculated | CVE-2021-47164 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix shutdown crash when component not probed When main component is not probed, by example when the dw-hdmi module is not loaded yet or in probe defer, the following crash appears on shutdown: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 … pc : meson_drv_shutdown+0x24/0x50 lr : platform_drv_shutdown+0x20/0x30 … Call trace: meson_drv_shutdown+0x24/0x50 platform_drv_shutdown+0x20/0x30 device_shutdown+0x158/0x360 kernel_restart_prepare+0x38/0x48 kernel_restart+0x18/0x68 __do_sys_reboot+0x224/0x250 __arm64_sys_reboot+0x24/0x30 … Simply check if the priv struct has been allocated before using it. | 2024-03-25 | not yet calculated | CVE-2021-47165 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: NFS: Don’t corrupt the value of pg_bytes_written in nfs_do_recoalesce() The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list. | 2024-03-25 | not yet calculated | CVE-2021-47166 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfs_pageio_do_add_request() to be more robust by checking whether or not the list is empty rather than relying on the value of pg_count. | 2024-03-25 | not yet calculated | CVE-2021-47167 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The “sizeof(struct nfs_fh)” is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that’s the size of the ->data[] buffer. I reversed the size of the arguments to put the variable on the left. | 2024-03-25 | not yet calculated | CVE-2021-47168 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use ‘request_firmware’ instead of ‘request_firmware_nowait’ In ‘rp2_probe’, the driver registers ‘rp2_uart_interrupt’ then calls ‘rp2_fw_cb’ through ‘request_firmware_nowait’. In ‘rp2_fw_cb’, if the firmware don’t exists, function just return without initializing ports of ‘rp2_card’. But now the interrupt handler function has been registered, and when an interrupt comes, ‘rp2_uart_interrupt’ may access those ports then causing NULL pointer dereference or other bugs. Because the driver does some initialization work in ‘rp2_fw_cb’, in order to make the driver ready to handle interrupts, ‘request_firmware’ should be used instead of asynchronous ‘request_firmware_nowait’. This report reveals it: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xec/0x156 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:727 [inline] register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753 __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303 lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline] rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493 rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Co —truncated— | 2024-03-25 | not yet calculated | CVE-2021-47169 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don’t WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn’t a bug in the kernel; it’s merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, add the __GFP_NOWARN flag to the kmalloc calls for these buffers. | 2024-03-25 | not yet calculated | CVE-2021-47170 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728 | 2024-03-25 | not yet calculated | CVE-2021-47171 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have any holes, or it is possible to overflow the available storage. Note this bug was introduced as part of a fix to ensure we didn’t rely on the ordering of child nodes. So we need to support arbitrary ordering but they all need to be there somewhere. Note I hit this when using qemu to test the rest of this series. Arguably this isn’t the best fix, but it is probably the most minimal option for backporting etc. Alexandru’s sign-off is here because he carried this patch in a larger set that Jonathan then applied. | 2024-03-25 | not yet calculated | CVE-2021-47172 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm “kworker/0:1”, pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ….1……….. 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ……………. backtrace: [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 | 2024-03-25 | not yet calculated | CVE-2021-47173 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0 [709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod [709732.358941] pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common [709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1 [709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020 [709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0 [709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb [709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202 [709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001 [709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003 [709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462 [709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960 [709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660 [709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000 [709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0 [709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [709732.359003] PKRU: 55555554 [709732.359005] Call Trace: [709732.359009] <IRQ> [709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables] [709732.359046] ? sched_clock+0x5/0x10 [709732.359054] ? sched_clock_cpu+0xc/0xb0 [709732.359061] ? record_times+0x16/0x80 [709732.359068] ? plist_add+0xc1/0x100 [709732.359073] ? psi_group_change+0x47/0x230 [709732.359079] ? skb_clone+0x4d/0xb0 [709732.359085] ? enqueue_task_rt+0x22b/0x310 [709732.359098] ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en] [709732.359102] ? packet_rcv+0x40/0x4a0 [709732.359121] nft_lookup_eval+0x59/0x160 [nf_tables] [709732.359133] nft_do_chain+0x350/0x500 [nf_tables] [709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables] [709732.359163] ? nft_do_chain+0x364/0x500 [nf_tables] [709732.359172] ? fib4_rule_action+0x6d/0x80 [709732.359178] ? fib_rules_lookup+0x107/0x250 [709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat] [709732.359193] nf_nat_inet_fn+0xea/0x210 [nf_nat] [709732.359202] nf_nat_ipv4_out+0x14/0xa0 [nf_nat] [709732.359207] nf_hook_slow+0x44/0xc0 [709732.359214] ip_output+0xd2/0x100 [709732.359221] ? __ip_finish_output+0x210/0x210 [709732.359226] ip_forward+0x37d/0x4a0 [709732.359232] ? ip4_key_hashfn+0xb0/0xb0 [709732.359238] ip_subli —truncated— | 2024-03-25 | not yet calculated | CVE-2021-47174 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority 0x10002 # ping 192.0.2.2 -I eth0 -c2 -w1 -q produces the following splat: BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] Read of size 4 at addr ffff888171306924 by task ping/942 CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 Call Trace: dump_stack+0x92/0xc1 print_address_description.constprop.7+0x1a/0x150 kasan_report.cold.13+0x7f/0x111 fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] __dev_queue_xmit+0x1034/0x2b10 ip_finish_output2+0xc62/0x2120 __ip_finish_output+0x553/0xea0 ip_output+0x1ca/0x4d0 ip_send_skb+0x37/0xa0 raw_sendmsg+0x1c4b/0x2d00 sock_sendmsg+0xdb/0x110 __sys_sendto+0x1d7/0x2b0 __x64_sys_sendto+0xdd/0x1b0 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe69735c3eb Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89 RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003 RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260 R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0 Allocated by task 917: kasan_save_stack+0x19/0x40 __kasan_kmalloc+0x7f/0xa0 __kmalloc_node+0x139/0x280 fq_pie_init+0x555/0x8e8 [sch_fq_pie] qdisc_create+0x407/0x11b0 tc_modify_qdisc+0x3c2/0x17e0 