High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
academy_lms — academy_lms Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. 2024-05-06 7.1 CVE-2024-33912
[email protected]
brevo_for_woocommerce — sendinblue_for_woocommerce Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. 2024-05-06 8.5 CVE-2024-32807
[email protected]
brocade — brocade_sannav The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database. 2024-05-08 7.8 CVE-2024-2860
[email protected]
codesys — codesys_development_system_v2.3 An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability. 2024-05-06 7.8 CVE-2023-49675
[email protected]
delta_electronics — diaenergie A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a ‘RecalculateScript’ message, which is splitted into 4 fields using the ‘~’ character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field 2024-05-06 9.8 CVE-2024-4547
[email protected]
delta_electronics — diaenergie An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a ‘RecalculateHDMWYC’ message, which is split into 4 fields using the ‘~’ character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. 2024-05-06 9.8 CVE-2024-4548
[email protected]
delta_electronics — diaenergie A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an ‘ICS Restart!’ message, CEBC.exe restarts the system. 2024-05-06 7.5 CVE-2024-4549
[email protected]
denoland — deno Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `–allow-env`, and writing `/proc/self/mem` may provide access equivalent to `–allow-all`. Users who grant read and write access to the entire filesystem may not realize that these access to these files may have additional, unintended consequences. The documentation did not reflect that this practice should be undertaken to increase the strength of the security sandbox. Users who run code with `–allow-read` or `–allow-write` may unexpectedly end up granting additional permissions via file-system operations. Deno 1.43 and above require explicit `–allow-all` access to read or write `/etc`, `/dev` on unix platform (as well as `/proc` and `/sys` on linux platforms), and any path starting with `\` on Windows. 2024-05-07 8.4 CVE-2024-34346
[email protected]
ethereum — go-ethereum go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in geth version `1.13.15` and onwards. 2024-05-06 7.5 CVE-2024-32972
[email protected]
[email protected]
f5 — big-ip A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 8 CVE-2024-31156
[email protected]
f5 — big-ip When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 7.5 CVE-2024-33608
[email protected]
f5 — big-ip_edge_client An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 7.4 CVE-2024-28883
[email protected]
f5 — big-ip_next_central_manager An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 7.5 CVE-2024-21793
[email protected]
f5 — big-ip_next_central_manager An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2024-05-08 7.5 CVE-2024-26026
[email protected]
f5 — big-ip_next_central_manager BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 7.4 CVE-2024-32049
[email protected]
f5 — big-ip
 
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 7.5 CVE-2024-25560
[email protected]
faraday — gm8181 A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304. 2024-05-07 7.3 CVE-2024-4582
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
fedora — dnf5daemon-server Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled “plugin”. All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question.  On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though. Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker.  2024-05-08 8.8 CVE-2024-2746
[email protected]
fedora — dnf5daemon-server Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. There are issues with the D-Bus interface long before Polkit is invoked. The `org.rpm.dnf.v0.SessionManager.open_session` method takes a key/value map of configuration entries. A sub-entry in this map, placed under the “config” key, is another key/value map. The configuration values found in it will be forwarded as configuration overrides to the `libdnf5::Base` configuration.  Practically all libdnf5 configuration aspects can be influenced here. Already when opening the session via D-Bus, the libdnf5 will be initialized using these override configuration values. There is no sanity checking of the content of this “config” map, which is untrusted data. It is possible to make the library loading a plug-in shared library under control of an unprivileged user, hence achieving root access.  2024-05-08 7.5 CVE-2024-1929
[email protected]
fermyon — spin Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application’s component handling the incoming request is configured with an `allow_outbound_hosts` list containing `”self”`; and 3. In reaction to an incoming request, the component makes an outbound request whose URL doesn’t include the hostname/port. Spin 2.4.3 has been released to fix this issue. 2024-05-08 9.1 CVE-2024-32980
[email protected]
[email protected]
glpi-project — glpi GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixed in 10.0.15. 2024-05-07 7.1 CVE-2024-29889
[email protected]
[email protected]
glpi-project — glpi GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15. 2024-05-07 7.7 CVE-2024-31456
[email protected]
[email protected]
hoppscotch — hoppscotch @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the vm context can break out if it can get a hold of any reference to an object created outside of the vm. In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. This vulnerability is fixed in 0.8.0. 2024-05-08 8.3 CVE-2024-34347
[email protected]
[email protected]
ibm — aix IBM AIX’s Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903. 2024-05-07 8.1 CVE-2024-27273
[email protected]
[email protected]
ietf — dhcp DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. 2024-05-06 7.6 CVE-2024-3661
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
impronta — janto_ticketing_software IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket. 2024-05-07 7.5 CVE-2024-4537
[email protected]
impronta — janto_ticketing_software IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user’s event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data. 2024-05-07 7.5 CVE-2024-4538
[email protected]
lan_messenger — lan_messenger Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol. 2024-05-07 7.5 CVE-2024-4599
[email protected]
leadconnector — leadconnector Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7. 2024-05-06 8.6 CVE-2024-34378
[email protected]
litestar-org — litestar Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensitive files outside the designated directories. Such access can lead to the disclosure of sensitive information or potentially compromise the server. The vulnerability is located in the file path handling mechanism within the static content serving function, specifically at `litestar/static_files/base.py`. This vulnerability is fixed in versions 2.8.3, 2.7.2, and 2.6.4. 2024-05-06 8.2 CVE-2024-32982
[email protected]
[email protected]
[email protected]
lucian_apostol — auto_affiliate_links Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1. 2024-05-06 7.6 CVE-2024-34386
[email protected]
lunar — lunar Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information. 2024-05-08 7.7 CVE-2024-3507
[email protected]
moxa — nport_5100a_series The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges. 2024-05-06 8.3 CVE-2024-3576
[email protected]
oisf — suricata Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536). 2024-05-07 7.5 CVE-2024-32663
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
pallets — werkzeug Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer’s machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer’s application that will trigger the debugger. This vulnerability is fixed in 3.0.3. 2024-05-06 7.5 CVE-2024-34069
[email protected]
[email protected]
parcel_panel — parcelpanel
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. 2024-05-06 8.5 CVE-2024-34412
[email protected]
popup_box_team — popup_box Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2. 2024-05-06 7.1 CVE-2024-34367
[email protected]
pressfore — rolo_slider Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9. 2024-05-08 7.7 CVE-2024-1438
[email protected]
ptc — codebeamer PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code. 2024-05-08 7.1 CVE-2024-3951
[email protected]
qualcomm,_inc. — snapdragon Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache. 2024-05-06 8.4 CVE-2023-33119
[email protected]
qualcomm,_inc. — snapdragon Memory corruption while verifying the serialized header when the key pairs are generated. 2024-05-06 8.4 CVE-2023-43531
[email protected]
qualcomm,_inc. — snapdragon Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. 2024-05-06 8.4 CVE-2024-21471
[email protected]
qualcomm,_inc. — snapdragon Memory corruption when size of buffer from previous call is used without validation or re-initialization. 2024-05-06 8.4 CVE-2024-21474
[email protected]
qualcomm,_inc. — snapdragon Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. 2024-05-06 8.4 CVE-2024-23351
[email protected]
qualcomm,_inc. — snapdragon Memory corruption when the IOCTL call is interrupted by a signal. 2024-05-06 8.4 CVE-2024-23354
[email protected]
qualcomm,_inc. — snapdragon Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. 2024-05-06 7.5 CVE-2023-43529
[email protected]
qualcomm,_inc. — snapdragon Memory corruption when the payload received from firmware is not as per the expected protocol size. 2024-05-06 7.8 CVE-2024-21475
[email protected]
qualcomm,_inc. — snapdragon Memory corruption when the channel ID passed by user is not validated and further used. 2024-05-06 7.8 CVE-2024-21476
[email protected]
qualcomm,_inc. — snapdragon Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. 2024-05-06 7.5 CVE-2024-21477
[email protected]
qualcomm,_inc. — snapdragon Memory corruption while playing audio file having large-sized input buffer. 2024-05-06 7.3 CVE-2024-21480
[email protected]
red_hat — red_hat_openstack_platform_16.1 The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. 2024-05-08 7.5 CVE-2024-4436
[email protected]
[email protected]
red_hat — red_hat_openstack_platform_16.1 The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. 2024-05-08 7.5 CVE-2024-4437
[email protected]
[email protected]
red_hat — red_hat_openstack_platform_16.1 The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. 2024-05-08 7.5 CVE-2024-4438
[email protected]
[email protected]
repute_infosystems — arforms_form_builder Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. 2024-05-08 7.6 CVE-2024-31270
[email protected]
scribit — gdpr_compliance Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5. 2024-05-06 7.5 CVE-2024-34388
[email protected]
select-themes — stockholm_core Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Select-Themes Stockholm Core allows Reflected XSS.This issue affects Stockholm Core: from n/a through 2.4.1. 2024-05-08 7.1 CVE-2024-34553
[email protected]
silicon_labs — z-wave_sdk A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon Labs 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices. 2024-05-07 8.1 CVE-2024-22472
[email protected]
socomec — net_vision Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’ file. 2024-05-07 7.1 CVE-2024-4600
[email protected]
stacklok — minder Minder’s `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48. 2024-05-07 7.5 CVE-2024-34084
[email protected]
[email protected]
thenbrent — social_connect The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. 2024-05-08 9.8 CVE-2024-4393
[email protected]
[email protected]
vmware — vmware_avi_load_balancer VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system. 2024-05-08 7.2 CVE-2024-22264
[email protected]
webpushr_web_push_notifications — webpushr Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0. 2024-05-06 7.1 CVE-2024-34369
[email protected]
wisdmlabs — edwiser_bridge_-_wordpress_moodle_lms_integration The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the ‘eb_user_email_verification_key’ default value is empty, and the not empty check is missing in the ‘eb_user_email_verify’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the ‘Email Verification’ setting is enabled. 2024-05-07 9.8 CVE-2024-4186
[email protected]
[email protected]
[email protected]
wojtekmaj — react-pdf react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2. 2024-05-07 7.1 CVE-2024-34342
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
wshberlin — startklar_elementor_addons The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘process’ function in the ‘startklarDropZoneUploadProcess’ class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-05-07 9.8 CVE-2024-4345
[email protected]
[email protected]
[email protected]
wshberlin — startklar_elementor_addons The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. 2024-05-07 9.1 CVE-2024-4346
[email protected]
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release. 2024-05-06 7.3 CVE-2024-34089
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release. 2024-05-06 7.3 CVE-2024-34090
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release. 2024-05-06 7.3 CVE-2024-34091
[email protected]
[email protected]

