High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
10Web Form Builder Team–Form Maker by 10Web |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26. | 2024-08-12 | 7.1 | CVE-2024-43220 [email protected] |
AddonMaster–Post Grid Master |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10. | 2024-08-12 | 7.1 | CVE-2024-43156 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when the state of a resource changes between its check-time and use-time, allowing an attacker to manipulate the resource. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7 | CVE-2024-39420 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39422 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39423 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39424 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high. | 2024-08-14 | 7 | CVE-2024-39425 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39426 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41830 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41831 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue does not require user interaction, but attack complexity is high and scope is changed. | 2024-08-14 | 9 | CVE-2024-39397 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user’s browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts. | 2024-08-14 | 8.1 | CVE-2024-39400 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. | 2024-08-14 | 8.4 | CVE-2024-39401 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. | 2024-08-14 | 8.4 | CVE-2024-39402 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and potentially gain unauthorized access to accounts. Exploitation of this issue does not require user interaction, but attack complexity is high. | 2024-08-14 | 7.4 | CVE-2024-39398 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. | 2024-08-14 | 7.7 | CVE-2024-39399 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information. | 2024-08-14 | 7.6 | CVE-2024-39403 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to gain access to files and directories that are outside the restricted directory. Exploitation of this issue does not require user interaction and scope is changed. | 2024-08-14 | 7.7 | CVE-2024-39406 [email protected] |
adobe — illustrator |
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-34133 [email protected] |
adobe — indesign |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.1 | CVE-2024-34127 [email protected] |
adobe — substance_3d_designer |
Substance3D – Designer versions 13.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41864 [email protected] |
Adobe–Acrobat Reader |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39383 [email protected] |
Adobe–Bridge |
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39386 [email protected] |
Adobe–Bridge |
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41840 [email protected] |
Adobe–Dimension |
Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-20789 [email protected] |
Adobe–Dimension |
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-34124 [email protected] |
Adobe–Dimension |
Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction. | 2024-08-14 | 7.8 | CVE-2024-41865 [email protected] |
Adobe–Illustrator |
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41856 [email protected] |
Adobe–InCopy |
InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41858 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39389 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39390 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39391 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39393 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39394 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41850 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41851 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41852 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-41853 [email protected] |
Adobe–Photoshop Desktop |
Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-34117 [email protected] |
Adobe–Substance3D – Stager |
Substance3D – Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 7.8 | CVE-2024-39388 [email protected] |
AMD–3rd Gen AMD EPYC Processors |
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. | 2024-08-12 | 7.5 | CVE-2023-31315 [email protected] |
AMD–AMD Athlon 3000 Series Desktop Processors with Radeon Graphics |
Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution. | 2024-08-13 | 7.5 | CVE-2022-23815 [email protected] |
AMD–AMD EPYC 7001 Processors |
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. | 2024-08-13 | 7.5 | CVE-2023-20578 [email protected] |
AMD–AMD EPYC 7001 Series Processors |
An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution. | 2024-08-13 | 7.2 | CVE-2021-26344 [email protected] |
AMD–AMD Ryzen 3000 Series Desktop Processors |
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation. | 2024-08-13 | 7 | CVE-2022-23817 [email protected] |
AMD–Prof Tool |
Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD ?Prof may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. | 2024-08-13 | 7.3 | CVE-2023-31341 [email protected] |
AMD–Prof Tool |
A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 2024-08-13 | 7.3 | CVE-2023-31348 [email protected] |
AMD–Prof Tool |
Incorrect default permissions in the AMD ?Prof installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 2024-08-13 | 7.3 | CVE-2023-31349 [email protected] |
angeljudesuarez — tailoring_management_system |
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /incedit.php?id=4. The manipulation of the argument id/inccat/desc/date/amount leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7680 [email protected] [email protected] [email protected] [email protected] |
anhvnit–Woocommerce OpenPos |
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. | 2024-08-13 | 7.5 | CVE-2024-37935 [email protected] |
annke — crater_2_firmware |
An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request. | 2024-08-12 | 8.8 | CVE-2024-39091 [email protected] |
Apache Software Foundation–Apache DolphinScheduler |
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2. | 2024-08-12 | 8.8 | CVE-2024-29831 [email protected] |
averta–Slider & Popup Builder by Depicter Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel |
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2024-08-14 | 8.8 | CVE-2024-4389 [email protected] [email protected] [email protected] |
BannerSky–BSK Forms Blacklist |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8. | 2024-08-12 | 7.1 | CVE-2024-43233 [email protected] |
BerqWP–BerqWP |
Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6. | 2024-08-13 | 10 | CVE-2024-43160 [email protected] |
boa-dev–boa |
Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript’s `AsyncGenerator` operations can cause an uncaught exception on certain scripts. Boa’s implementation of `AsyncGenerator` makes the assumption that the state of an `AsyncGenerator` object cannot change while resolving a promise created by methods of `AsyncGenerator` such as `%AsyncGeneratorPrototype%.next`, `%AsyncGeneratorPrototype%.return`, or `%AsyncGeneratorPrototype%.throw`. However, a carefully constructed code could trigger a state transition from a getter method for the promise’s `then` property, which causes the engine to fail an assertion of this assumption, causing an uncaught exception. This could be used to create a Denial Of Service attack in applications that run arbitrary ECMAScript code provided by an external user. Version 0.19.0 is patched to correctly handle this case. Users unable to upgrade to the patched version would want to use `std::panic::catch_unwind` to ensure any exceptions caused by the engine don’t impact the availability of the main application. | 2024-08-15 | 7.5 | CVE-2024-43367 [email protected] [email protected] [email protected] |
CAYIN Technology–CMS-SE(22.04) |
The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server. | 2024-08-14 | 7.2 | CVE-2024-7728 [email protected] [email protected] [email protected] |
CAYIN Technology–SMP-2100 |
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files. | 2024-08-14 | 7.5 | CVE-2024-7729 [email protected] [email protected] [email protected] |
clastix — kamaji |
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an “open at the top” range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2. | 2024-08-12 | 9.9 | CVE-2024-42480 [email protected] [email protected] [email protected] |
code-projects — simple_ticket_booking |
A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been classified as critical. Affected is an unknown function of the file register_insert.php of the component Registration Handler. The manipulation of the argument name/email/dob/password/Gender/phone leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7635 [email protected] [email protected] [email protected] [email protected] |
code-projects — simple_ticket_booking |
A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file authenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7636 [email protected] [email protected] [email protected] [email protected] |
code-projects–Job Portal |
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 7.3 | CVE-2024-7808 [email protected] [email protected] [email protected] [email protected] |
Codection–Import and export users and customers |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8. | 2024-08-13 | 7.5 | CVE-2024-38787 [email protected] |
college_management_system_project — college_management_system |
A vulnerability was found in code-projects College Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7681 [email protected] [email protected] [email protected] [email protected] |
Crocoblock–JetElements |
The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the ‘progress_type’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-08-16 | 8.8 | CVE-2024-7145 [email protected] [email protected] |
Crocoblock–JetTabs for Elementor |
The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the ‘switcher_preset’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-08-16 | 8.8 | CVE-2024-7146 [email protected] [email protected] |
dglingren–Media Library Assistant |
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2024-08-13 | 8.8 | CVE-2024-6823 [email protected] [email protected] [email protected] [email protected] |
dylanjkotze–Zephyr Project Manager |
The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin’s settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin’s settings. | 2024-08-15 | 8.1 | CVE-2024-7624 [email protected] [email protected] [email protected] |
edimax — ic-6220dc_firmware |
A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-12 | 9.8 | CVE-2024-7616 [email protected] [email protected] [email protected] [email protected] [email protected] |