rtnetlink_rcv_msg+0x346/0x8e0 netlink_rcv_skb+0x120/0x380 netlink_unicast+0x439/0x630 netlink_sendmsg+0x719/0xbf0 sock_sendmsg+0xe2/0x110 ____sys_sendmsg+0x5ba/0x890 ___sys_sendmsg+0xe9/0x160 __sys_sendmsg+0xd3/0x170 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff888171306800 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 36 bytes to the right of 256-byte region [ffff888171306800, ffff888171306900) The buggy address belongs to the page: page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306 head:00000000bcfb624e order:1 compound_mapcount:0 flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc >ffff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fix fq_pie traffic path to avoid selecting ‘q->flows + q->flows_cnt’ as a valid flow: it’s an address beyond the allocated memory. | 2024-03-25 | not yet calculated | CVE-2021-47175 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasd_device_tasklet. Commit b72949328869 (“s390/dasd: Prepare for additional path event handling”) renamed the verify_path function for ECKD but not for FBA and DIAG. This leads to a panic when the path verification function is called for a FBA or DIAG device. Fix by defining a wrapper function for dasd_generic_verify_path(). | 2024-03-25 | not yet calculated | CVE-2021-47176 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors. | 2024-03-25 | not yet calculated | CVE-2021-47177 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message “BUG: using smp_processor_id() in preemptible [00000000] code” was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 (“scsi: target: tcm_loop: Use LIO wq cmd submission helper”) triggered the symptom. The commit modified work queue to handle commands and changed ‘current->nr_cpu_allowed’ at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 (“scsi: target: tcm_loop: Use LIO wq cmd submission helper”). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code. [1] [ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] ch —truncated— | 2024-03-25 | not yet calculated | CVE-2021-47178 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesn’t check if we have a value here before dereferencing it, causing an oops. I’m able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap. | 2024-03-25 | not yet calculated | CVE-2021-47179 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm “kworker/1:0”, pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff ………`…… 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 | 2024-03-25 | not yet calculated | CVE-2021-47180 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers These three bpf_map_{lookup,update,delete}_elem() helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program, otherwise the following warning will be reported when a sleepable bpf program manipulates bpf map under interpreter mode (aka bpf_jit_enable=0): WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 …… CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) …… RIP: 0010:bpf_map_lookup_elem+0x54/0x60 …… Call Trace: <TASK> ? __warn+0xa5/0x240 ? bpf_map_lookup_elem+0x54/0x60 ? report_bug+0x1ba/0x1f0 ? handle_bug+0x40/0x80 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1b/0x20 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ? rcu_lockdep_current_cpu_online+0x65/0xb0 ? rcu_is_watching+0x23/0x50 ? bpf_map_lookup_elem+0x54/0x60 ? __pfx_bpf_map_lookup_elem+0x10/0x10 ___bpf_prog_run+0x513/0x3b70 __bpf_prog_run32+0x9d/0xd0 ? __bpf_prog_enter_sleepable_recur+0xad/0x120 ? __bpf_prog_enter_sleepable_recur+0x3e/0x120 bpf_trampoline_6442580665+0x4d/0x1000 __x64_sys_getpgid+0x5/0x30 ? do_syscall_64+0x36/0xb0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> | 2024-03-26 | not yet calculated | CVE-2023-52621 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARN_ON is triggered: ================================================================== WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550 Modules linked in: sg(E) CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314 RIP: 0010:__alloc_pages+0x411/0x550 Call Trace: <TASK> __kmalloc_large_node+0xa2/0x200 __kmalloc+0x16e/0x290 ext4_resize_fs+0x481/0xd80 __ext4_ioctl+0x1616/0x1d90 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90 ================================================================== This is because flexbg_size is too large and the size of the new_group_data array to be allocated exceeds MAX_ORDER. Currently, the minimum value of MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding maximum number of groups that can be allocated is: (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ? 21845 And the value that is down-aligned to the power of 2 is 16384. Therefore, this value is defined as MAX_RESIZE_BG, and the number of groups added each time does not exceed this value during resizing, and is added multiple times to complete the online resizing. The difference is that the metadata in a flex_bg may be more dispersed. | 2024-03-26 | not yet calculated | CVE-2023-52622 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running pNFS: [ 57.202521] ============================= [ 57.202522] WARNING: suspicious RCU usage [ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted [ 57.202525] —————————– [ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!! [ 57.202527] other info that might help us debug this: [ 57.202528] rcu_scheduler_active = 2, debug_locks = 1 [ 57.202529] no locks held by test5/3567. [ 57.202530] stack backtrace: [ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e [ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022 [ 57.202536] Call Trace: [ 57.202537] <TASK> [ 57.202540] dump_stack_lvl+0x77/0xb0 [ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0 [ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6] [ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a] [ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a] [ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202866] write_cache_pages+0x265/0x450 [ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202913] do_writepages+0xd2/0x230 [ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80 [ 57.202921] filemap_fdatawrite_wbc+0x67/0x80 [ 57.202924] filemap_write_and_wait_range+0xd9/0x170 [ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902] [ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9] [ 57.202969] __se_sys_close+0x46/0xd0 [ 57.202972] do_syscall_64+0x68/0x100 [ 57.202975] ? do_syscall_64+0x77/0x100 [ 57.202976] ? do_syscall_64+0x77/0x100 [ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 57.202982] RIP: 0033:0x7fe2b12e4a94 [ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3 [ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 [ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94 [ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003 [ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49 [ 57.202993] R10: 00007f —truncated— | 2024-03-26 | not yet calculated | CVE-2023-52623 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands [Why] DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. [How] Add dc_wake_and_execute_gpint() to wrap the wake, execute, sleep sequence. If the GPINT executes successfully then DMCUB will be put back into sleep after the optional response is returned. It functions similar to the inbox command interface. | 2024-03-26 | not yet calculated | CVE-2023-52624 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Refactor DMCUB enter/exit idle interface [Why] We can hang in place trying to send commands when the DMCUB isn’t powered on. [How] We need to exit out of