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
a_wp_life — video_gallery_-_api_gallery,_youtube_and_vimeo,_link_gallery Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3. 2024-05-06 4.3 CVE-2024-34377
[email protected]
addonmaster — post_grid_master Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8. 2024-05-06 6.5 CVE-2024-34390
[email protected]
addonmaster — post_grid_master Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7. 2024-05-06 5.3 CVE-2024-34372
[email protected]
af_themes — wp_post_author Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. 2024-05-06 4.3 CVE-2024-34387
[email protected]
af_themes — wp_post_author Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. 2024-05-06 4.3 CVE-2024-34389
[email protected]
aipost — ai_wp_writer Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5. 2024-05-08 5.3 CVE-2024-30459
[email protected]
alttext.ai — download_alt_text_ai Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.This issue affects Download Alt Text AI: from n/a through 1.3.4. 2024-05-06 5.9 CVE-2024-34366
[email protected]
amp-mode — debug_info Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Debug Info allows Stored XSS.This issue affects Debug Info: from n/a through 1.3.10. 2024-05-08 5.9 CVE-2024-34565
[email protected]
apache_software_foundation — apache_superset An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue. 2024-05-07 4.3 CVE-2024-28148
[email protected]
appsbd — vitepos Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1. 2024-05-08 4.3 CVE-2024-33574
[email protected]
barpachuk — clickcease_click_fraud_protection The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to retrieve the plugin’s configured API keys. 2024-05-07 4.3 CVE-2023-6810
[email protected]
[email protected]
basecamp — trix Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content. 2024-05-07 5.4 CVE-2024-34341
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
bluenet_technology — clinical_browsing_system A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263498 is the identifier assigned to this vulnerability. 2024-05-08 6.3 CVE-2024-4653
[email protected]
[email protected]
[email protected]
[email protected]
bluenet_technology — clinical_browsing_system A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263499. 2024-05-08 6.3 CVE-2024-4654
[email protected]
[email protected]
[email protected]
[email protected]
breakdance — breakdance The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-06 6.4 CVE-2023-6854
[email protected]
[email protected]
codesys — codesys_development_system_v2.3 An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability. 2024-05-06 5.5 CVE-2023-49676
[email protected]
creative_interactive_media — 3d_flipbook,_pdf_viewer,_pdf_embedder_-_real_3d_flipbook_wordpress_plugin Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.71. 2024-05-08 5.9 CVE-2024-34561
[email protected]
dell — data_manager_appliance_software_(dmas) Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. 2024-05-08 6.5 CVE-2024-24908
[email protected]
eclipse_foundation — edc In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specific data address properties are resolved by the provider data plane. Problematically, the consumer-provided clientSecretKey, which indicates the OAuth2 client secret to retrieve from a secrets vault, is resolved in the context of the provider’s vault, not the consumer. This secret’s value is then sent to the tokenUrl, also consumer-controlled, as part of an OAuth2 client credentials grant. The returned access token is then sent as a bearer token to the data sink URL. This feature is now disabled entirely, because not all code paths necessary for a successful realization were fully implemented. 2024-05-07 6.8 CVE-2024-4536
[email protected]
[email protected]
[email protected]
[email protected]
eprolo — eprolo_dropshipping Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1. 2024-05-08 4.3 CVE-2024-33573
[email protected]
f5 — big-ip Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker’s control.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2024-05-08 6.5 CVE-2024-32761
[email protected]
f5 — big-ip A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2024-05-08 6.1 CVE-2024-33604
[email protected]
f5 — big-ip When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker’s control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 5.9 CVE-2024-28889
[email protected]
f5 — big-ip A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 4.7 CVE-2024-27202
[email protected]
f5 — big-ip_next_central_manager An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 6.8 CVE-2024-33612
[email protected]
f5 — big-ip_next_cnf Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-05-08 4.4 CVE-2024-28132
[email protected]
faraday — gm8181 A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-263305 was assigned to this vulnerability. 2024-05-07 5.3 CVE-2024-4583
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
faraday — gm8181 A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 5.3 CVE-2024-4584
[email protected]
[email protected]
[email protected]
[email protected]
fedora — dnf5daemon-server No Limit on Number of Open Sessions / Bad Session Close Behaviour in dnf5daemon-server before 5.1.17 allows a malicious user to impact Availability via No Limit on Number of Open Sessions. There is no limit on how many sessions D-Bus clients may create using the `open_session()` D-Bus method. For each session a thread is created in dnf5daemon-server. This spends a couple of hundred megabytes of memory in the process. Further connections will become impossible, likely because no more threads can be spawned by the D-Bus service. 2024-05-08 6.5 CVE-2024-1930
[email protected]
goldaddons — gold_addons_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GoldAddons Gold Addons for Elementor allows Stored XSS.This issue affects Gold Addons for Elementor: from n/a through 1.2.9. 2024-05-08 6.5 CVE-2024-34563
[email protected]
gomo — gee_search_plus Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GOMO gee Search Plus allows Stored XSS.This issue affects gee Search Plus: from n/a through 1.4.4. 2024-05-08 5.9 CVE-2024-34560
[email protected]
habibcoder — sticky_social_link Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HabibCoder Sticky Social Link allows Stored XSS.This issue affects Sticky Social Link: from n/a through 1.0.0. 2024-05-08 5.9 CVE-2024-34546
[email protected]
hamid_alinia_-_idehweb — login_with_phone_number Missing Authorization vulnerability in Hamid Alinia – idehweb Login with phone number.This issue affects Login with phone number: from n/a through 1.7.18. 2024-05-06 4.3 CVE-2024-34371
[email protected]
hcl_software — bigfix_compliance Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe consequences such as data breaches, unauthorized data manipulation, and compromised system integrity. 2024-05-07 6.5 CVE-2024-23551
[email protected]
horearadu — mesmerize_companion The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mesmerize_contact_form’ shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-08 6.4 CVE-2024-3494
[email protected]
[email protected]
ibm — watson_cp4d_data_stores IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. 2024-05-07 6.2 CVE-2023-40694
[email protected]
[email protected]
jackdewey — link_library The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘link-library’ shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-08 6.4 CVE-2024-4281
[email protected]
[email protected]
johan_van_der_wijk — content_blocks_(custom_post_widget) Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.0. 2024-05-08 6.5 CVE-2024-34566
[email protected]
joomunited — wp_latest_posts The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. 2024-05-08 5.4 CVE-2024-4135
[email protected]
[email protected]
katie_seaborn — zotpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.9. 2024-05-08 6.5 CVE-2024-34569
[email protected]
leevio — happy_addons_for_elementor Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. 2024-05-08 4.3 CVE-2024-24833
[email protected]
logichunt_inc. — counter_up Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through 2.2.1. 2024-05-08 6.5 CVE-2024-34564
[email protected]
matthiask — html-sanitizer html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2. 2024-05-06 6.1 CVE-2024-34078
[email protected]
[email protected]
michael_nelson — print_my_blog Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2. 2024-05-06 5.3 CVE-2024-33907
[email protected]
moveaddons — move_addons_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.0. 2024-05-08 6.5 CVE-2024-34562
[email protected]
multi-column_tag_map — multi-column_tag_map Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26. 2024-05-08 6.5 CVE-2023-41651
[email protected]
n/a — dedecms A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4585
[email protected]
[email protected]
[email protected]
[email protected]
n/a — dedecms A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/shops_delivery.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263308. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4586
[email protected]
[email protected]
[email protected]
[email protected]
n/a — dedecms A vulnerability was found in DedeCMS 5.7 and classified as problematic. This issue affects some unknown processing of the file /src/dede/tpl.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263309 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4587
[email protected]
[email protected]
[email protected]
[email protected]
n/a — dedecms A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/mytag_add.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263310 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4588
[email protected]
[email protected]
[email protected]
[email protected]
n/a — dedecms A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/mytag_edit.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263311. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4589
[email protected]
[email protected]
[email protected]
[email protected]
n/a — dedecms A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sys_info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263312. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4590
[email protected]
[email protected]
[email protected]
[email protected]
n/a — dedecms A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4591
[email protected]
[email protected]
[email protected]
[email protected]
n/a — dedecms A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sys_group_edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4592
[email protected]
[email protected]
[email protected]
[email protected]
n/a — dedecms A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. This issue affects some unknown processing of the file /src/dede/sys_multiserv.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4593
[email protected]
[email protected]
[email protected]
[email protected]
n/a — dedecms A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/sys_safe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-07 4.3 CVE-2024-4594
[email protected]
[email protected]
[email protected]
[email protected]
n/a — semcms A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability. 2024-05-07 6.3 CVE-2024-4595
[email protected]
[email protected]
[email protected]
[email protected]
nobita — raindrops Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nobita allows Stored XSS.This issue affects raindrops: from n/a through 1.600. 2024-05-08 6.5 CVE-2024-34414
[email protected]
noor_alam — magical_addons_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34. 2024-05-08 6.5 CVE-2024-34547
[email protected]
octopus_deploy — octopus_server In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting payload on the audit page. 2024-05-08 4.1 CVE-2024-4456
[email protected]
oisf — suricata Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false. 2024-05-07 5.3 CVE-2024-32664
[email protected]
[email protected]
[email protected]
oisf — suricata Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19. 2024-05-07 5.3 CVE-2024-32867
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
ollybach — wppizza Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. 2024-05-06 6.5 CVE-2024-33576
[email protected]
open-xchange_gmbh — ox_app_suite E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding displayname information to the web interface. No publicly available exploits are known. 2024-05-06 6.5 CVE-2024-23186
[email protected]
[email protected]
[email protected]
open-xchange_gmbh — ox_app_suite Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the “show more” option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please deploy the provided updates and patch releases. CID replacement has been hardened to omit invalid identifiers. No publicly available exploits are known. 2024-05-06 6.5 CVE-2024-23187
[email protected]
[email protected]
[email protected]
open-xchange_gmbh — ox_app_suite Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users account. Please deploy the provided updates and patch releases. We now use safer methods of handling external content when embedding attachment information to the web interface. No publicly available exploits are known. 2024-05-06 6.5 CVE-2024-23188
[email protected]
[email protected]
[email protected]
open-xchange_gmbh — ox_app_suite E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation requires good timing and modification of multiple request parameters. Please deploy the provided updates and patch releases. The cache for PDF exports now takes user session information into consideration when performing authorization decisions. No publicly available exploits are known. 2024-05-06 5.3 CVE-2024-23193
[email protected]
[email protected]
[email protected]
openharmony — openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. 2024-05-07 6.5 CVE-2024-27217
[email protected]
openharmony — openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. 2024-05-07 6.5 CVE-2024-3759
[email protected]
openharmony — openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. 2024-05-07 5.2 CVE-2024-23808
[email protected]
openharmony — openharmony
 