Elastic–Kibana |
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution. | 2024-08-13 | 9.1 | CVE-2024-37287 [email protected] |
F5–BIG-IP |
When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Â Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-08-14 | 7.5 | CVE-2024-39778 [email protected] |
F5–BIG-IP |
In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-08-14 | 7.5 | CVE-2024-41727 [email protected] |
F5–BIG-IP Next Central Manager |
The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2024-08-14 | 7.5 | CVE-2024-39809 [email protected] |
F5–NGINX Plus |
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-08-14 | 7.5 | CVE-2024-39792 [email protected] |
fabianros — job_portal |
A vulnerability was found in code-projects Job Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file rw_i_nat.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7682 [email protected] [email protected] [email protected] [email protected] |
fabianros — online_polling |
A vulnerability was found in code-projects Online Polling 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file registeracc.php of the component Registration. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7637 [email protected] [email protected] [email protected] [email protected] |
ffmpeg — ffmpeg |
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component. | 2024-08-12 | 8.8 | CVE-2024-7272 [email protected] [email protected] [email protected] [email protected] [email protected] |
Firewalla–Box Software |
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely). | 2024-08-12 | 7.1 | CVE-2024-40892 [email protected] |
FIWARE–FIWARE Keyrock |
The function “generate_app_certificates” in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious name. | 2024-08-12 | 9.1 | CVE-2024-42166 [email protected] |
FIWARE–FIWARE Keyrock |
The function “generate_app_certificates” in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4Â does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious organisationname. | 2024-08-12 | 9.1 | CVE-2024-42167 [email protected] |
FIWARE–FIWARE Keyrock |
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link. | 2024-08-12 | 8.3 | CVE-2024-42163 [email protected] |
flatpak–flatpak |
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `–persist=subdir` in the command-line interface), that means that an application which otherwise doesn’t have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`–persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `–bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `–with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `–without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson “wrap” subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`–persist`) permission. | 2024-08-15 | 10 | CVE-2024-42472 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
freebsd — freebsd |
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)’s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. As a result of calling functions that are not async-signal-safe in the privileged sshd(8) context, a race condition exists that a determined attacker may be able to exploit to allow an unauthenticated remote code execution as root. | 2024-08-12 | 8.1 | CVE-2024-7589 [email protected] [email protected] [email protected] |
freebsd — freebsd |
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database. | 2024-08-12 | 7.5 | CVE-2024-6760 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/delete/1 | 2024-08-12 | 8.8 | CVE-2024-42623 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/delete/10. | 2024-08-12 | 8.8 | CVE-2024-42624 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/add | 2024-08-12 | 8.8 | CVE-2024-42625 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. | 2024-08-12 | 8.8 | CVE-2024-42626 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/delete/3. | 2024-08-12 | 8.8 | CVE-2024-42627 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/edit/3. | 2024-08-12 | 8.8 | CVE-2024-42628 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/edit/10. | 2024-08-12 | 8.8 | CVE-2024-42629 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. | 2024-08-12 | 8.8 | CVE-2024-42630 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/layout/edit/1. | 2024-08-12 | 8.8 | CVE-2024-42631 [email protected] |
frogcms_project — frogcms |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. | 2024-08-12 | 8.8 | CVE-2024-42632 [email protected] |
G5Theme–Ultimate Bootstrap Elements for Elementor |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4. | 2024-08-13 | 7.5 | CVE-2024-43140 [email protected] |
ggerganov — llama.cpp |
llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address reading. This vulnerability is fixed in b3561. | 2024-08-12 | 9.8 | CVE-2024-42478 [email protected] [email protected] |
ggerganov — llama.cpp |
llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561. | 2024-08-12 | 9.8 | CVE-2024-42479 [email protected] [email protected] |
ggerganov — llama.cpp |
llama.cpp provides LLM inference in C/C++. The unsafe `type` member in the `rpc_tensor` structure can cause `global-buffer-overflow`. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561. | 2024-08-12 | 7.5 | CVE-2024-42477 [email protected] [email protected] |
Google–Android |
In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | 7.8 | CVE-2024-31333 [email protected] |
Google–Android |
In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | 7.7 | CVE-2024-34731 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
Google–Android |
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | 7.7 | CVE-2024-34734 [email protected] [email protected] |
Google–Android |
In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | 7.7 | CVE-2024-34737 [email protected] [email protected] |
Google–Android |
In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | 7.7 | CVE-2024-34738 [email protected] [email protected] |
Google–Android |
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-08-15 | 7.7 | CVE-2024-34739 [email protected] [email protected] |
Google–Android |
In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | 7.7 | CVE-2024-34740 [email protected] [email protected] [email protected] |
Google–Android |
In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | 7.8 | CVE-2024-34741 [email protected] [email protected] |
guillaumepotier–gettext.js |
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms. | 2024-08-16 | 7.2 | CVE-2024-43370 [email protected] [email protected] |
HitPay Payment Solutions Pte Ltd–HitPay Payment Gateway for WooCommerce |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3. | 2024-08-13 | 7.5 | CVE-2024-38747 [email protected] |
ibexa–fieldtype-richtext |
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists `javascript:` and `vbscript:` in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which typically means Editor role or higher. The fix implements an allowlist instead, which allows only approved link protocols. The new check is case insensitive. Version 4.6.10 contains a patch for this issue. No known workarounds are available. | 2024-08-16 | 7.2 | CVE-2024-43369 [email protected] [email protected] [email protected] [email protected] [email protected] |
IBM–Common Licensing |
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. | 2024-08-13 | 7.5 | CVE-2024-40697 [email protected] [email protected] |
IBM–OpenBMC |
A vulnerability in the combination of the OpenBMC’s FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674. | 2024-08-13 | 7.5 | CVE-2024-35124 [email protected] [email protected] |
IBM–Security Directory Integrator |
IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM X-Force ID: 228570. | 2024-08-16 | 7.3 | CVE-2022-33162 [email protected] [email protected] |
inspirelabs–InPost PL |
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the ‘parse_request’ function in all versions up to, and including, 1.4.0 (for InPost for WooCommerce) as well as 1.4.4 (for InPost PL). This makes it possible for unauthenticated attackers to read and delete arbitrary files on Windows servers. On Linux servers, only files within the WordPress install will be deleted, but all files can be read. | 2024-08-17 | 10 | CVE-2024-6500 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
inspireui–MStore API Create Native Android & iOS Apps On The Cloud |
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the ‘verify_id_token’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to an @flutter.io email address or phone number. This also requires firebase to be configured on the website and the user to have set up firebase for their account. | 2024-08-15 | 8.1 | CVE-2024-7628 [email protected] [email protected] [email protected] [email protected] [email protected] |
itsourcecode–Billing System |
A vulnerability classified as critical has been found in itsourcecode Billing System 1.0. This affects an unknown part of the file addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 7.3 | CVE-2024-7839 [email protected] [email protected] [email protected] [email protected] |
itsourcecode–Online Food Ordering System |
A vulnerability was found in itsourcecode Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /addcategory.php. The manipulation of the argument cname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 7.3 | CVE-2024-7838 [email protected] [email protected] [email protected] [email protected] |
ivanti — avalanche |
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | 2024-08-14 | 9.1 | CVE-2024-38652 [email protected] |
ivanti — avalanche |
An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 2024-08-14 | 7.5 | CVE-2024-36136 [email protected] |
ivanti — avalanche |
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | 2024-08-14 | 7.2 | CVE-2024-37373 [email protected] |
ivanti — avalanche |
A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS. | 2024-08-14 | 7.5 | CVE-2024-37399 [email protected] |
ivanti — avalanche |
XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | 2024-08-14 | 7.5 | CVE-2024-38653 [email protected] |
Ivanti–ITSM |
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. | 2024-08-13 | 9.6 | CVE-2024-7569 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–ITSM |
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. | 2024-08-13 | 8.3 | CVE-2024-7570 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
Ivanti–vTM |
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | 2024-08-13 | 9.8 | CVE-2024-7593 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 |
j4k0xb — webcrack |