the idle state prior to sending a command, but the process that performs the exit also invokes a command itself. Fixing this issue involves the following: 1. Using a software state to track whether or not we need to start the process to exit idle or notify idle. It’s possible for the hardware to have exited an idle state without driver knowledge, but entering one is always restricted to a driver allow – which makes the SW state vs HW state mismatch issue purely one of optimization, which should seldomly be hit, if at all. 2. Refactor any instances of exit/notify idle to use a single wrapper that maintains this SW state. This works simialr to dc_allow_idle_optimizations, but works at the DMCUB level and makes sure the state is marked prior to any notify/exit idle so we don’t enter an infinite loop. 3. Make sure we exit out of idle prior to sending any commands or waiting for DMCUB idle. This patch takes care of 1/2. A future patch will take care of wrapping DMCUB command submission with calls to this new interface. | 2024-03-26 | not yet calculated | CVE-2023-52625 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context Indirection (*) is of lower precedence than postfix increment (++). Logic in napi_poll context would cause an out-of-bound read by first increment the pointer address by byte address space and then dereference the value. Rather, the intended logic was to dereference first and then increment the underlying value. | 2024-03-26 | not yet calculated | CVE-2023-52626 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user space when ADC readings fall bellow the thresholds of low limit registers or above the values set in high limit registers. However, to configure iio events and their thresholds, a set of callback functions must be implemented and those were not present until now. The consequence of trying to configure ad7091r-5 events without the proper callback functions was a null pointer dereference in the kernel because the pointers to the callback functions were not set. Implement event configuration callbacks allowing users to read/write event thresholds and enable/disable event generation. Since the event spec structs are generic to AD7091R devices, also move those from the ad7091r-5 driver the base driver so they can be reused when support for ad7091r-2/-4/-8 be added. | 2024-03-26 | not yet calculated | CVE-2023-52627 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961). | 2024-03-28 | not yet calculated | CVE-2023-52628 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts flush_work() before timer_shutdown_sync() in switch_drv_remove(). Although we use flush_work() to stop the worker, it could be rescheduled in switch_timer(). As a result, a use-after-free bug can occur. The details are shown below: (cpu 0) | (cpu 1) switch_drv_remove() | flush_work() | … | switch_timer // timer | schedule_work(&psw->work) timer_shutdown_sync() | … | switch_work_handler // worker kfree(psw) // free | | psw->state = 0 // use This patch puts timer_shutdown_sync() before flush_work() to mitigate the bugs. As a result, the worker and timer will be stopped safely before the deallocate operations. | 2024-03-29 | not yet calculated | CVE-2023-52629 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: don’t abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl refers to a deleted subvolume, we get the following abort: BTRFS: Transaction aborted (error -2) WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs] Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs] RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027 RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840 RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998 R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80 FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0 Call Trace: <TASK> ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? __warn+0x81/0x130 ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? report_bug+0x171/0x1a0 ? handle_bug+0x3a/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? create_pending_snapshot+0x1040/0x1190 [btrfs] ? create_pending_snapshot+0x1040/0x1190 [btrfs] create_pending_snapshots+0x92/0xc0 [btrfs] btrfs_commit_transaction+0x66b/0xf40 [btrfs] btrfs_mksubvol+0x301/0x4d0 [btrfs] btrfs_mksnapshot+0x80/0xb0 [btrfs] __btrfs_ioctl_snap_create+0x1c2/0x1d0 [btrfs] btrfs_ioctl_snap_create_v2+0xc4/0x150 [btrfs] btrfs_ioctl+0x8a6/0x2650 [btrfs] ? kmem_cache_free+0x22/0x340 ? do_sys_openat2+0x97/0xe0 __x64_sys_ioctl+0x97/0xd0 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7fe20abe83af RSP: 002b:00007ffe6eff1360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe20abe83af RDX: 00007ffe6eff23c0 RSI: 0000000050009417 RDI: 0000000000000003 RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fe20ad16cd0 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe6eff13c0 R14: 00007fe20ad45000 R15: 0000559a120b6d58 </TASK> —[ end trace 0000000000000000 ]— BTRFS: error (device vdc: state A) in create_pending_snapshot:1875: errno=-2 No such entry BTRFS info (device vdc: state EA): forced readonly BTRFS warning (device vdc: state EA): Skipping commit of aborted transaction. BTRFS: error (device vdc: state EA) in cleanup_transaction:2055: errno=-2 No such entry This happens because create_pending_snapshot() initializes the new root item as a copy of the source root item. This includes the refs field, which is 0 for a deleted subvolume. The call to btrfs_insert_root() therefore inserts a root with refs == 0. btrfs_get_new_fs_root() then finds the root and returns -ENOENT if refs == 0, which causes create_pending_snapshot() to abort. Fix it by checking the source root’s refs before attempting the snapshot, but after locking subvol_sem to avoid racing with deletion. | 2024-03-26 | not yet calculated | CVE-2024-26644 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-processor AArch64 machine can sporadically produce an unexpected warning about duplicate histogram entries: $ while true; do echo hist:key=id.syscall:val=hitcount > /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist sleep 0.001 done $ stress-ng –sysbadaddr $(nproc) The warning looks as follows: [ 2911.172474] ————[ cut here ]———— [ 2911.173111] Duplicates detected: 1 [ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408 [ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E) [ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1 [ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01 [ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018 [ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=–) [ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408 [ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408 [ 2911.185310] sp : ffff8000a1513900 [ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001 [ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008 [ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180 [ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff [ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8 [ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731 [ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c [ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8 [ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000 [ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480 [ 2911.194259] Call trace: [ 2911.194626] tracing_map_sort_entries+0x3e0/0x408 [ 2911.195220] hist_show+0x124/0x800 [ 2911.195692] seq_read_iter+0x1d4/0x4e8 [ 2911.196193] seq_read+0xe8/0x138 [ 2911.196638] vfs_read+0xc8/0x300 [ 2911.197078] ksys_read+0x70/0x108 [ 