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. 2024-05-07 6.5 CVE-2024-3758
[email protected]
opentext — netiq_identity_console  An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address. 2024-05-07 5.8 CVE-2023-7240
[email protected]
pallets — jinja Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4. 2024-05-06 5.4 CVE-2024-34064
[email protected]
[email protected]
panasonic_holdings_corporation — kw_watcher A buffer error in Panasonic KW Watcher versions 1.00 through 2.83 may allow attackers malicious read access to memory. 2024-05-08 4.4 CVE-2024-4162
[email protected]
pootlepress — pootle_pagebuilder_-_wordpress_page_builder Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pootlepress Pootle Pagebuilder – WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder – WordPress Page builder: from n/a through 5.7.1. 2024-05-08 6.5 CVE-2024-34573
[email protected]
posimyth — the_plus_addons_for_elementor_page_builder_lite Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2. 2024-05-06 6.5 CVE-2024-34373
[email protected]
propertyhive — propertyhive Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10. 2024-05-06 6.5 CVE-2024-34381
[email protected]
qualcomm,_inc. — snapdragon Memory corruption when multiple listeners are being registered with the same file descriptor. 2024-05-06 6.7 CVE-2023-43521
[email protected]
qualcomm,_inc. — snapdragon Memory corruption when the bandpass filter order received from AHAL is not within the expected range. 2024-05-06 6.7 CVE-2023-43524
[email protected]
qualcomm,_inc. — snapdragon Memory corruption while copying the sound model data from user to kernel buffer during sound model register. 2024-05-06 6.7 CVE-2023-43525
[email protected]
qualcomm,_inc. — snapdragon Memory corruption while querying module parameters from Listen Sound model client in kernel from user space. 2024-05-06 6.7 CVE-2023-43526
[email protected]
qualcomm,_inc. — snapdragon Information disclosure while parsing dts header atom in Video. 2024-05-06 6.8 CVE-2023-43527
[email protected]
qualcomm,_inc. — snapdragon Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size. 2024-05-06 6.1 CVE-2023-43528
[email protected]
qualcomm,_inc. — snapdragon Memory corruption in HLOS while checking for the storage type. 2024-05-06 5.9 CVE-2023-43530
[email protected]
quantumcloud — conversational_forms_for_chatbot Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0. 2024-05-06 5.9 CVE-2024-34380
[email protected]
quomodosoft — elementsready_addons_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0. 2024-05-06 6.5 CVE-2024-34374
[email protected]
rara_theme — restaurant_and_cafe Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1. 2024-05-06 4.3 CVE-2024-34379
[email protected]
realmag777 — wolf Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2. 2024-05-08 5.9 CVE-2024-34558
[email protected]
red_hat — red_hat_enterprise_linux_6 A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer’s stack frame was concurrently being “freed” when returning from virNetClientIOEventLoop(). The ‘virtproxyd’ daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it. 2024-05-08 6.2 CVE-2024-4418
[email protected]
[email protected]
robosoft — robo_gallery Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. 2024-05-06 5.3 CVE-2024-34382
[email protected]
ruijie — rg-uac A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-06 4.7 CVE-2024-4508
[email protected]
[email protected]
[email protected]
[email protected]
ruijie — rg-uac A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-06 4.7 CVE-2024-4509
[email protected]
[email protected]
[email protected]
[email protected]
ruijie — rg-uac A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_mac_addr leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263114 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-06 4.7 CVE-2024-4510
[email protected]
[email protected]
[email protected]
[email protected]
ruijie — rg-uac