webcrack is a tool for reverse engineering javascript. An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. This vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution. This vulnerability has been patched in version 2.14.1. | 2024-08-15 | 7.8 | CVE-2024-43373 [email protected] [email protected] [email protected] |
jayesh — online_exam_system |
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | 2024-08-12 | 9.8 | CVE-2024-40480 [email protected] [email protected] |
kingsoft — wps_office |
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 (inclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document | 2024-08-15 | 7.8 | CVE-2024-7262 [email protected] |
kingsoft — wps_office |
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17153 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library. | 2024-08-15 | 7.8 | CVE-2024-7263 [email protected] |
Kubernetes–ingress-nginx |
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | 2024-08-16 | 8.8 | CVE-2024-7646 [email protected] [email protected] [email protected] [email protected] |
Lenovo–Display Control Center |
An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. | 2024-08-16 | 7.8 | CVE-2024-2175 [email protected] |
Lenovo–Display Control Center |
An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel. | 2024-08-16 | 7.8 | CVE-2024-4763 [email protected] |
libtiff — libtiff |
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. | 2024-08-12 | 7.5 | CVE-2024-7006 [email protected] [email protected] |
litestar-org–litestar |
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar’s `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permission to write issues, read metadata, and write pull requests. In addition, the `DOCS_PREVIEW_DEPLOY_TOKEN` is exposed to the attacker. Commit 84d351e96aaa2a1338006d6e7221eded161f517b contains a fix for this issue. | 2024-08-12 | 8.3 | CVE-2024-42370 [email protected] [email protected] [email protected] [email protected] |
ManageEngine–ADAudit Plus |
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer’s dashboard. | 2024-08-12 | 8.3 | CVE-2024-36518 0fc0942c-577d-436f-ae8e-945763c79b02 |
matter-labs–era-compiler-vyper |
zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However, more real-life use cases like iterating over an array are not affected. No contracts were affected by this issue, which was fixed in version 1.5.3. Upgrading and redeploying affected contracts is the only way to avoid the vulnerability. | 2024-08-15 | 7.5 | CVE-2024-43366 [email protected] |
mayurik — advocate_office_management_system |
A vulnerability classified as critical has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file delete_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7638 [email protected] [email protected] [email protected] [email protected] |
mayurik — advocate_office_management_system |
A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This vulnerability affects unknown code of the file delete_act.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7639 [email protected] [email protected] [email protected] [email protected] |
mayurik — advocate_office_management_system |
A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This issue affects some unknown processing of the file delete_register.php. The manipulation of the argument case_register_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7640 [email protected] [email protected] [email protected] [email protected] |
mayurik — advocate_office_management_system |
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file deactivate_act.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7641 [email protected] [email protected] [email protected] [email protected] |
mayurik — advocate_office_management_system |
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file activate_act.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7642 [email protected] [email protected] [email protected] [email protected] |
mayurik — best_house_rental_management |
A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant. | 2024-08-12 | 8 | CVE-2024-40476 [email protected] [email protected] |
mayurik — best_house_rental_management_system |
SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php. | 2024-08-12 | 8.8 | CVE-2024-40475 [email protected] [email protected] |
MCJack123–craftos2 |
CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue. | 2024-08-16 | 8.2 | CVE-2024-43395 [email protected] [email protected] |
MediaTek, Inc.–MT2735, MT2737, MT6833, MT6835, MT6835T, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990 |
In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529. | 2024-08-14 | 9.8 | CVE-2024-20082 [email protected] |
microsoft — .net |
.NET and Visual Studio Denial of Service Vulnerability | 2024-08-13 | 7.5 | CVE-2024-38168 [email protected] |
microsoft — 365_apps |
Microsoft Project Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38189 [email protected] |
microsoft — 365_apps |
Microsoft Office Visio Remote Code Execution Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38169 [email protected] |
microsoft — 365_apps |
Microsoft Excel Remote Code Execution Vulnerability | 2024-08-13 | 7.1 | CVE-2024-38170 [email protected] |
microsoft — 365_apps |
Microsoft PowerPoint Remote Code Execution Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38171 [email protected] |
microsoft — 365_apps |
Microsoft Excel Remote Code Execution Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38172 [email protected] |
microsoft — app_installer |
Windows App Installer Spoofing Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38177 [email protected] |
microsoft — azure_connected_machine_agent |
Azure Connected Machine Agent Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38098 [email protected] |
microsoft — azure_connected_machine_agent |
Azure Connected Machine Agent Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38162 [email protected] |
microsoft — azure_cyclecloud |
Azure CycleCloud Remote Code Execution Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38195 [email protected] |
microsoft — azure_health_bot |
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | 2024-08-13 | 8.8 | CVE-2024-38109 [email protected] |
microsoft — azure_iot_hub_device_client_sdk |
Azure IoT SDK Remote Code Execution Vulnerability | 2024-08-13 | 7 | CVE-2024-38157 [email protected] |
microsoft — azure_iot_hub_device_client_sdk |
Azure IoT SDK Remote Code Execution Vulnerability | 2024-08-13 | 7 | CVE-2024-38158 [email protected] |
microsoft — azure_stack_hub |
Azure Stack Hub Spoofing Vulnerability | 2024-08-13 | 9.3 | CVE-2024-38108 [email protected] |
microsoft — azure_stack_hub |
Azure Stack Hub Elevation of Privilege Vulnerability | 2024-08-13 | 7 | CVE-2024-38201 [email protected] |
microsoft — dynamics_365 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2024-08-13 | 8.2 | CVE-2024-38211 [email protected] |
microsoft — officeplus |
Microsoft OfficePlus Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38084 [email protected] |
microsoft — remote_desktop |
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38131 [email protected] |
microsoft — windows_10_1507 |
Windows TCP/IP Remote Code Execution Vulnerability | 2024-08-13 | 9.8 | CVE-2024-38063 [email protected] |
microsoft — windows_10_1507 |
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | 2024-08-13 | 9.8 | CVE-2024-38140 [email protected] |
microsoft — windows_10_1507 |
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | 2024-08-13 | 9.8 | CVE-2024-38199 [email protected] |
microsoft — windows_10_1507 |
Windows Kerberos Elevation of Privilege Vulnerability | 2024-08-13 | 8.1 | CVE-2024-29995 [email protected] |
microsoft — windows_10_1507 |
Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38114 [email protected] |
microsoft — windows_10_1507 |
Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38115 [email protected] |
microsoft — windows_10_1507 |
Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38116 [email protected] |
microsoft — windows_10_1507 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38130 [email protected] |
microsoft — windows_10_1507 |
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38144 [email protected] |
microsoft — windows_10_1507 |
Windows SmartScreen Security Feature Bypass Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38180 [email protected] |
microsoft — windows_10_1507 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-08-13 | 7 | CVE-2024-38106 [email protected] |
microsoft — windows_10_1507 |
Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38107 [email protected] |
microsoft — windows_10_1507 |
NTFS Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38117 [email protected] |
microsoft — windows_10_1507 |
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38125 [email protected] |
microsoft — windows_10_1507 |
Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-08-13 | 7.5 | CVE-2024-38126 [email protected] |
microsoft — windows_10_1507 |
Windows Hyper-V Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38127 [email protected] |
microsoft — windows_10_1507 |
Windows Network Address Translation (NAT) Denial of Service Vulnerability | 2024-08-13 | 7.5 | CVE-2024-38132 [email protected] |
microsoft — windows_10_1507 |
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38134 [email protected] |
microsoft — windows_10_1507 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38141 [email protected] |
microsoft — windows_10_1507 |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38142 [email protected] |
microsoft — windows_10_1507 |
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 2024-08-13 | 7.5 | CVE-2024-38145 [email protected] |
microsoft — windows_10_1507 |
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | 2024-08-13 | 7.5 | CVE-2024-38146 [email protected] |
microsoft — windows_10_1507 |
Windows OLE Remote Code Execution Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38152 [email protected] |
microsoft — windows_10_1507 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38153 [email protected] |
microsoft — windows_10_1507 |
Scripting Engine Memory Corruption Vulnerability | 2024-08-13 | 7.5 | CVE-2024-38178 [email protected] |
microsoft — windows_10_1507 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38193 [email protected] |
microsoft — windows_10_1507 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38196 [email protected] |
microsoft — windows_10_1507 |
Windows Print Spooler Elevation of Privilege Vulnerability | 2024-08-13 | 7.5 | CVE-2024-38198 [email protected] |
microsoft — windows_10_1607 |
Windows Network Virtualization Remote Code Execution Vulnerability | 2024-08-13 | 9.1 | CVE-2024-38159 [email protected] |
microsoft — windows_10_1607 |
Windows Network Virtualization Remote Code Execution Vulnerability | 2024-08-13 | 9.1 | CVE-2024-38160 [email protected] |