2911.197534] __arm64_sys_read+0x24/0x38 [ 2911.198046] invoke_syscall+0x78/0x108 [ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8 [ 2911.199157] do_el0_svc+0x28/0x40 [ 2911.199613] el0_svc+0x40/0x178 [ 2911.200048] el0t_64_sync_handler+0x13c/0x158 [ 2911.200621] el0t_64_sync+0x1a8/0x1b0 [ 2911.201115] —[ end trace 0000000000000000 ]— The problem appears to be caused by CPU reordering of writes issued from __tracing_map_insert(). The check for the presence of an element with a given key in this function is: val = READ_ONCE(entry->val); if (val && keys_match(key, val->key, map->key_size)) … The write of a new entry is: elt = get_free_elt(map); memcpy(elt->key, key, map->key_size); entry->val = elt; The “memcpy(elt->key, key, map->key_size);” and “entry->val = elt;” stores may become visible in the reversed order on another CPU. This second CPU might then incorrectly determine that a new key doesn’t match an already present val->key and subse —truncated— | 2024-03-26 | not yet calculated | CVE-2024-26645 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains constant throughout runtime. When resuming from hibernation, the restore kernel allocates a second memory buffer and reprograms the HFI hardware with the new location as part of a normal boot. The location of the second memory buffer may differ from the one allocated by the image kernel. When the restore kernel transfers control to the image kernel, its HFI buffer becomes invalid, potentially leading to memory corruption if the hardware writes to it (the hardware continues to use the buffer from the restore kernel). It is also possible that the hardware “forgets” the address of the memory buffer when resuming from “deep” suspend. Memory corruption may also occur in such a scenario. To prevent the described memory corruption, disable HFI when preparing to suspend or hibernate. Enable it when resuming. Add syscore callbacks to handle the package of the boot CPU (packages of non-boot CPUs are handled via CPU offline). Syscore ops always run on the boot CPU. Additionally, HFI only needs to be disabled during “deep” suspend and hibernation. Syscore ops only run in these cases. [ rjw: Comment adjustment, subject and changelog edits ] | 2024-03-26 | not yet calculated | CVE-2024-26646 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence ‘dsc’ check in ‘link_set_dsc_pps_packet()’ In link_set_dsc_pps_packet(), ‘struct display_stream_compressor *dsc’ was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the ‘dsc’ NULL pointer check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check ‘dsc’ (see line 903) | 2024-03-26 | not yet calculated | CVE-2024-26647 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() In edp_setup_replay(), ‘struct dc *dc’ & ‘struct dmub_replay *replay’ was dereferenced before the pointer ‘link’ & ‘replay’ NULL check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check ‘link’ (see line 933) | 2024-03-26 | not yet calculated | CVE-2024-26648 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it. | 2024-03-26 | not yet calculated | CVE-2024-26649 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe p2sb_bar() unhides P2SB device to get resources from the device. It guards the operation by locking pci_rescan_remove_lock so that parallel rescans do not find the P2SB device. However, this lock causes deadlock when PCI bus rescan is triggered by /sys/bus/pci/rescan. The rescan locks pci_rescan_remove_lock and probes PCI devices. When PCI devices call p2sb_bar() during probe, it locks pci_rescan_remove_lock again. Hence the deadlock. To avoid the deadlock, do not lock pci_rescan_remove_lock in p2sb_bar(). Instead, do the lock at fs_initcall. Introduce p2sb_cache_resources() for fs_initcall which gets and caches the P2SB resources. At p2sb_bar(), refer the cache and return to the caller. Before operating the device at P2SB DEVFN for resource cache, check that its device class is PCI_CLASS_MEMORY_OTHER 0x0580 that PCH specifications define. This avoids unexpected operation to other devices at the same DEVFN. Tested-by Klara Modin <[email protected]> | 2024-03-26 | not yet calculated | CVE-2024-26650 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. | 2024-03-27 | not yet calculated | CVE-2024-26651 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| linux — linux |
In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn’t call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened. | 2024-03-27 | not yet calculated | CVE-2024-26652 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| lunarnight_laboratory — webproxy |
OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9. | 2024-03-26 | not yet calculated | CVE-2024-28033 [email protected] |
| n/a — vertx |
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak. | 2024-03-27 | not yet calculated | CVE-2024-1023 [email protected] [email protected] [email protected] [email protected] [email protected] |
| nec_corporation — wg1800hp4 |
Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker who has obtained high privileges can execute arbitrary scripts. | 2024-03-28 | not yet calculated | CVE-2024-28005 [email protected] |
| nec_corporation — wg1800hp4 |
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to view device information. | 2024-03-28 | not yet calculated | CVE-2024-28006 [email protected] |
| nec_corporation — wg1800hp4 |
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command with the root privilege via the internet. | 2024-03-28 | not yet calculated | CVE-2024-28007 [email protected] |
| nec_corporation — wg1800hp4 |
Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command via the internet. | 2024-03-28 | not yet calculated | CVE-2024-28008 [email protected] |
| nec_corporation — wg1800hp4 |
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command with the root privilege via the internet. | 2024-03-28 | not yet calculated | CVE-2024-28009 [email protected] |
| nec_corporation — wg1800hp4 |
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command via the internet. | 2024-03-28 | not yet calculated | CVE-2024-28010 [email protected] |
| nec_corporation — wg1800hp4 |
Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet | 2024-03-28 | not yet calculated | CVE-2024-28011 [email protected] |
| nec_corporation — wg1800hp4 |
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command with the root privilege via the internet. | 2024-03-28 | not yet calculated | CVE-2024-28012 [email protected] |
| nec_corporation — wg1800hp4 |
Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to change settings via the internet. | 2024-03-28 | not yet calculated | CVE-2024-28013 [email protected] |
| nec_corporation — wg1800hp4 |
Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command via the internet. | 2024-03-28 | not yet calculated | CVE-2024-28014 [email protected] |
| nec_corporation — wg1800hp4 |
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet. | 2024-03-28 | not yet calculated | CVE-2024-28015 [email protected] |
| nec_corporation — wg1800hp4 |
Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to get device informations via the internet. | 2024-03-28 | not yet calculated | CVE-2024-28016 [email protected] |
| okta — okta_verify_for_windows |
The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code. | 2024-03-28 | not yet calculated | CVE-2024-0980 [email protected] |
| parisneo — parisneo/lollms-webui |