 

A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-06 4.7 CVE-2024-4507
[email protected]
[email protected]
[email protected]
[email protected]
samsung_mobile — galaxy_store Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. 2024-05-07 5.1 CVE-2024-20870
[email protected]
samsung_mobile — samsung_mobile_devices Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption. 2024-05-07 6 CVE-2024-20861
[email protected]
samsung_mobile — samsung_mobile_devices Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. 2024-05-07 6 CVE-2024-20862
[email protected]
samsung_mobile — samsung_mobile_devices Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. 2024-05-07 6.7 CVE-2024-20863
[email protected]
samsung_mobile — samsung_mobile_devices Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images. 2024-05-07 6.6 CVE-2024-20865
[email protected]
samsung_mobile — samsung_mobile_devices Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege. 2024-05-07 5.5 CVE-2024-20859
[email protected]
samsung_mobile — samsung_mobile_devices Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources. 2024-05-07 5.5 CVE-2024-20864
[email protected]
samsung_mobile — samsung_mobile_devices Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step. 2024-05-07 5.7 CVE-2024-20866
[email protected]
samsung_mobile — samsung_mobile_devices Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. 2024-05-07 5.5 CVE-2024-20867
[email protected]
samsung_mobile — samsung_mobile_devices Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. 2024-05-07 5.5 CVE-2024-20869
[email protected]
samsung_mobile — samsung_mobile_devices A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control TEE. 2024-05-07 4.4 CVE-2024-20821
[email protected]
samsung_mobile — samsung_mobile_devices Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario. 2024-05-07 4.3 CVE-2024-20856
[email protected]
samsung_mobile — samsung_mobile_devices Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. 2024-05-07 4 CVE-2024-20857
[email protected]
samsung_mobile — samsung_mobile_devices Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. 2024-05-07 4 CVE-2024-20858
[email protected]
samsung_mobile — samsung_mobile_devices Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission. 2024-05-07 4 CVE-2024-20860
[email protected]
samsung_mobile — samsung_mobile_devices Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions. 2024-05-07 4.4 CVE-2024-20868
[email protected]
samsung_mobile — samsung_mobile_devices Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection. 2024-05-07 4.9 CVE-2024-20871
[email protected]
samsung_mobile — talkbackse Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE. 2024-05-07 6.2 CVE-2024-20872
[email protected]
shanghai_sunfull_automation — bacnet_server_hmi1002-arm A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263115. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-06 6.3 CVE-2024-4511
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
slicewp — slicewp Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SliceWP allows Stored XSS.This issue affects SliceWP: from n/a through 1.1.10. 2024-05-06 5.9 CVE-2024-34413
[email protected]
socomec — net_vision An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer value. 2024-05-07 6.7 CVE-2024-4601
[email protected]
supsystic — digital_publications_by_supsystic Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. 2024-05-06 5.3 CVE-2024-33910
[email protected]
the_seo_guys_at_seopress — seopress Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1. 2024-05-06 5.3 CVE-2024-34383
[email protected]
theme_freesia — edge Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9. 2024-05-06 6.5 CVE-2024-34376
[email protected]
themegrill — himalayas Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0. 2024-05-08 6.5 CVE-2024-34571
[email protected]
themehunk — advance_wordpress_search_plugin Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. 2024-05-08 6.5 CVE-2022-40218
[email protected]
themeprix — fancy_elementor_flipbox Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemePrix Fancy Elementor Flipbox fancy-elementor-flipbox allows Stored XSS.This issue affects Fancy Elementor Flipbox: from n/a through 2.4.2. 2024-05-08 6.5 CVE-2024-34572
[email protected]
themeqx — letterpress Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through 4.15.12. 2024-05-06 5.3 CVE-2024-34368
[email protected]
themeqx — letterpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1. 2024-05-08 5.9 CVE-2024-34568
[email protected]
themesgrove — widgetkit Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8. 2024-05-08 6.5 CVE-2024-34548
[email protected]
themesgrove — widgetkit Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0. 2024-05-06 5.3 CVE-2024-33908
[email protected]
tilda_publishing — tilda_publishing Missing Authorization vulnerability in Tilda Publishing.This issue affects Tilda Publishing: from n/a through 0.3.23. 2024-05-07 6.3 CVE-2023-31234
[email protected]
tyche_softwares — print_invoice_&_delivery_notes_for_woocommerce Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through 2.1.10; Arconix FAQ: from n/a through 1.9.3. 2024-05-08 4.3 CVE-2024-4233
[email protected]
[email protected]
[email protected]
vitessio — vitess Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7. 2024-05-08 4.9 CVE-2024-32886
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
vmware — vmware_avi_load_balancer
 