microsoft — windows_10_1607 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38184 [email protected] |
microsoft — windows_10_1607 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38185 [email protected] |
microsoft — windows_10_1607 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38186 [email protected] |
microsoft — windows_10_1607 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38187 [email protected] |
microsoft — windows_10_1607 |
Kernel Streaming Service Driver Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38191 [email protected] |
microsoft — windows_10_1809 |
Windows Kernel Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38133 [email protected] |
microsoft — windows_10_1809 |
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | 2024-08-13 | 7 | CVE-2024-38136 [email protected] |
microsoft — windows_10_1809 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38215 [email protected] |
microsoft — windows_10_21h2 |
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | 2024-08-13 | 7 | CVE-2024-38137 [email protected] |
microsoft — windows_10_21h2 |
Microsoft DWM Core Library Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38147 [email protected] |
microsoft — windows_10_21h2 |
Windows DWM Core Library Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38150 [email protected] |
microsoft — windows_11_21h2 |
Windows Secure Channel Denial of Service Vulnerability | 2024-08-13 | 7.5 | CVE-2024-38148 [email protected] |
microsoft — windows_11_22h2 |
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 2024-08-13 | 7.8 | CVE-2024-38135 [email protected] |
microsoft — windows_server_2008 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38120 [email protected] |
microsoft — windows_server_2008 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38121 [email protected] |
microsoft — windows_server_2008 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38128 [email protected] |
microsoft — windows_server_2008 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-08-13 | 8.8 | CVE-2024-38154 [email protected] |
microsoft — windows_server_2008 |
Windows DNS Spoofing Vulnerability | 2024-08-13 | 7.5 | CVE-2024-37968 [email protected] |
microsoft — windows_server_2016 |
Windows Deployment Services Remote Code Execution Vulnerability | 2024-08-13 | 7.5 | CVE-2024-38138 [email protected] |
Microsoft–Microsoft Edge (Chromium-based) |
Microsoft Edge (HTML-based) Memory Corruption Vulnerability | 2024-08-12 | 8.4 | CVE-2024-38218 [email protected] |
Microsoft–Windows Server 2022 |
Windows Update Stack Elevation of Privilege Vulnerability | 2024-08-14 | 7.8 | CVE-2024-38163 [email protected] |
Muhammad Rehman–Contact Form 7 Summary and Print |
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Muhammad Rehman Contact Form 7 Summary and Print allows Stored XSS.This issue affects Contact Form 7 Summary and Print: from n/a through 1.2.5. | 2024-08-13 | 7.1 | CVE-2024-38724 [email protected] |
MultiVendorX–WC Marketplace |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17. | 2024-08-12 | 7.1 | CVE-2024-43213 [email protected] |
n/a–Intel(R) Core(TM) Ultra Processor stream cache mechanism |
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 7.8 | CVE-2023-42667 [email protected] |
n/a–Intel(R) Ethernet Network Controllers and Adapters |
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 8.8 | CVE-2024-21807 [email protected] |
n/a–Intel(R) Ethernet Network Controllers and Adapters |
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 8.8 | CVE-2024-21810 [email protected] |
n/a–Intel(R) Ethernet Network Controllers and Adapters |
Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 8.8 | CVE-2024-23497 [email protected] |
n/a–Intel(R) Ethernet Network Controllers and Adapters |
Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 8.8 | CVE-2024-23981 [email protected] |
n/a–Intel(R) Ethernet Network Controllers and Adapters |
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 8.8 | CVE-2024-24986 [email protected] |
n/a–Intel(R) FPGA products |
improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. | 2024-08-14 | 7.9 | CVE-2024-25576 [email protected] |
n/a–Intel(R) NUC |
Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access. | 2024-08-14 | 7.5 | CVE-2024-34163 [email protected] |
n/a–Intel(R) Processor |
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-08-14 | 7.2 | CVE-2024-24853 [email protected] |
n/a–Intel(R) Processors stream cache mechanism |
Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 7.8 | CVE-2023-49141 [email protected] |
n/a–Intel(R) Server Board S2600ST Family firmware |
Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-08-14 | 8.2 | CVE-2024-28947 [email protected] |
n/a–Intel(R) TDX module software |
Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access. | 2024-08-14 | 7.1 | CVE-2024-21801 [email protected] |
n/a–Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC |
Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 7.8 | CVE-2024-26022 [email protected] |
n/a–n/a |
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution. | 2024-08-15 | 9.8 | CVE-2024-23168 [email protected] [email protected] [email protected] |
n/a–n/a |
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. | 2024-08-15 | 9.8 | CVE-2024-27730 [email protected] [email protected] |
n/a–n/a |
izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | 2024-08-12 | 9.8 | CVE-2024-38989 [email protected] [email protected] |
n/a–n/a |
A SQL injection vulnerability in “/oahms/admin/forgot-password.php” in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the “email” parameter. | 2024-08-12 | 9.8 | CVE-2024-40477 [email protected] [email protected] |
n/a–n/a |
An Unrestricted file upload vulnerability was found in “/Membership/edit_member.php” of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2024-08-12 | 9.8 | CVE-2024-40482 [email protected] |
n/a–n/a |
A SQL injection vulnerability in “/index.php” of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. | 2024-08-12 | 9.8 | CVE-2024-40486 [email protected] [email protected] |
n/a–n/a |
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration. | 2024-08-12 | 9.8 | CVE-2024-41475 [email protected] |
n/a–n/a |
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php. | 2024-08-12 | 9.8 | CVE-2024-41476 [email protected] [email protected] |
n/a–n/a |
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server. | 2024-08-12 | 9.8 | CVE-2024-41570 [email protected] |
n/a–n/a |
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. | 2024-08-12 | 9.8 | CVE-2024-41651 [email protected] |
n/a–n/a |
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. | 2024-08-16 | 9.8 | CVE-2024-42634 [email protected] |
n/a–n/a |
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 2024-08-16 | 9.8 | CVE-2024-42637 [email protected] [email protected] |
n/a–n/a |
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. | 2024-08-12 | 8.8 | CVE-2023-48171 [email protected] |
n/a–n/a |
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks. | 2024-08-15 | 8.8 | CVE-2024-22218 [email protected] [email protected] |
n/a–n/a |
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Motherboard’s with the following chipsets are affected: Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600 and AMD 700. | 2024-08-12 | 8.2 | CVE-2024-36877 [email protected] [email protected] |
n/a–n/a |
A SQL injection vulnerability in “/admin/quizquestion.php” in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the “eid” parameter. | 2024-08-12 | 8.1 | CVE-2024-40479 [email protected] [email protected] |
n/a–n/a |
A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. | 2024-08-12 | 8.8 | CVE-2024-40488 [email protected] [email protected] |
n/a–n/a |
Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. | 2024-08-12 | 8.8 | CVE-2024-40500 [email protected] |
n/a–n/a |
File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component | 2024-08-15 | 8.8 | CVE-2024-42676 [email protected] |
n/a–n/a |
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the “Migration” administrative module to disable arbitrary modules. | 2024-08-16 | 8.3 | CVE-2024-42995 [email protected] |
n/a–n/a |
In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in remote code execution within the kernel. This affects Amp, Arc, Arc SL, Beam, Beam Gen 2, Beam SL, and Five. | 2024-08-12 | 7.8 | CVE-2023-50809 [email protected] |
n/a–n/a |
An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers. | 2024-08-13 | 7.4 | CVE-2024-37015 [email protected] [email protected] |
n/a–n/a |
A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | 2024-08-12 | 7.5 | CVE-2024-37826 [email protected] |
n/a–n/a |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-13 | 7.8 | CVE-2024-42736 [email protected] |
n/a–n/a |
VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the “CompanyDetails” operation of the “MailManager” module. | 2024-08-16 | 7.2 | CVE-2024-42994 [email protected] |
nickboss–WordPress File Upload |
The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-08-16 | 7.2 | CVE-2024-7301 [email protected] [email protected] [email protected] [email protected] [email protected] |
NixOS–calamares-nixos-extensions |
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitions are encrypted; but the partitions containing either `/` or `/boot` are unencrypted; have their LUKS disk encryption key file in plain text either in `/crypto_keyfile.bin`, or in a CPIO archive attached to their NixOS initrd. `nixos-install` is not affected, nor are UEFI installations, nor was the default automatic partitioning configuration on legacy BIOS systems. The problem has been fixed in calamares-nixos-extensions 0.3.17, which was included in NixOS. The current installer images for the NixOS 24.05 and unstable (24.11) channels are unaffected. The fix reached 24.05 at 2024-08-13 20:06:59 UTC, and unstable at 2024-08-15 09:00:20 UTC. Installer images downloaded before those times may be vulnerable. The best solution for affected users is probably to back up their data and do a complete reinstallation. However, the mitigation procedure in GHSA-3rvf-24q2-24ww should work solely for the case where `/` is encrypted but `/boot` is not. If `/` is unencrypted, then the `/crypto_keyfile.bin` file will need to be deleted in addition to the remediation steps in the previous advisory. This issue is a partial regression of CVE-2023-36476 / GHSA-3rvf-24q2-24ww, which was more severe as it applied to the default configuration on BIOS systems. | 2024-08-16 | 7.8 | CVE-2024-43378 [email protected] [email protected] [email protected] [email protected] [email protected] |
NVIDIA–Mellanox OS |
NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. | 2024-08-12 | 7.5 | CVE-2024-0113 [email protected] |
openeclass — openeclass |