I have activated the CORS because I had a development ui that uses another port number then I forgot to remove it. So what I just did is : – First removed the cors configuration that allows everyone to access it : before: “`python sio = socketio.AsyncServer(async_mode=”asgi”, cors_allowed_origins=”*”, ping_timeout=1200, ping_interval=30) # Enable CORS for every one “` after: “`python cert_file_path = lollms_paths.personal_certificates/”cert.pem” key_file_path = lollms_paths.personal_certificates/”key.pem” if os.path.exists(cert_file_path) and os.path.exists(key_file_path): is_https = True else: is_https = False # Create a Socket.IO server sio = socketio.AsyncServer(async_mode=”asgi”, cors_allowed_origins=config.allowed_origins+[f”https://localhost:{config[‘port’]}” if is_https else f”http://localhost:{config[‘port’]}”], ping_timeout=1200, ping_interval=30) # Enable CORS for selected origins “` – Second, I have updated lollms to have two modes (a headless mode and a ui mode). And updated the /execute_code to block if the server is headless or is exposed “`python @router.post(“/execute_code”) async def execute_code(request: Request): “”” Executes Python code and returns the output. :param request: The HTTP request object. :return: A JSON response with the status of the operation. “”” if lollmsElfServer.config.headless_server_mode: return {“status”:False,”error”:”Code execution is blocked when in headless mode for obvious security reasons!”} if lollmsElfServer.config.host==”0.0.0.0″: return {“status”:False,”error”:”Code execution is blocked when the server is exposed outside for very obvipous reasons!”} try: data = (await request.json()) code = data[“code”] discussion_id = int(data.get(“discussion_id”,”unknown_discussion”)) message_id = int(data.get(“message_id”,”unknown_message”)) language = data.get(“language”,”python”) if language==”python”: ASCIIColors.info(“Executing python code:”) ASCIIColors.yellow(code) return execute_python(code, discussion_id, message_id) if language==”javascript”: ASCIIColors.info(“Executing javascript code:”) ASCIIColors.yellow(code) return execute_javascript(code, discussion_id, message_id) if language in [“html”,”html5″,”svg”]: ASCIIColors.info(“Executing javascript code:”) ASCIIColors.yellow(code) return execute_html(code, discussion_id, message_id) elif language==”latex”: ASCIIColors.info(“Executing latex code:”) ASCIIColors.yellow(code) return execute_latex(code, discussion_id, message_id) elif language in [“bash”,”shell”,”cmd”,”powershell”]: ASCIIColors.info(“Executing shell code:”) ASCIIColors.yellow(code) return execute_bash(code, discussion_id, message_id) elif language in [“mermaid”]: ASCIIColors.info(“Executing mermaid code:”) ASCIIColors.yellow(code) return execute_mermaid(code, discussion_id, message_id) elif language in [“graphviz”,”dot”]: ASCIIColors.info(“Executing graphviz code:”) ASCIIColors.yellow(code) return execute_graphviz(code, discussion_id, message_id) return {“status”: False, “error”: “Unsupported language”, “execution_time”: 0} except Exception as ex: trace_exception(ex) lollmsElfServer.error(ex) return {“status”:False,”error”:str(ex)} “` I also added an optional https mode and looking forward to add a full authentication with cookies and a personal session etc. All updates will be in V 9.1 Again, thanks alot for your work. I will make it harder next time, but if you find more bugs, just be my guest 🙂 | 2024-03-30 | not yet calculated | CVE-2024-1522 [email protected] [email protected] |
| sira.jp — easyrange |
EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41. | 2024-03-26 | not yet calculated | CVE-2024-28131 [email protected] |
| thorsten — phpmyfaq |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks. | 2024-03-25 | not yet calculated | CVE-2024-29179 [email protected] |
| tvrock — tvrock |
Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a. | 2024-03-26 | not yet calculated | CVE-2024-26018 [email protected] |
| unknown — backup_and_restore_wordpress_ |
The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data | 2024-03-26 | not yet calculated | CVE-2023-7232 [email protected] |
| unknown — cm_download_manager_ |
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack | 2024-03-25 | not yet calculated | CVE-2024-1231 [email protected] |
| unknown — cm_download_manager_ |
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack | 2024-03-25 | not yet calculated | CVE-2024-1232 [email protected] |
| unknown — cm_download_manager_ |
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack | 2024-03-25 | not yet calculated | CVE-2024-1962 [email protected] |
| unknown — pz-linkcard |
The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-03-28 | not yet calculated | CVE-2024-0672 [email protected] |
| unknown — pz-linkcard |
The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2024-03-28 | not yet calculated | CVE-2024-0673 [email protected] |
| unknown — pz-linkcard |
The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. | 2024-03-28 | not yet calculated | CVE-2024-0677 [email protected] |
| unknown — testimonial_slider |
The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them. | 2024-03-26 | not yet calculated | CVE-2024-1745 [email protected] |
| unknown — wp-schema-pro |
The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode | 2024-03-25 | not yet calculated | CVE-2024-1564 [email protected] |
| zerochannel — 0ch_bbs_script v |
Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using 0ch BBS Script ver.4.00. | 2024-03-26 | not yet calculated | CVE-2024-28126 [email protected] |
| N/A — N/A
|
Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a “Zalgo text” attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should be considered a vulnerability. | 2024-03-27 | not yet calculated | CVE-2017-20190 [email protected] [email protected] [email protected] |
| N/A — N/A
|
The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar. | 2024-03-24 | not yet calculated | CVE-2018-25100 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action. | 2024-03-24 | not yet calculated | CVE-2020-36827 [email protected] [email protected] |
| N/A — N/A
|
Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data. | 2024-03-28 | not yet calculated | CVE-2021-31156 [email protected] [email protected] [email protected] |
| N/A — N/A
|
A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests. | 2024-03-28 | not yet calculated | CVE-2023-25341 [email protected] |
| N/A — N/A
|
Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks. | 2024-03-27 | not yet calculated | CVE-2023-25364 [email protected] |
| N/A — N/A
|
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit. | 2024-03-27 | not yet calculated | CVE-2023-29134 [email protected] [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126. | 2024-03-27 | not yet calculated | CVE-2023-31634 [email protected] [email protected] |
| N/A — N/A
|
std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem. | 2024-03-27 | not yet calculated | CVE-2023-31854 [email protected] |
| N/A — N/A
|
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). | 2024-03-28 | not yet calculated | CVE-2023-33528 [email protected] [email protected] |
| N/A — N/A
|
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. | 2024-03-27 | not yet calculated | CVE-2023-39804 [email protected] [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | 2024-03-27 | not yet calculated | CVE-2023-40284 [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | 2024-03-27 | not yet calculated | CVE-2023-40285 [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | 2024-03-27 | not yet calculated | CVE-2023-40286 [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | 2024-03-27 | not yet calculated | CVE-2023-40287 [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | 2024-03-27 | not yet calculated | CVE-2023-40288 [email protected] [email protected] |