 VMware Avi Load Balancer contains an information disclosure vulnerability. A malicious actor with access to the system logs can view cloud connection credentials in plaintext. 2024-05-08 6.5 CVE-2024-22266
[email protected]
wpmet — metform_elementor_contact_form_builder Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3. 2024-05-06 4.3 CVE-2024-33570
[email protected]
wppool — sheets_to_wp_table_live_sync Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0. 2024-05-06 5.9 CVE-2024-34375
[email protected]
wpsoul — table_maker Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1. 2024-05-08 5.9 CVE-2024-34574
[email protected]
xpro — xpro_elementor_addons Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.3. 2024-05-08 5.9 CVE-2024-34570
[email protected]
N/A — N/A

 

An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled. 2024-05-06 5.3 CVE-2024-34093
[email protected]
[email protected]

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
Ncampcodes — complete_web-based_school_management_system A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263130 is the identifier assigned to this vulnerability. 2024-05-06 3.5 CVE-2024-4527
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability. 2024-05-06 3.5 CVE-2024-4513
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability. 2024-05-06 3.5 CVE-2024-4514
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263119. 2024-05-06 3.5 CVE-2024-4515
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120. 2024-05-06 3.5 CVE-2024-4516
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability. 2024-05-06 3.5 CVE-2024-4517
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability. 2024-05-06 3.5 CVE-2024-4518
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123. 2024-05-06 3.5 CVE-2024-4519
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263124. 2024-05-06 3.5 CVE-2024-4521
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263125 was assigned to this vulnerability. 2024-05-06 3.5 CVE-2024-4522
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263126 is the identifier assigned to this vulnerability. 2024-05-06 3.5 CVE-2024-4523
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127. 2024-05-06 3.5 CVE-2024-4524
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128. 2024-05-06 3.5 CVE-2024-4525
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263129 was assigned to this vulnerability. 2024-05-06 3.5 CVE-2024-4526
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263490 is the identifier assigned to this vulnerability. 2024-05-08 3.5 CVE-2024-4646
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263491. 2024-05-08 3.5 CVE-2024-4647
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263492. 2024-05-08 3.5 CVE-2024-4648
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263493 was assigned to this vulnerability. 2024-05-08 3.5 CVE-2024-4649
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability. 2024-05-08 3.5 CVE-2024-4650
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263495. 2024-05-08 3.5 CVE-2024-4651
[email protected]
[email protected]
[email protected]
[email protected]
campcodes — complete_web-based_school_management_system A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496. 2024-05-08 3.5 CVE-2024-4652
[email protected]
[email protected]
[email protected]
[email protected]
dell — data_manager_appliance_software_(dmas) Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. 2024-05-08 2.2 CVE-2024-22460
[email protected]
dell — update_manager_plugin Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2024-05-08 3.5 CVE-2024-28971
[email protected]
n/a — kimai A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability. 2024-05-07 3.7 CVE-2024-4596
[email protected]
[email protected]
[email protected]
[email protected]
openharmony — openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. 2024-05-07 3.3 CVE-2024-31078
[email protected]
openharmony — openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. 2024-05-07 3.3 CVE-2024-3757
[email protected]
samsung_mobile — samsung_mobile_devices
 
Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while. 2024-05-07 2.4 CVE-2024-20855
[email protected]
sourcecodester — prison_management_system A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/edit-profile.php. The manipulation of the argument txtfullname/txtdob/txtaddress/txtqualification/cmddept/cmdemployeetype/txtappointment leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263116. 2024-05-06 3.5 CVE-2024-4512
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — prison_management_system A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263488. 2024-05-08 3.5 CVE-2024-4644
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — prison_management_system A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263489 was assigned to this vulnerability. 2024-05-08 3.5 CVE-2024-4645
[email protected]
[email protected]
[email protected]
[email protected]
sourcecodester — prison_management_system A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263131. 2024-05-06 2.4 CVE-2024-4528
[email protected]
[email protected]
[email protected]
[email protected]
xpdf — xpdf In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. 2024-05-06 2.9 CVE-2024-4568
[email protected]