The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the “save” functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server’s filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16. | 2024-08-12 | 9.8 | CVE-2024-38530 [email protected] [email protected] |
openfga–openfga |
OpenFGA is an authorization/permission engine. OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses `but not` and `from` expressions and a userset. Users should downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. As of time of publication, a patch is not available but OpenFGA’s maintainers are planning a patch for inclusion in a future release. | 2024-08-12 | 7.5 | CVE-2024-42473 [email protected] |
openhab–openhab-webui |
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB’s CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forgery (SSRF) to induce GET HTTP requests to internal-only servers, in case openHAB is exposed in a non-private network. Furthermore, this proxy-feature can also be exploited as a Cross-Site Scripting (XSS) vulnerability, as an attacker is able to re-route a request to their server and return a page with malicious JavaScript code. Since the browser receives this data directly from the openHAB CometVisu UI, this JavaScript code will be executed with the origin of the CometVisu UI. This allows an attacker to exploit call endpoints on an openHAB server even if the openHAB server is located in a private network. (e.g. by sending an openHAB admin a link that proxies malicious JavaScript.) This issue may lead up to Remote Code Execution (RCE) when chained with other vulnerabilities. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch. | 2024-08-12 | 10 | CVE-2024-42467 [email protected] [email protected] [email protected] |
openhab–openhab-webui |
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu’s file system endpoints don’t require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch. | 2024-08-12 | 9.8 | CVE-2024-42469 [email protected] [email protected] |
opentext — directory_services |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. | 2024-08-12 | 9.8 | CVE-2023-7249 [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function save_users of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 8.8 | CVE-2024-7661 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — clinics_patient_management_system |
A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /medicines.php. The manipulation of the argument medicine_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-13 | 7.5 | CVE-2024-7750 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — clinics_patient_management_system |
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /update_medicine.php. The manipulation of the argument hidden_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-13 | 7.5 | CVE-2024-7751 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — clinics_patient_management_system |
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user_images/. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-14 | 7.5 | CVE-2024-7753 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — clinics_patient_management_system |
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ajax/check_medicine_name.php. The manipulation of the argument user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-14 | 7.5 | CVE-2024-7754 [email protected] [email protected] [email protected] [email protected] |
Parcel Panel–ParcelPanel |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Parcel Panel ParcelPanel allows Reflected XSS.This issue affects ParcelPanel: from n/a through 4.3.2. | 2024-08-12 | 7.1 | CVE-2024-43163 [email protected] |
Pepperl+Fuchs–ICDM-RX/TCP-DB9/RJ45-DIN |
An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. | 2024-08-13 | 7.1 | CVE-2024-38502 [email protected] |
Pepperl+Fuchs–ICDM-RX/TCP-DB9/RJ45-DIN |
An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. | 2024-08-13 | 7.1 | CVE-2024-5849 [email protected] |
PHOENIX CONTACT–CHARX SEC-3000 |
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password. | 2024-08-13 | 8.6 | CVE-2024-6788 [email protected] |
Phoenix Contact–CHARX SEC-3000 (1139022) |
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup. | 2024-08-13 | 7.5 | CVE-2024-3913 [email protected] |
Pierre Lebedel–Kodex Posts likes |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. | 2024-08-12 | 7.1 | CVE-2024-43217 [email protected] |
projectsend — projectsend |
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generate_random_string of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version r1720 is able to address this issue. The name of the patch is aa27eb97edc2ff2b203f97e6675d7b5ba0a22a17. It is recommended to upgrade the affected component. | 2024-08-12 | 7.5 | CVE-2024-7659 [email protected] [email protected] [email protected] [email protected] [email protected] |
pxlrbt–filament-excel |
Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the URL. Patched with Version v2.3.3. | 2024-08-12 | 7.5 | CVE-2024-42485 [email protected] [email protected] |
rabilal–JS Help Desk The Ultimate Help Desk & Support Plugin |
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the ‘storeTheme’ function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added. | 2024-08-13 | 9.8 | CVE-2024-7094 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
realmag777–HUSKY |
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1. | 2024-08-13 | 9.1 | CVE-2024-43121 [email protected] |
Red Hat–Fence Agents Remediation Operator |
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the –ssh-path/–telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting –ssh-path/–telnet-path arguments to execute arbitrary commands on the operator’s pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges. | 2024-08-12 | 8.8 | CVE-2024-5651 [email protected] [email protected] |
redhat — openshift_ai |
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access other models and APIs within the same namespace. The exposed ServiceAccount tokens, visible in the UI, can be utilized with oc –token={token} to exploit the elevated view privileges associated with the ServiceAccount, leading to unauthorized access to additional resources. | 2024-08-12 | 8.8 | CVE-2024-7557 [email protected] [email protected] |
rems — accounts_manager_app |
A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0. This issue affects some unknown processing of the file /endpoint/delete-account.php. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-13 | 9.8 | CVE-2024-7748 [email protected] [email protected] [email protected] [email protected] |
rems — daily_calories_monitoring_tool |
Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via “delete-calorie.php.” | 2024-08-12 | 9.8 | CVE-2024-40472 [email protected] [email protected] |
rems — leads_manager_tool |
A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 9.8 | CVE-2024-7643 [email protected] [email protected] [email protected] [email protected] |
Roland Barker, xnau webdesign–Participants Database |
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2. | 2024-08-13 | 9.8 | CVE-2024-43141 [email protected] |
samsung — magicinfo_9_server |
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. | 2024-08-12 | 7.5 | CVE-2024-7399 [email protected] |
SAP_SE–SAP BEx Web Java Runtime Export Web Service |
BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. An attacker can retrieve information from the SAP ADS system and exhaust the number of XMLForm service which makes the SAP ADS rendering (PDF creation) unavailable. This affects the confidentiality and availability of the application. | 2024-08-13 | 8.2 | CVE-2024-42374 [email protected] [email protected] |
SAP_SE–SAP BusinessObjects Business Intelligence Platform |
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability. | 2024-08-13 | 9.8 | CVE-2024-41730 [email protected] [email protected] |
SAP_SE–SAP Commerce Cloud |
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application. | 2024-08-13 | 7.4 | CVE-2024-33003 [email protected] [email protected] |
Scooter Software–Beyond Compare |
A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue. | 2024-08-16 | 7.8 | CVE-2024-7886 [email protected] [email protected] [email protected] |
SECOM–Dr.ID Access control system |
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | 2024-08-14 | 9.8 | CVE-2024-7731 [email protected] [email protected] |
SECOM–Dr.ID Attendance system |
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | 2024-08-14 | 9.8 | CVE-2024-7732 [email protected] [email protected] |
Sender–Sender Newsletter, SMS and Email Marketing Automation for WooCommerce |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.14. | 2024-08-12 | 7.1 | CVE-2024-43126 [email protected] |
siemens — location_intelligence |
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device. | 2024-08-13 | 7.5 | CVE-2024-41681 [email protected] |
siemens — sinec_nms |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges. | 2024-08-13 | 9.1 | CVE-2024-41940 [email protected] |
siemens — sinec_nms |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application. | 2024-08-13 | 8.8 | CVE-2024-41939 [email protected] |
siemens — sinec_nms |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITYSYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. | 2024-08-13 | 7.8 | CVE-2024-36398 [email protected] |
siemens — sinec_traffic_analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container’s root filesystem with read and write privileges. This could allow an attacker to alter the container’s filesystem leading to unauthorized modifications and data corruption. | 2024-08-13 | 7.2 | CVE-2024-41903 [email protected] |
siemens — sinec_traffic_analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys. | 2024-08-13 | 7.5 | CVE-2024-41904 [email protected] |
Siemens–JT2Go |
The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | 2024-08-12 | 7.8 | CVE-2023-7066 [email protected] [email protected] |
Siemens–NX |
A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process. | 2024-08-13 | 7.8 | CVE-2024-41908 [email protected] |
Siemens–RUGGEDCOM RM1224 LTE(4G) EU |
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly validate input in specific VPN configuration fields. This could allow an authenticated remote attacker to execute arbitrary code on the device. | 2024-08-13 | 7.2 | CVE-2024-41976 [email protected] |
Siemens–RUGGEDCOM RM1224 LTE(4G) EU |
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices. | 2024-08-13 | 7.1 | CVE-2024-41977 [email protected] |
skyportlabs–skyportd |
Skyport Daemon (skyportd) is the daemon for the Skyport Panel. By making thousands of folders & files (easy due to skyport’s lack of rate limiting on createFolder. createFile), skyportd in a lot of cases will cause 100% CPU usage and an OOM, probably crashing the system. This is fixed in 0.2.2. | 2024-08-12 | 7.5 | CVE-2024-42481 [email protected] |