| N/A — N/A
|
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges. | 2024-03-27 | not yet calculated | CVE-2023-40289 [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows. | 2024-03-27 | not yet calculated | CVE-2023-40290 [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands. | 2024-03-27 | not yet calculated | CVE-2023-43768 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. | 2024-03-27 | not yet calculated | CVE-2023-45913 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | 2024-03-27 | not yet calculated | CVE-2023-45919 [email protected] [email protected] |
| N/A — N/A
|
Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager. | 2024-03-27 | not yet calculated | CVE-2023-45920 [email protected] [email protected] |
| N/A — N/A
|
glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | 2024-03-27 | not yet calculated | CVE-2023-45922 [email protected] [email protected] [email protected] |
| N/A — N/A
|
libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | 2024-03-27 | not yet calculated | CVE-2023-45924 [email protected] [email protected] |
| N/A — N/A
|
GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails). | 2024-03-27 | not yet calculated | CVE-2023-45925 [email protected] [email protected] |
| N/A — N/A
|
S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf(). | 2024-03-27 | not yet calculated | CVE-2023-45927 [email protected] [email protected] |
| N/A — N/A
|
S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr(). | 2024-03-27 | not yet calculated | CVE-2023-45929 [email protected] [email protected] |
| N/A — N/A
|
Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. | 2024-03-27 | not yet calculated | CVE-2023-45931 [email protected] [email protected] |
| N/A — N/A
|
Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server. | 2024-03-27 | not yet calculated | CVE-2023-45935 [email protected] [email protected] |
| N/A — N/A
|
An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files. | 2024-03-27 | not yet calculated | CVE-2023-46046 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file. | 2024-03-27 | not yet calculated | CVE-2023-46047 [email protected] [email protected] |
| N/A — N/A
|
Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem. | 2024-03-27 | not yet calculated | CVE-2023-46048 [email protected] [email protected] |
| N/A — N/A
|
LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem. | 2024-03-27 | not yet calculated | CVE-2023-46049 [email protected] [email protected] [email protected] |
| N/A — N/A
|
TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem. | 2024-03-27 | not yet calculated | CVE-2023-46051 [email protected] [email protected] |
| N/A — N/A
|
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file. | 2024-03-27 | not yet calculated | CVE-2023-46052 [email protected] [email protected] |
| N/A — N/A
|
Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c. | 2024-03-25 | not yet calculated | CVE-2023-47430 [email protected] [email protected] |
| N/A — N/A
|
SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter. | 2024-03-27 | not yet calculated | CVE-2023-47438 [email protected] |
| N/A — N/A
|
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token. | 2024-03-29 | not yet calculated | CVE-2023-49231 [email protected] [email protected] [email protected] |
| N/A — N/A
|
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users. | 2024-03-29 | not yet calculated | CVE-2023-49232 [email protected] [email protected] [email protected] |
| N/A — N/A
|
An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server. | 2024-03-29 | not yet calculated | CVE-2023-49234 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged users have write access to %PROGRAMDATA%SSCService). Consequently, low-privileged users can execute arbitrary code as LocalSystem. | 2024-03-26 | not yet calculated | CVE-2023-50702 [email protected] |
| N/A — N/A
|
In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information. | 2024-03-26 | not yet calculated | CVE-2023-50894 [email protected] [email protected] |
| N/A — N/A
|
In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code. | 2024-03-26 | not yet calculated | CVE-2023-50895 [email protected] [email protected] |
| N/A — N/A
|
Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468. | 2024-03-28 | not yet calculated | CVE-2023-50969 [email protected] [email protected] |
| N/A — N/A
|
Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action. | 2024-03-26 | not yet calculated | CVE-2023-51146 [email protected] |
| N/A — N/A
|
Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action. | 2024-03-26 | not yet calculated | CVE-2023-51147 [email protected] |
| N/A — N/A
|
An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the ‘mycli’ command-line interface component. | 2024-03-26 | not yet calculated | CVE-2023-51148 [email protected] [email protected] |
| N/A — N/A
|
In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly. | 2024-03-26 | not yet calculated | CVE-2024-23722 [email protected] [email protected] |
| N/A — N/A
|
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. | 2024-03-28 | not yet calculated | CVE-2024-23727 [email protected] |
| N/A — N/A
|
A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. | 2024-03-27 | not yet calculated | CVE-2024-24334 [email protected] [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. | 2024-03-27 | not yet calculated | CVE-2024-24335 [email protected] [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component. | 2024-03-28 | not yet calculated | CVE-2024-24407 [email protected] [email protected] |
| N/A — N/A
|
An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack. | 2024-03-25 | not yet calculated | CVE-2024-25175 [email protected] [email protected] |
| N/A — N/A
|
RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function. | 2024-03-27 | not yet calculated | CVE-2024-25354 [email protected] |
| N/A — N/A
|
drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow. | 2024-03-27 | not yet calculated | CVE-2024-25388 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
RT-Thread through 5.0.2 generates random numbers with a weak algorithm of “seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;” in calc_random in drivers/misc/rt_random.c. | 2024-03-27 | not yet calculated | CVE-2024-25389 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. | 2024-03-27 | not yet calculated | CVE-2024-25390 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. | 2024-03-27 | not yet calculated | CVE-2024-25391 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. | 2024-03-27 | not yet calculated | CVE-2024-25392 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. | 2024-03-27 | not yet calculated | CVE-2024-25393 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing ‘�’ character. | 2024-03-27 | not yet calculated | CVE-2024-25394 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. | 2024-03-27 | not yet calculated | CVE-2024-25395 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. | 2024-03-26 | not yet calculated | CVE-2024-25420 [email protected] [email protected] [email protected] |
| N/A — N/A
|
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. | 2024-03-26 | not yet calculated | CVE-2024-25421 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie. | 2024-03-28 | not yet calculated | CVE-2024-25506 [email protected] |
| N/A — N/A
|
An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. | 2024-03-27 | not yet calculated | CVE-2024-25580 [email protected] |