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache_software_foundation — apache_inlong Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,  the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong’s 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2]  https://github.com/apache/inlong/pull/9707 2024-05-08 not yet calculated CVE-2024-26579
[email protected]
[email protected]
apache_software_foundation — apache_ofbiz Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. 2024-05-08 not yet calculated CVE-2024-32113
[email protected]
[email protected]
[email protected]
[email protected]
bentley — view Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18960. 2024-05-07 not yet calculated CVE-2022-43651
[email protected]
bentley — view Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18981. 2024-05-07 not yet calculated CVE-2022-43652
[email protected]
bentley — view Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084. 2024-05-07 not yet calculated CVE-2022-43653
[email protected]
bentley — view Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18491. 2024-05-07 not yet calculated CVE-2022-43655
[email protected]
bentley — view Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18492. 2024-05-07 not yet calculated CVE-2022-43656
[email protected]
bmc — track-it! BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527. 2024-05-07 not yet calculated CVE-2021-35001
[email protected]
[email protected]
bmc — track-it! BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122. 2024-05-07 not yet calculated CVE-2021-35002
[email protected]
[email protected]
d-link — dap-2622 D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20076. 2024-05-07 not yet calculated CVE-2023-35748
[email protected]
[email protected]
d-link — dap-2622 D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077. 2024-05-07 not yet calculated CVE-2023-35749
[email protected]
[email protected]
d-link — dap-2622 D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20085. 2024-05-07 not yet calculated CVE-2023-35757
[email protected]
[email protected]
d-link — dap-2622 D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104. 2024-05-07 not yet calculated CVE-2023-37325
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14355. 2024-05-07 not yet calculated CVE-2021-34954
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14356. 2024-05-07 not yet calculated CVE-2021-34955
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14357. 2024-05-07 not yet calculated CVE-2021-34956
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358. 2024-05-07 not yet calculated CVE-2021-34957
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359. 2024-05-07 not yet calculated CVE-2021-34958
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14360. 2024-05-07 not yet calculated CVE-2021-34959
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362. 2024-05-07 not yet calculated CVE-2021-34960
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363. 2024-05-07 not yet calculated CVE-2021-34961
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364. 2024-05-07 not yet calculated CVE-2021-34962
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365. 2024-05-07 not yet calculated CVE-2021-34963
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366. 2024-05-07 not yet calculated CVE-2021-34964
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361. 2024-05-07 not yet calculated CVE-2021-34965
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367. 2024-05-07 not yet calculated CVE-2021-34966
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368. 2024-05-07 not yet calculated CVE-2021-34967
[email protected]
[email protected]
foxit — pdf_editor Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370. 2024-05-07 not yet calculated CVE-2021-34968
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Square annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14272. 2024-05-07 not yet calculated CVE-2021-34948
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14273. 2024-05-07 not yet calculated CVE-2021-34949
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14396. 2024-05-07 not yet calculated CVE-2021-34950
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14395. 2024-05-07 not yet calculated CVE-2021-34951
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14729. 2024-05-07 not yet calculated CVE-2021-34952
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14658. 2024-05-07 not yet calculated CVE-2021-34953
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14622. 2024-05-07 not yet calculated CVE-2021-34969
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the print method. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14849. 2024-05-07 not yet calculated CVE-2021-34970
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812. 2024-05-07 not yet calculated CVE-2021-34971
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14975. 2024-05-07 not yet calculated CVE-2021-34972
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14968. 2024-05-07 not yet calculated CVE-2021-34973
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15167. 2024-05-07 not yet calculated CVE-2021-34974
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218. 2024-05-07 not yet calculated CVE-2021-34975
[email protected]
[email protected]
foxit — pdf_reader Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14659. 2024-05-07 not yet calculated CVE-2021-34976
[email protected]
[email protected]
go_standard_library — net A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. 2024-05-08 not yet calculated CVE-2024-24788
[email protected]
[email protected]
[email protected]
[email protected]
go_toolchain — cmd/go On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a “#cgo LDFLAGS” directive. 2024-05-08 not yet calculated CVE-2024-24787
[email protected]
[email protected]
[email protected]
[email protected]
google — android In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0022
[email protected]
[email protected]
google — android In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0024
[email protected]
[email protected]
google — android In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0025
[email protected]
[email protected]
google — android In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0026
[email protected]
[email protected]
google — android In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0027
[email protected]
[email protected]
google — android In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0042
[email protected]
google — android In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0043
[email protected]
[email protected]
google — android In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23704
[email protected]
[email protected]
google — android In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23705
[email protected]
[email protected]
google — android In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23706
[email protected]
[email protected]
google — android In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23707
[email protected]
[email protected]
google — android In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23708
[email protected]
[email protected]
google — android In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23709
[email protected]
[email protected]
google — android In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23710
[email protected]
[email protected]
google — android In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23712
[email protected]
[email protected]
google — android In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23713
[email protected]
[email protected]
google — chrome Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-05-07 not yet calculated CVE-2024-4558
[email protected]
[email protected]
google — chrome Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-05-07 not yet calculated CVE-2024-4559
[email protected]
[email protected]
heateor — heateor_social_login_wordpress Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. 2024-05-08 not yet calculated CVE-2024-32674
[email protected]
[email protected]
hp_inc. — hp_application_enabling_software_driver A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. 2024-05-06 not yet calculated CVE-2024-1695
[email protected]
integrated_control_technology — tsec Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption. 2024-05-06 not yet calculated CVE-2024-29941
56c94bcb-ac34-4d7f-b660-d297a6b7ff82
knowbe4 — phish_alert_button_(pab)_for_outlook A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application’s failure to securely verify the authenticity and integrity of the update server. The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application’s update requests to a malicious server under their control. Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine. Impact: Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks. Workarounds: Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor. 2024-05-07 not yet calculated CVE-2024-29209
[email protected]
knowbe4 — phish_alert_button_(pab)_for_outlook A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application’s configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges. The issue stems from improper permission settings on the application’s configuration file, which is stored in a common directory accessible to all users. This file includes critical parameters, such as the update server URL. By default, the application does not enforce adequate access controls on this file, allowing non-privileged users to modify it without administrative consent. An attacker with regular user access can alter the update server URL specified in the configuration file to point to a malicious server. When the application performs its next update check, it will contact the attacker-controlled server. If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. This can result in unauthorized access to sensitive data, installation of additional malware, and a full takeover of the affected system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: KnowBe4 has released a patch that corrects the permission settings on the configuration file to prevent unauthorized modifications. Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4. Workarounds: Manually set the correct permissions on the configuration file to restrict write access to administrators only. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor. 2024-05-07 not yet calculated CVE-2024-29210
[email protected]
linux — kernel Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977. 2024-05-07 not yet calculated CVE-2021-34981
[email protected]
maxon — cinema_4d Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21438. 2024-05-07 not yet calculated CVE-2023-40490
[email protected]
mediatek,_inc. — mt2737,_mt6739,_mt6761,_mt6765,_mt6768,_mt6771,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6877,_mt6879,_mt6880,_mt6883,_mt6885,_mt6886,_mt6889,_mt6890,_mt6893,_mt6895,_mt6897,_mt6980,_mt6983,_mt6985,_mt6989,_mt6990,_mt8167,_mt8167s,_mt8168,_mt8173,_mt8175,_mt8185,_mt8188,_mt8195,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8390,_mt8395,_mt8755,_mt8765,_mt8766,_mt8768,_mt8775,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791,_mt8791t,_mt8797,_mt8798 In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514. 2024-05-06 not yet calculated CVE-2023-32871
[email protected]
mediatek,_inc. — mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390 In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749. 2024-05-06 not yet calculated CVE-2024-20059
[email protected]
mediatek,_inc. — mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390 In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754. 2024-05-06 not yet calculated CVE-2024-20060
[email protected]
mediatek,_inc. — mt6580,_mt6761,_mt6762,_mt6768,_mt6781,_mt6789,_mt6833,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6875,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6891,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8678,_mt8755,_mt8775,_mt8792,_mt8796 In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. 2024-05-06 not yet calculated CVE-2024-20064
[email protected]
mediatek,_inc. — mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6880,_mt6885,_mt6886,_mt6890,_mt6893,_mt6895,_mt6897,_mt6983,_mt6985,_mt6989,_mt8666,_mt8667,_mt8673,_mt8676,_mt8678 In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185. 2024-05-06 not yet calculated CVE-2024-20056
[email protected]
mediatek,_inc. — mt6761,_mt6765,_mt6768,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6897,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796 In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881. 2024-05-06 not yet calculated CVE-2024-20057
[email protected]
mediatek,_inc. — mt6761,_mt6765,_mt6768,_mt6833,_mt6853,_mt6855,_mt6893,_mt6895,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796 In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227. 2024-05-06 not yet calculated CVE-2023-32873
[email protected]
mediatek,_inc. — mt6765,_mt6768,_mt6785,_mt6833,_mt6853,_mt6855,_mt6893,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796,_mt8797,_mt8798 In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204. 2024-05-06 not yet calculated CVE-2024-20058
[email protected]
mediatek,_inc. — mt6768,_mt6781,_mt6785,_mt6833,_mt6853,_mt6873,_mt6877,_mt6885,_mt6893,_mt8168,_mt8183,_mt8188,_mt8188t,_mt8195,_mt8195z,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8666,_mt8666a,_mt8666b,_mt8667,_mt8673,_mt8675,_mt8675,_mt8676,_mt8678,_mt8765,_mt8766,_mt8766z,_mt8768,_mt8768a,_mt8768b,_mt8768t,_mt8768z,_mt8781,_mt8781,_mt8786,_mt8788,_mt8788t,_mt8788,_mt8788x,_mt8788z,_mt8792,_mt8795t,_mt8796,_mt8798 In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249. 2024-05-06 not yet calculated CVE-2024-20021
[email protected]
mintplex-labs — mintplex-labs/anything-llm A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. 2024-05-07 not yet calculated CVE-2024-2913
[email protected]
netgear — cax30s NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227. 2024-05-07 not yet calculated CVE-2022-43654
[email protected]
[email protected]
netgear — multiple_routers NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709. 2024-05-07 not yet calculated CVE-2021-34982
[email protected]
[email protected]
netgear — multiple_routers NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708. 2024-05-07 not yet calculated CVE-2021-34983
[email protected]
[email protected]
netgear — r7800 NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055. 2024-05-07 not yet calculated CVE-2021-34947
[email protected]
[email protected]
node.js — node The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. 2024-05-07 not yet calculated CVE-2024-27982
[email protected]
openbsd — kernel OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14540. 2024-05-07 not yet calculated CVE-2021-34999
[email protected]
openbsd — kernel OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16112. 2024-05-07 not yet calculated CVE-2021-35000
[email protected]
the_gnu_c_library — glibc nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon’s (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. 2024-05-06 not yet calculated CVE-2024-33599
3ff69d7a-14f2-4f67-a097-88dee7810d18
the_gnu_c_library — glibc nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon’s (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. 2024-05-06 not yet calculated CVE-2024-33600
3ff69d7a-14f2-4f67-a097-88dee7810d18
the_gnu_c_library — glibc nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon’s (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. 2024-05-06 not yet calculated CVE-2024-33601
3ff69d7a-14f2-4f67-a097-88dee7810d18
the_gnu_c_library — glibc nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon’s (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. 2024-05-06 not yet calculated CVE-2024-33602
3ff69d7a-14f2-4f67-a097-88dee7810d18
triangle_microworks — scada_data_gateway Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227. 2024-05-07 not yet calculated CVE-2022-0369
[email protected]
ubiquiti_inc — unifi_connect_application An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. 2024-05-07 not yet calculated CVE-2024-29207
[email protected]
ubiquiti_inc — unifi_connect_ev_station An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Access G2 Reader Pro (Version 1.2.172 and earlier) UniFi Access Reader Pro (Version 2.7.238 and earlier) UniFi Access Intercom (Version 1.0.66 and earlier) UniFi Access Intercom Viewer (Version 1.0.5 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Access G2 Reader Pro Version 1.3.37 or later. Update UniFi Access Reader Pro Version 2.8.19 or later. Update UniFi Access Intercom Version 1.1.32 or later. Update UniFi Access Intercom Viewer Version 1.1.6 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. 2024-05-07 not yet calculated CVE-2024-29206
[email protected]
ubiquiti_inc — update_unifi_connect_ev_station An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. 2024-05-07 not yet calculated CVE-2024-29208
[email protected]
unknown — crelly_slider The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-05-06 not yet calculated CVE-2024-3752
[email protected]
unknown — easyevent The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2024-05-07 not yet calculated CVE-2024-3628
[email protected]
unknown — fancy_product_designer The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-05-06 not yet calculated CVE-2024-0904
[email protected]
unknown — mf_gig_calendar The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack 2024-05-06 not yet calculated CVE-2024-3756
[email protected]
unknown — mf_gig_calendar
 