solarwinds — web_help_desk |
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.  However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available. | 2024-08-13 | 9.8 | CVE-2024-28986 [email protected] [email protected] |
SourceCodester–Simple Online Bidding System |
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. Affected is an unknown function of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 7.3 | CVE-2024-7797 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Simple Online Bidding System |
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 7.3 | CVE-2024-7798 [email protected] [email protected] [email protected] [email protected] |
TagDiv–tagDiv Opt-In Builder |
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the ‘subscriptionCouponId’ parameter via the ‘create_stripe_subscription’ REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-08-17 | 7.2 | CVE-2023-3416 [email protected] [email protected] |
TagDiv–tagDiv Opt-In Builder |
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the ‘couponId’ parameter of the ‘recreate_stripe_subscription’ REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-08-17 | 7.2 | CVE-2023-3419 [email protected] [email protected] |
tc39–ecma262 |
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference. The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. Unfortunately, these IteratorResult objects inherit from `Object.prototype`, so these IteratorResult objects can be made then-able, triggering arbitrary behaviour, including re-entering the async generator machinery in a way that violates some internal invariants. The ECMAScript specification is a living standard and the issue has been addressed at the time of this advisory’s public disclosure. JavaScript engine implementors should refer to the latest specification and update their implementations to comply with the `AsyncGenerator` section. ## References – https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727 – https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 – https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq – https://bugs.webkit.org/show_bug.cgi?id=275407 – https://issues.chromium.org/issues/346692561 – https://www.cve.org/CVERecord?id=CVE-2024-7652 | 2024-08-15 | 8.6 | CVE-2024-43357 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
Team Johnlong software–Raiden MAILD Remote Management System |
Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server. | 2024-08-12 | 7.5 | CVE-2024-7693 [email protected] [email protected] |
TeamT5–ThreatSonar Anti-Ransomware |
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server. | 2024-08-12 | 7.2 | CVE-2024-7694 [email protected] [email protected] |
TECNO–com.transsion.carlcare |
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. | 2024-08-12 | 7.5 | CVE-2024-7697 907edf6c-bf03-423e-ab1a-8da27e1aa1ea 907edf6c-bf03-423e-ab1a-8da27e1aa1ea |
tenda — fh1201_firmware |
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. | 2024-08-15 | 9.8 | CVE-2024-42947 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42940 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42941 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42943 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42944 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42946 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42948 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42950 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42951 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42952 [email protected] |
tenda — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42955 [email protected] |
tenda — fh1206_firmware |
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. | 2024-08-15 | 9.8 | CVE-2024-42978 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42968 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42969 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42973 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42974 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42976 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42977 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42979 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42980 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42981 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42982 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42983 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42984 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42985 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42986 [email protected] |
tenda — fh1206_firmware |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42987 [email protected] |
Tenda–FH1206 |
A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-12 | 8.8 | CVE-2024-7613 [email protected] [email protected] [email protected] [email protected] |
Tenda–FH1206 |
A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-12 | 8.8 | CVE-2024-7614 [email protected] [email protected] [email protected] [email protected] |
Tenda–FH1206 |
A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-12 | 8.8 | CVE-2024-7615 [email protected] [email protected] [email protected] [email protected] |
Tenda–FH1206 |
A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-13 | 8.8 | CVE-2024-7707 [email protected] [email protected] [email protected] [email protected] |
tendacn — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42942 [email protected] |
tendacn — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42945 [email protected] |
tendacn — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42949 [email protected] |
tendacn — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42953 [email protected] |
tendacn — fh1201_firmware |
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-08-15 | 7.5 | CVE-2024-42954 [email protected] |
Themewinter–WPCafe |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28. | 2024-08-13 | 7.5 | CVE-2024-43135 [email protected] |
thiagosf–Skitter Slideshow |
The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-08-17 | 7.2 | CVE-2022-1751 [email protected] [email protected] [email protected] |
Tosei–Online Store Management System |
A vulnerability classified as critical was found in Tosei Online Store Management System ãƒãƒƒãƒˆåº—舗管ç†ã‚·ã‚¹ãƒ†ãƒ 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-17 | 7.3 | CVE-2024-7898 [email protected] [email protected] [email protected] [email protected] |
totolink — a3002r_firmware |
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. | 2024-08-12 | 9.8 | CVE-2024-42520 [email protected] |
totolink — a3100r_firmware |
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function. | 2024-08-12 | 9.8 | CVE-2024-42546 [email protected] |
totolink — a3100r_firmware |
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | 2024-08-12 | 9.8 | CVE-2024-42547 [email protected] |
totolink — a3700r_firmware |
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. | 2024-08-12 | 9.8 | CVE-2024-42543 [email protected] |
totolink — a3700r_firmware |
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function. | 2024-08-12 | 9.8 | CVE-2024-42545 [email protected] |
totolink — lr350_firmware |
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | 2024-08-15 | 9.8 | CVE-2024-42967 [email protected] |
totolink — n350rt_firmware |
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | 2024-08-15 | 9.8 | CVE-2024-42966 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-13 | 8.8 | CVE-2024-42737 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-13 | 8.8 | CVE-2024-42738 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-13 | 8.8 | CVE-2024-42739 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-12 | 8.8 | CVE-2024-42741 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-12 | 8.8 | CVE-2024-42742 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-12 | 8.8 | CVE-2024-42743 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-12 | 8.8 | CVE-2024-42744 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-12 | 8.8 | CVE-2024-42745 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-12 | 8.8 | CVE-2024-42747 [email protected] |
totolink — x5000r_firmware |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-12 | 8.8 | CVE-2024-42748 [email protected] |
veribase — order_management |
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2. | 2024-08-12 | 9.8 | CVE-2024-6917 [email protected] |
Vonets–VAR1200-H |
Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code. | 2024-08-12 | 10 | CVE-2024-39791 [email protected] |
Vonets–VAR1200-H |
Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters. | 2024-08-12 | 9.1 | CVE-2024-37023 [email protected] |
Vonets–VAR1200-H |
Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service. | 2024-08-12 | 9.1 | CVE-2024-39815 [email protected] |
Vonets–VAR1200-H |
Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints. | 2024-08-12 | 8.6 | CVE-2024-29082 [email protected] |
Vonets–VAR1200-H |
An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session. | 2024-08-12 | 8.6 | CVE-2024-42001 [email protected] |
Vonets–VAR1200-H |
A directory traversal vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to read arbitrary files and bypass authentication. | 2024-08-12 | 7.5 | CVE-2024-41936 [email protected] |
wanglongcn–ltcms |
A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-13 | 7.3 | CVE-2024-7740 [email protected] [email protected] [email protected] [email protected] |
wanglongcn–ltcms |
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-13 | 7.3 | CVE-2024-7742 [email protected] [email protected] [email protected] [email protected] |
wanglongcn–ltcms |
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-13 | 7.3 | CVE-2024-7743 [email protected] [email protected] [email protected] [email protected] |
WofficeIO–Woffice |
Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10. | 2024-08-13 | 9.8 | CVE-2024-43153 [email protected] |
WP Swings–Wallet System for WooCommerce |
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. | 2024-08-13 | 7.5 | CVE-2024-38699 [email protected] |
WPFactory–Products, Order & Customers Export for WooCommerce |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11. | 2024-08-12 | 7.1 | CVE-2024-43127 [email protected] |
WPWeb–Docket (WooCommerce Collections / Wishlist / Watchlist) |
Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0. | 2024-08-13 | 7.5 | CVE-2024-43131 [email protected] |
WPWeb–WooCommerce – Social Login |