| N/A — N/A
|
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts. | 2024-03-27 | not yet calculated | CVE-2024-25734 [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request. | 2024-03-27 | not yet calculated | CVE-2024-25735 [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request. | 2024-03-27 | not yet calculated | CVE-2024-25736 [email protected] [email protected] |
| N/A — N/A
|
VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data. | 2024-03-26 | not yet calculated | CVE-2024-26577 [email protected] |
| N/A — N/A
|
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the “setOpModeCfg” function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows unauthenticated, remote attackers to execute arbitrary system commands with administrative privileges (i.e., as user “root”). | 2024-03-26 | not yet calculated | CVE-2024-27521 [email protected] [email protected] |
| N/A — N/A
|
Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write access to ftp server can write directly to ram causing buffer overflow if file or files uploaded are greater than available ram. Ftp server allows change of directory to root which is one level up than root of usb flash directory. During upload ram is getting filled and causing system resource exhaustion (no free memory) which causes system to crash and reboot. | 2024-03-29 | not yet calculated | CVE-2024-27619 [email protected] [email protected] [email protected] |
| N/A — N/A
|
A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function. | 2024-03-28 | not yet calculated | CVE-2024-27719 [email protected] [email protected] |
| N/A — N/A
|
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users’ terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. | 2024-03-27 | not yet calculated | CVE-2024-28085 [email protected] [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. | 2024-03-28 | not yet calculated | CVE-2024-28090 [email protected] |
| N/A — N/A
|
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion). | 2024-03-28 | not yet calculated | CVE-2024-28091 [email protected] |
| N/A — N/A
|
The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. | 2024-03-26 | not yet calculated | CVE-2024-28093 [email protected] [email protected] |
| N/A — N/A
|
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise. | 2024-03-30 | not yet calculated | CVE-2024-28288 [email protected] [email protected] |
| N/A — N/A
|
Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim’s web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the “lektor server” command. | 2024-03-27 | not yet calculated | CVE-2024-28335 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component. | 2024-03-25 | not yet calculated | CVE-2024-28386 [email protected] [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. | 2024-03-25 | not yet calculated | CVE-2024-28387 [email protected] [email protected] |
| N/A — N/A
|
SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method. | 2024-03-25 | not yet calculated | CVE-2024-28393 [email protected] [email protected] |
| N/A — N/A
|
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges. | 2024-03-29 | not yet calculated | CVE-2024-28405 [email protected] [email protected] |
| N/A — N/A
|
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php | 2024-03-25 | not yet calculated | CVE-2024-28421 [email protected] [email protected] |
| N/A — N/A
|
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code. | 2024-03-25 | not yet calculated | CVE-2024-28434 [email protected] [email protected] |
| N/A — N/A
|
The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. | 2024-03-25 | not yet calculated | CVE-2024-28435 [email protected] [email protected] |
| N/A — N/A
|
Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component. | 2024-03-26 | not yet calculated | CVE-2024-28442 [email protected] [email protected] |
| N/A — N/A
|
Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form. | 2024-03-28 | not yet calculated | CVE-2024-28456 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. | 2024-03-26 | not yet calculated | CVE-2024-28545 [email protected] |
| N/A — N/A
|
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function. | 2024-03-26 | not yet calculated | CVE-2024-28551 [email protected] |
| N/A — N/A
|
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature. | 2024-03-28 | not yet calculated | CVE-2024-28713 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter. | 2024-03-28 | not yet calculated | CVE-2024-28714 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system. | 2024-03-27 | not yet calculated | CVE-2024-28815 [email protected] [email protected] |
| N/A — N/A
|
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. | 2024-03-29 | not yet calculated | CVE-2024-28960 [email protected] [email protected] |
| N/A — N/A
|
Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware. | 2024-03-25 | not yet calculated | CVE-2024-29216 [email protected] [email protected] |
| N/A — N/A
|
funboot v1.1 is vulnerable to Cross Site Scripting (XSS) via the title field in “create a message .” | 2024-03-30 | not yet calculated | CVE-2024-29278 [email protected] [email protected] |
| N/A — N/A
|
SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id= | 2024-03-26 | not yet calculated | CVE-2024-29301 [email protected] [email protected] |
| N/A — N/A
|
SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php. | 2024-03-26 | not yet calculated | CVE-2024-29302 [email protected] [email protected] |
| N/A — N/A
|
The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection | 2024-03-26 | not yet calculated | CVE-2024-29303 [email protected] [email protected] |
| N/A — N/A
|
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via “isadmin”:true. | 2024-03-28 | not yet calculated | CVE-2024-29316 [email protected] [email protected] |
| N/A — N/A
|
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything. | 2024-03-26 | not yet calculated | CVE-2024-29401 [email protected] |
| N/A — N/A
|
An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. | 2024-03-25 | not yet calculated | CVE-2024-29440 [email protected] |
| N/A — N/A
|
An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. | 2024-03-25 | not yet calculated | CVE-2024-29442 [email protected] |
| N/A — N/A
|
Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. | 2024-03-28 | not yet calculated | CVE-2024-29489 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. | 2024-03-25 | not yet calculated | CVE-2024-29515 [email protected] |
| N/A — N/A
|
An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. | 2024-03-29 | not yet calculated | CVE-2024-29640 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. | 2024-03-26 | not yet calculated | CVE-2024-29644 [email protected] [email protected] [email protected] |
| N/A — N/A
|
An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components. | 2024-03-25 | not yet calculated | CVE-2024-29650 [email protected] [email protected] |
| N/A — N/A
|
Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. | 2024-03-25 | not yet calculated | CVE-2024-29666 [email protected] |
| N/A — N/A
|
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter. | 2024-03-29 | not yet calculated | CVE-2024-29667 [email protected] |
| N/A — N/A
|
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. | 2024-03-26 | not yet calculated | CVE-2024-29684 [email protected] |
| N/A — N/A
|
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them. | 2024-03-29 | not yet calculated | CVE-2024-29686 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. | 2024-03-24 | not yet calculated | CVE-2024-30156 [email protected] [email protected] |