The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-05-06 not yet calculated CVE-2024-3755
[email protected]
N/A — N/A

 

Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field. 2024-05-06 not yet calculated CVE-2023-33548
[email protected]
N/A — N/A

 

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. 2024-05-07 not yet calculated CVE-2023-46012
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. 2024-05-07 not yet calculated CVE-2024-25507
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. 2024-05-07 not yet calculated CVE-2024-25508
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. 2024-05-07 not yet calculated CVE-2024-25509
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. 2024-05-07 not yet calculated CVE-2024-25510
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. 2024-05-07 not yet calculated CVE-2024-25511
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. 2024-05-07 not yet calculated CVE-2024-25512
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. 2024-05-07 not yet calculated CVE-2024-25513
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. 2024-05-07 not yet calculated CVE-2024-25514
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. 2024-05-08 not yet calculated CVE-2024-25515
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. 2024-05-08 not yet calculated CVE-2024-25517
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. 2024-05-08 not yet calculated CVE-2024-25518
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. 2024-05-08 not yet calculated CVE-2024-25519
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. 2024-05-08 not yet calculated CVE-2024-25520
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. 2024-05-08 not yet calculated CVE-2024-25521
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. 2024-05-08 not yet calculated CVE-2024-25522
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. 2024-05-08 not yet calculated CVE-2024-25523
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. 2024-05-08 not yet calculated CVE-2024-25524
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. 2024-05-08 not yet calculated CVE-2024-25525
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. 2024-05-08 not yet calculated CVE-2024-25526
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. 2024-05-08 not yet calculated CVE-2024-25527
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. 2024-05-08 not yet calculated CVE-2024-25528
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. 2024-05-08 not yet calculated CVE-2024-25529
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. 2024-05-08 not yet calculated CVE-2024-25530
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. 2024-05-08 not yet calculated CVE-2024-25531
[email protected]
N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. 2024-05-08 not yet calculated CVE-2024-25532
[email protected]
N/A — N/A

 

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. 2024-05-08 not yet calculated CVE-2024-25533
[email protected]
N/A — N/A

 

Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 2024-05-06 not yet calculated CVE-2024-26312
[email protected]
[email protected]
N/A — N/A

 

Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. 2024-05-06 not yet calculated CVE-2024-28725
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process. 2024-05-07 not yet calculated CVE-2024-29149
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are used for debugging files. Given that the process of gathering debug logs is carried out with root privileges, any file referenced in the symlink is consequently written to the debug archive, thereby granting accessibility to the attacker. 2024-05-07 not yet calculated CVE-2024-29150
[email protected]
[email protected]
N/A — N/A

 

An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. 2024-05-06 not yet calculated CVE-2024-30973
[email protected]
N/A — N/A

 

A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. 2024-05-08 not yet calculated CVE-2024-31961
[email protected]
N/A — N/A

 

SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component. 2024-05-07 not yet calculated CVE-2024-32369
[email protected]
[email protected]
N/A — N/A

 

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component. 2024-05-07 not yet calculated CVE-2024-32370
[email protected]
[email protected]
N/A — N/A

 

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. 2024-05-07 not yet calculated CVE-2024-32371
[email protected]
[email protected]
N/A — N/A

 

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. 2024-05-06 not yet calculated CVE-2024-33110
[email protected]
N/A — N/A

 

D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. 2024-05-06 not yet calculated CVE-2024-33111
[email protected]
N/A — N/A

 

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. 2024-05-06 not yet calculated CVE-2024-33112
[email protected]
N/A — N/A

 

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. 2024-05-06 not yet calculated CVE-2024-33113
[email protected]
N/A — N/A

 

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. 2024-05-06 not yet calculated CVE-2024-33117
[email protected]
N/A — N/A

 

LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. 2024-05-06 not yet calculated CVE-2024-33118
[email protected]
N/A — N/A

 

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file. 2024-05-07 not yet calculated CVE-2024-33120
[email protected]
[email protected]
N/A — N/A

 

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the ‘s’ parameter in the search() function. 2024-05-06 not yet calculated CVE-2024-33121
[email protected]
N/A — N/A

 

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function. 2024-05-07 not yet calculated CVE-2024-33122
[email protected]
N/A — N/A