The WooCommerce – Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the ‘woo_slg_confirm_email_user’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the userID. This requires the email module to be enabled. | 2024-08-12 | 9.8 | CVE-2024-7503 [email protected] [email protected] |
WPWeb–WooCommerce PDF Vouchers |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5. | 2024-08-13 | 8.6 | CVE-2024-39651 [email protected] |
wurmlab — sequenceserver |
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2. | 2024-08-14 | 9.8 | CVE-2024-42360 [email protected] [email protected] |
xpeedstudio–MetForm Contact Form, Survey, Quiz, & Custom Form Builder for Elementor |
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a “double extension” attack and upload files containing a malicious extension but ending with a benign extension, which may make remote code execution possible in some configurations. | 2024-08-17 | 8.1 | CVE-2023-0714 [email protected] [email protected] [email protected] |
xwikisas–xwiki-pro-macros |
Pro Macros provides XWiki rendering macros. Missing escaping in the Viewpdf macro allows any user with view right on the `CKEditor.HTMLConverter` page or edit or comment right on any page to perform remote code execution. Other macros like Viewppt are vulnerable to the same kind of attack. This vulnerability is fixed in 1.10.1. | 2024-08-12 | 10 | CVE-2024-42489 [email protected] [email protected] [email protected] |
Zabbix–Zabbix |
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. | 2024-08-12 | 9.9 | CVE-2024-22116 [email protected] |
Zabbix–Zabbix |
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. | 2024-08-12 | 9.1 | CVE-2024-36461 [email protected] |
Zabbix–Zabbix |
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. | 2024-08-12 | 8.1 | CVE-2024-36460 [email protected] |
Zabbix–Zabbix |
Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected system. | 2024-08-12 | 7.5 | CVE-2024-36462 [email protected] |
zimbra — collaboration |
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mailbox operations. However, an attacker can escalate privileges from the zimbra user to root, because of improper handling of input arguments. An attacker can execute arbitrary commands with elevated privileges, leading to local privilege escalation. | 2024-08-12 | 7.8 | CVE-2024-27442 [email protected] [email protected] |
zimbra — collaboration |
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling of the packages parameter. Attackers can exploit this flaw to include arbitrary local files without authentication, potentially leading to unauthorized access to sensitive information. The vulnerability is limited to files within a specific directory. | 2024-08-12 | 7.5 | CVE-2024-33535 [email protected] [email protected] |
zohocorp — manageengine_adaudit_plus |
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in aggregate reports’ search option. | 2024-08-12 | 8.8 | CVE-2024-36034 0fc0942c-577d-436f-ae8e-945763c79b02 |
zohocorp — manageengine_adaudit_plus |
Zohocorp ManageEngine ADAudit Plus versions below 8003 are vulnerable to authenticated SQL Injection in user session recording. | 2024-08-12 | 8.8 | CVE-2024-36035 0fc0942c-577d-436f-ae8e-945763c79b02 |
zohocorp — manageengine_adaudit_plus |
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in attack surface analyzer’s export option. | 2024-08-12 | 8.8 | CVE-2024-5487 0fc0942c-577d-436f-ae8e-945763c79b02 |
zohocorp — manageengine_adaudit_plus |
Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration. | 2024-08-12 | 8.8 | CVE-2024-5527 0fc0942c-577d-436f-ae8e-945763c79b02 |
ZoneMinder–zoneminder |
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61. | 2024-08-12 | 9.8 | CVE-2024-43360 [email protected] [email protected] [email protected] [email protected] [email protected] |
ZoneMinder–zoneminder |
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34. | 2024-08-12 | 7.1 | CVE-2023-41884 [email protected] [email protected] [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps and Rooms Clients |
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access. | 2024-08-14 | 8.5 | CVE-2024-39825 [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps and SDKs |
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. | 2024-08-14 | 7.5 | CVE-2024-39818 [email protected] |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
2j-slideshow–Slideshow, Image Slider by 2J |
The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-08-17 | 6.1 | CVE-2023-4604 [email protected] [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41832 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41833 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41834 [email protected] |
adobe — acrobat |
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41835 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. | 2024-08-14 | 6.3 | CVE-2024-39408 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. | 2024-08-14 | 6.3 | CVE-2024-39409 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction. | 2024-08-14 | 5.5 | CVE-2024-39410 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 5.4 | CVE-2024-39418 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39404 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39405 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39407 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39411 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39412 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39413 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39414 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39415 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39416 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39417 [email protected] |
adobe — commerce |
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction. | 2024-08-14 | 4.3 | CVE-2024-39419 [email protected] |
adobe — illustrator |
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-34118 [email protected] |
adobe — illustrator |
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-34134 [email protected] |
adobe — illustrator |
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-34135 [email protected] |
adobe — illustrator |
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-34136 [email protected] |
adobe — illustrator |
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-34137 [email protected] |
adobe — illustrator |
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-34138 [email protected] |
adobe — substance_3d_sampler |
Substance3D – Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41860 [email protected] |
adobe — substance_3d_sampler |
Substance3D – Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41861 [email protected] |
adobe — substance_3d_sampler |
Substance3D – Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41862 [email protected] |
adobe — substance_3d_sampler |
Substance3D – Sampler versions 4.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41863 [email protected] |
Adobe–Bridge |
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-39387 [email protected] |
Adobe–Dimension |
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-20790 [email protected] |
Adobe–Dimension |
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-34125 [email protected] |
Adobe–Dimension |
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-34126 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-39395 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41854 [email protected] |
Adobe–InDesign Desktop |
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-08-14 | 5.5 | CVE-2024-41866 [email protected] |
aio-libs–aiohttp |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root directory if those variants are symbolic links. The server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default). It does this by resolving the requested URL to an absolute path and then checking that path relative to the root. However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing the `Path.stat()` and `Path.open()` to send the file. Version 3.10.2 contains a patch for the issue. | 2024-08-12 | 4.8 | CVE-2024-42367 [email protected] [email protected] [email protected] [email protected] [email protected] |
airveda — pm2.5_pm10_monitor_firmware |
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system. | 2024-08-12 | 6.5 | CVE-2024-7408 [email protected] |
algoritmika–Download Plugins and Themes in ZIP from Dashboard |
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This makes it possible for unauthenticated attackers to download arbitrary themes from the website via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. In versions prior to 1.8.6 it was possible to download the entire sites files. | 2024-08-16 | 4.2 | CVE-2024-7501 [email protected] [email protected] |
AMD–AMD EPYC 7001 Processors |
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service. | 2024-08-13 | 5.2 | CVE-2021-46746 [email protected] |
AMD–AMD EPYC 7001 Series Processors |
Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASPÂ to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity. | 2024-08-13 | 5.7 | CVE-2024-21981 [email protected] |
AMD–AMD EPYC 7003 Series Processors |
Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability. | 2024-08-13 | 6.5 | CVE-2023-20591 [email protected] |
AMD–AMD EPYC 7003 Processors |
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. | 2024-08-13 | 5.3 | CVE-2023-20584 [email protected] |
AMD–AMD EPYC 7003 Processors |
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. | 2024-08-13 | 4.4 | CVE-2023-31356 [email protected] |
AMD–AMD Radeon RX 6000 Series Graphics Cards |
An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity. | 2024-08-13 | 5.2 | CVE-2023-20509 [email protected] |
AMD–AMD Radeon RX 6000 Series Graphics Cards |
Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the “set temperature input selection” command, potentially resulting in a loss of integrity and/or availability. | 2024-08-13 | 5 | CVE-2023-31310 [email protected] |
AMD–AMD Radeon RX 6000 Series Graphics Cards |
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service. | 2024-08-13 | 4.7 | CVE-2023-20510 [email protected] |
AMD–AMD Ryzen 5000 Series Desktop Processor with Radeon Graphics |
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability. | 2024-08-13 | 5.7 | CVE-2021-26367 [email protected] [email protected] |
AMD–Zynq UltraScale+ MPSoC/RFSoC |
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynqâ„¢ UltraScale+â„¢) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service. | 2024-08-13 | 4.8 | CVE-2023-31339 [email protected] |
Antoine Hurkmans–Football Pool |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9. | 2024-08-12 | 6.5 | CVE-2024-43139 [email protected] |
Antoine Hurkmans–Football Pool |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.10. | 2024-08-12 | 5.9 | CVE-2024-43130 [email protected] |