| N/A — N/A
|
In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer. | 2024-03-24 | not yet calculated | CVE-2024-30161 [email protected] |
| N/A — N/A
|
Anope before 2.0.15 does not prevent resetting the password of a suspended account. | 2024-03-25 | not yet calculated | CVE-2024-30187 [email protected] [email protected] |
| N/A — N/A
|
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2. | 2024-03-27 | not yet calculated | CVE-2024-30192 [email protected] |
| N/A — N/A
|
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | 2024-03-25 | not yet calculated | CVE-2024-30202 [email protected] [email protected] [email protected] |
| N/A — N/A
|
In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | 2024-03-25 | not yet calculated | CVE-2024-30203 [email protected] [email protected] |
| N/A — N/A
|
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | 2024-03-25 | not yet calculated | CVE-2024-30204 [email protected] [email protected] |
| N/A — N/A
|
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | 2024-03-25 | not yet calculated | CVE-2024-30205 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function. | 2024-03-28 | not yet calculated | CVE-2024-30583 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. | 2024-03-28 | not yet calculated | CVE-2024-30584 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. | 2024-03-28 | not yet calculated | CVE-2024-30585 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. | 2024-03-28 | not yet calculated | CVE-2024-30586 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. | 2024-03-28 | not yet calculated | CVE-2024-30587 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. | 2024-03-28 | not yet calculated | CVE-2024-30588 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function. | 2024-03-28 | not yet calculated | CVE-2024-30589 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. | 2024-03-28 | not yet calculated | CVE-2024-30590 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | 2024-03-28 | not yet calculated | CVE-2024-30591 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. | 2024-03-28 | not yet calculated | CVE-2024-30592 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function. | 2024-03-28 | not yet calculated | CVE-2024-30593 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. | 2024-03-28 | not yet calculated | CVE-2024-30594 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. | 2024-03-28 | not yet calculated | CVE-2024-30595 [email protected] |
| N/A — N/A
|
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function. | 2024-03-28 | not yet calculated | CVE-2024-30596 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. | 2024-03-28 | not yet calculated | CVE-2024-30597 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. | 2024-03-28 | not yet calculated | CVE-2024-30598 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. | 2024-03-28 | not yet calculated | CVE-2024-30599 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. | 2024-03-28 | not yet calculated | CVE-2024-30600 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | 2024-03-28 | not yet calculated | CVE-2024-30601 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. | 2024-03-28 | not yet calculated | CVE-2024-30602 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. | 2024-03-28 | not yet calculated | CVE-2024-30603 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the list1 parameter of the fromDhcpListClient function. | 2024-03-28 | not yet calculated | CVE-2024-30604 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function. | 2024-03-28 | not yet calculated | CVE-2024-30606 [email protected] |
| N/A — N/A
|
Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. | 2024-03-28 | not yet calculated | CVE-2024-30607 [email protected] |
| N/A — N/A
|
Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. | 2024-03-28 | not yet calculated | CVE-2024-30612 [email protected] |
| N/A — N/A
|
Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function. | 2024-03-29 | not yet calculated | CVE-2024-30613 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function. | 2024-03-29 | not yet calculated | CVE-2024-30622 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function. | 2024-03-29 | not yet calculated | CVE-2024-30623 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function. | 2024-03-29 | not yet calculated | CVE-2024-30624 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the entrys parameter from fromAddressNat function. | 2024-03-29 | not yet calculated | CVE-2024-30625 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedEndTime parameter from setSchedWifi function. | 2024-03-29 | not yet calculated | CVE-2024-30626 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the deviceId parameter from saveParentControlInfo function. | 2024-03-29 | not yet calculated | CVE-2024-30627 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function. | 2024-03-29 | not yet calculated | CVE-2024-30628 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function. | 2024-03-29 | not yet calculated | CVE-2024-30629 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function. | 2024-03-29 | not yet calculated | CVE-2024-30630 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function. | 2024-03-29 | not yet calculated | CVE-2024-30631 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function. | 2024-03-29 | not yet calculated | CVE-2024-30632 [email protected] |
| N/A — N/A
|
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function. | 2024-03-29 | not yet calculated | CVE-2024-30633 [email protected] |
| N/A — N/A
|
Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function. | 2024-03-29 | not yet calculated | CVE-2024-30634 [email protected] |
| N/A — N/A
|
Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function. | 2024-03-29 | not yet calculated | CVE-2024-30635 [email protected] |
| N/A — N/A
|
Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. | 2024-03-29 | not yet calculated | CVE-2024-30636 [email protected] |
| N/A — N/A
|
Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. | 2024-03-29 | not yet calculated | CVE-2024-30637 [email protected] |
| N/A — N/A
|
Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. | 2024-03-29 | not yet calculated | CVE-2024-30638 [email protected] |
| N/A — N/A
|
Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. | 2024-03-29 | not yet calculated | CVE-2024-30639 [email protected] |
| N/A — N/A
|
Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. | 2024-03-29 | not yet calculated | CVE-2024-30645 [email protected] |
| N/A — N/A
|
An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. | 2024-03-29 | not yet calculated | CVE-2024-31032 [email protected] |
| N/A — N/A
|
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field. | 2024-03-28 | not yet calculated | CVE-2024-31061 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field. | 2024-03-28 | not yet calculated | CVE-2024-31062 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field. | 2024-03-28 | not yet calculated | CVE-2024-31063 [email protected] [email protected] [email protected] |
| N/A — N/A
|
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field. | 2024-03-28 | not yet calculated | CVE-2024-31064 [email protected] [email protected] [email protected] [email protected] |
| N/A — N/A
|
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. | 2024-03-28 | not yet calculated | CVE-2024-31065 [email protected] [email protected] [email protected] |