 

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. 2024-05-07 not yet calculated CVE-2024-33124
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. 2024-05-07 not yet calculated CVE-2024-33139
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. 2024-05-07 not yet calculated CVE-2024-33144
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. 2024-05-07 not yet calculated CVE-2024-33146
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. 2024-05-07 not yet calculated CVE-2024-33147
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. 2024-05-07 not yet calculated CVE-2024-33148
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. 2024-05-07 not yet calculated CVE-2024-33149
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. 2024-05-07 not yet calculated CVE-2024-33153
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. 2024-05-07 not yet calculated CVE-2024-33155
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. 2024-05-07 not yet calculated CVE-2024-33161
[email protected]
N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. 2024-05-07 not yet calculated CVE-2024-33164
[email protected]
N/A — N/A

 

An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. 2024-05-06 not yet calculated CVE-2024-33294
[email protected]
N/A — N/A

 

An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration 2024-05-08 not yet calculated CVE-2024-33382
[email protected]
N/A — N/A

 

A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. 2024-05-06 not yet calculated CVE-2024-33403
[email protected]
N/A — N/A

 

A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. 2024-05-06 not yet calculated CVE-2024-33404
[email protected]
N/A — N/A

 

SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. 2024-05-06 not yet calculated CVE-2024-33405
[email protected]
N/A — N/A

 

SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. 2024-05-06 not yet calculated CVE-2024-33406
[email protected]
N/A — N/A

 

SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. 2024-05-06 not yet calculated CVE-2024-33407
[email protected]
N/A — N/A

 

A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. 2024-05-06 not yet calculated CVE-2024-33408
[email protected]
N/A — N/A

 

SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. 2024-05-06 not yet calculated CVE-2024-33409
[email protected]
N/A — N/A

 

SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. 2024-05-06 not yet calculated CVE-2024-33410
[email protected]
N/A — N/A

 

A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. 2024-05-06 not yet calculated CVE-2024-33411
[email protected]
N/A — N/A

 

An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering. 2024-05-07 not yet calculated CVE-2024-33434
[email protected]
[email protected]
N/A — N/A

 

Cross-site scripting (XSS) vulnerability in the search function in MvnRepository MS Basic 2.1.18.3 and earlier. 2024-05-07 not yet calculated CVE-2024-33748
[email protected]
[email protected]
N/A — N/A

 

DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. 2024-05-06 not yet calculated CVE-2024-33749
[email protected]
N/A — N/A

 

An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. 2024-05-06 not yet calculated CVE-2024-33752
[email protected]
N/A — N/A

 

Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization. 2024-05-06 not yet calculated CVE-2024-33753
[email protected]
N/A — N/A

 

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. 2024-05-07 not yet calculated CVE-2024-33780
[email protected]
N/A — N/A

 

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. 2024-05-07 not yet calculated CVE-2024-33781
[email protected]
N/A — N/A

 

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. 2024-05-07 not yet calculated CVE-2024-33782
[email protected]
N/A — N/A

 

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. 2024-05-07 not yet calculated CVE-2024-33783
[email protected]
N/A — N/A

 

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. 2024-05-06 not yet calculated CVE-2024-33788
[email protected]
N/A — N/A

 

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. 2024-05-06 not yet calculated CVE-2024-33829
[email protected]
N/A — N/A

 

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. 2024-05-06 not yet calculated CVE-2024-33830
[email protected]
N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint. 2024-05-07 not yet calculated CVE-2024-33856
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. 2024-05-07 not yet calculated CVE-2024-33857
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory. 2024-05-07 not yet calculated CVE-2024-33858
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn’t being escaped in the “Interesting Field” Web UI, leading to XSS. 2024-05-07 not yet calculated CVE-2024-33859
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. 2024-05-07 not yet calculated CVE-2024-33860
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release. 2024-05-06 not yet calculated CVE-2024-34092
[email protected]
[email protected]
N/A — N/A

 

libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. 2024-05-08 not yet calculated CVE-2024-34244
[email protected]
N/A — N/A

 

wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function “main” in wasm3/platforms/app/main.c. 2024-05-06 not yet calculated CVE-2024-34246
[email protected]
N/A — N/A

 

wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function “DeallocateSlot” in wasm3/source/m3_compile.c. 2024-05-06 not yet calculated CVE-2024-34249
[email protected]
N/A — N/A

 

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the “wasm_loader_check_br” function in core/iwasm/interpreter/wasm_loader.c. 2024-05-06 not yet calculated CVE-2024-34250
[email protected]
N/A — N/A

 

An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the “block_type_get_arity” function in core/iwasm/interpreter/wasm.h. 2024-05-06 not yet calculated CVE-2024-34251
[email protected]
N/A — N/A

 

wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function “PreserveRegisterIfOccupied” in wasm3/source/m3_compile.c. 2024-05-06 not yet calculated CVE-2024-34252
[email protected]
N/A — N/A

 

jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function. 2024-05-08 not yet calculated CVE-2024-34255
[email protected]
N/A — N/A

 

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. 2024-05-08 not yet calculated CVE-2024-34257
[email protected]
N/A — N/A

 

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. 2024-05-07 not yet calculated CVE-2024-34314
[email protected]
N/A — N/A

 

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. 2024-05-07 not yet calculated CVE-2024-34315
[email protected]
N/A — N/A

 

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. 2024-05-07 not yet calculated CVE-2024-34397
[email protected]
[email protected]
N/A — N/A

 

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. 2024-05-06 not yet calculated CVE-2024-34470
[email protected]
N/A — N/A

 

An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading. 2024-05-06 not yet calculated CVE-2024-34471
[email protected]
N/A — N/A

 

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. 2024-05-06 not yet calculated CVE-2024-34472
[email protected]
N/A — N/A

 

The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privileges. 2024-05-07 not yet calculated CVE-2024-34517
[email protected]
[email protected]
[email protected]
N/A — N/A

 

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2024-05-07 not yet calculated CVE-2024-34523
[email protected]
[email protected]
N/A — N/A

 

In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. 2024-05-06 not yet calculated CVE-2024-34524
[email protected]
[email protected]
N/A — N/A

 

FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. 2024-05-06 not yet calculated CVE-2024-34525
[email protected]
N/A — N/A

 

spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. 2024-05-06 not yet calculated CVE-2024-34527
[email protected]
[email protected]
N/A — N/A

 

WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. 2024-05-06 not yet calculated CVE-2024-34528
[email protected]
[email protected]
N/A — N/A

 

Nebari through 2024.4.1 prints the temporary Keycloak root password. 2024-05-06 not yet calculated CVE-2024-34529
[email protected]
[email protected]
N/A — N/A

 

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. 2024-05-06 not yet calculated CVE-2024-34532
[email protected]
N/A — N/A

 

A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. 2024-05-06 not yet calculated CVE-2024-34533
[email protected]
N/A — N/A

 

A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. 2024-05-06 not yet calculated CVE-2024-34534
[email protected]
N/A — N/A

 

Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. 2024-05-06 not yet calculated CVE-2024-34538
[email protected]
N/A — N/A

 

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. 2024-05-07 not yet calculated CVE-2024-4030
[email protected]
[email protected]
[email protected]
[email protected]

Back to top