Averta–Depicter Slider |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2. | 2024-08-12 | 5.9 | CVE-2024-43161 [email protected] |
AxtonYao–MDx |
The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mdx_list_item’ shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-12 | 6.4 | CVE-2024-6639 [email protected] [email protected] [email protected] |
basecamp–trix |
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a `text/html` content type. However, Trix only checks the content type on the paste event’s `dataTransfer` object. As long as the `dataTransfer` has a content type of `text/html`, Trix parses its contents and creates an `Attachment` with them, even if the attachment itself doesn’t have a `text/html` content type. Trix then uses the attachment content to set the attachment element’s `innerHTML`. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user’s session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. This vulnerability was fixed in version 2.1.4. | 2024-08-14 | 6.5 | CVE-2024-43368 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-08-12 | 6.5 | CVE-2024-4359 [email protected] [email protected] |
bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes like ‘title_tag’. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-12 | 6.4 | CVE-2024-4360 [email protected] [email protected] |
bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-13 | 6.4 | CVE-2024-7247 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
binhnguyenplus–LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing |
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via ‘init’ in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An attacker can directly modify the ‘ladipage_key’ which enables them to create new posts on the website and inject malicious web scripts. | 2024-08-17 | 5.3 | CVE-2023-4730 [email protected] [email protected] [email protected] [email protected] |
Blockspare–Blockspare |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.0. | 2024-08-12 | 6.5 | CVE-2024-43164 [email protected] |
bPlugins–StreamCast |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3. | 2024-08-12 | 5.9 | CVE-2024-43148 [email protected] |
Brainstorm Force–Spectra |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Brainstorm Force Spectra allows Stored XSS.This issue affects Spectra: from n/a through 2.14.1. | 2024-08-12 | 6.5 | CVE-2024-7590 [email protected] |
Brainstorm Force–Ultimate Addons for Beaver Builder Lite |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9. | 2024-08-12 | 6.5 | CVE-2024-43151 [email protected] |
Bricks Builder–Bricks |
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the ‘reset_settings’ function. This makes it possible for unauthenticated attackers to reset the theme’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-08-17 | 5.4 | CVE-2023-3409 [email protected] [email protected] |
Bricks Builder–Bricks |
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the ‘save_settings’ function. This makes it possible for unauthenticated attackers to modify the theme’s settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-08-17 | 4.3 | CVE-2023-3408 [email protected] [email protected] |
cilium–cilium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply, leading to policy bypass. This issue has been patched in Cilium v1.14.14 and v1.15.8 As the underlying issue depends on a race condition, users unable to upgrade can restart the Cilium agent on affected nodes until the affected policies are confirmed to be working as expected. | 2024-08-15 | 6.8 | CVE-2024-42488 [email protected] [email protected] [email protected] |
cilium–cilium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium’s GatewayAPI controller, which could lead to Gateway resources being able to access secrets for longer than intended, or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended. This issue has been patched in Cilium v1.15.8 and v1.16.1. As a workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster. | 2024-08-16 | 5.4 | CVE-2024-42486 [email protected] [email protected] [email protected] |
cilium–cilium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched. This could result in unexpected behaviour with security This issue is fixed in Cilium v1.15.8 and v1.16.1. There is no workaround for this issue. | 2024-08-15 | 4 | CVE-2024-42487 [email protected] [email protected] [email protected] |
codersaiful–Sheet to Table Live Sync for Google Sheet |
The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s STWT_Sheet_Table shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-14 | 6.4 | CVE-2024-6532 [email protected] [email protected] [email protected] [email protected] |
coffee2code–Linkify Text |
The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own and requires another vulnerability to be present for damage to an affected website. | 2024-08-12 | 5.3 | CVE-2024-7382 [email protected] [email protected] |
coffee2code–No Update Nag |
The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-08-12 | 5.3 | CVE-2024-7412 [email protected] [email protected] |
coffee2code–Obfuscate Email |
The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-08-12 | 5.3 | CVE-2024-7413 [email protected] [email protected] |
coffee2code–Reveal Template |
The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-08-12 | 5.3 | CVE-2024-7416 [email protected] [email protected] |
contrid–Newsletters |
The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-08-15 | 5.3 | CVE-2024-7411 [email protected] [email protected] [email protected] |
CORDEA–oauth |
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user’s session with the attacker’s protected resources. While `state` isn’t exactly a cryptographic value, it should be generated in a cryptographically secure way. `generateState` should be using a CSPRNG. Version 0.11 modifies the `generateState` function to generate `state` values of at least 128 bits of entropy while using a CSPRNG. | 2024-08-15 | 6.5 | CVE-2024-42475 [email protected] [email protected] |
CORDEA–oauth |
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with protected resources belonging to an attacker. When this project is compiled with certain compiler flags set, it is possible that the `state` parameter will not be checked at all, creating a CSRF vulnerability. Version 0.11 checks the `state` parameter using a regular `if` statement or `doAssert` instead of relying on a plain `assert`. `doAssert` will achieve the desired behavior even if `-d:danger` or `–assertions:off` is set. | 2024-08-15 | 6.5 | CVE-2024-42476 [email protected] [email protected] [email protected] |
CreativeMindsSolutions–CM Tooltip Glossary |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.7. | 2024-08-12 | 6.5 | CVE-2024-43149 [email protected] |
Crocoblock–JetBlocks for Elementor |
The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-16 | 6.4 | CVE-2024-7147 [email protected] [email protected] |
Crocoblock–JetElements |
The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and ‘slide_id’ parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-16 | 6.4 | CVE-2024-7144 [email protected] [email protected] |
Crocoblock–JetSearch |
The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-16 | 6.4 | CVE-2024-7136 [email protected] [email protected] |
cservit–affiliate-toolkit WordPress Affiliate Plugin |
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due display_errors being set to true . This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-08-12 | 5.3 | CVE-2024-6562 [email protected] [email protected] |
cyberfoxdigital–Christmasify! |
The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the ‘options’ function. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-08-12 | 6.1 | CVE-2024-7574 [email protected] [email protected] |
D-Link–DI-8100 |
A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 6.3 | CVE-2024-7833 [email protected] [email protected] [email protected] [email protected] |
David Maucher–Send Users Email |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1. | 2024-08-13 | 5.3 | CVE-2024-38760 [email protected] |
Dell–Dell Client Platform BIOS |
Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | 2024-08-14 | 5.8 | CVE-2024-38483 [email protected] |
Devikia–DevikaAI |
A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. | 2024-08-14 | 6.5 | CVE-2024-7790 [email protected] |
Directus–Directus |
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover. | 2024-08-15 | 4.1 | CVE-2024-6533 [email protected] [email protected] |
Directus–Directus |
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the ‘POST /presets’Â request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover. | 2024-08-15 | 4.1 | CVE-2024-6534 [email protected] [email protected] |
edgarrojas–PDF Builder for WPForms |
The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. This is due to the plugin allowing direct access to the composer-setup.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-08-12 | 5.3 | CVE-2024-7414 [email protected] [email protected] [email protected] |
elabftw–elabftw |
eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one might disallow user creation except for by system administrators, administrators and trusted services. If administrators are allowed to create new users (which is the default), the vulnerability allows any user to create new users in teams where they are members. The new users are automatically validated and administrators are not notified. This can allow a user with permanent or temporary access to a user account or API key to maintain persistence in an eLabFTW system. Additionally, it allows the user to create separate account under a different name, and produce misleading revision histories. No additional privileges are granted to the new user. Users should upgrade to version 5.0.0 to receive a patch. As a workaround, disabling both options that allow *administrators* to create users will provide a mitigation. | 2024-08-15 | 5.4 | CVE-2024-25633 [email protected] |
Ericsson–Ericsson RAN Compute Basebands (all BB variants) |
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability. | 2024-08-16 | 6.8 | CVE-2024-25008 85b1779b-6ecd-4f52-bcc5-73eac4659dcf |
esthertyler–My Custom CSS PHP & ADS |
The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. This is due the plugin not preventing direct access to the /my-custom-css/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php file and and the file displaying/generating the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-08-12 | 5.3 | CVE-2024-7410 [email protected] [email protected] |
f1logic–Insert PHP Code Snippet |
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-08-15 | 5.8 | CVE-2024-7420 [email protected] [email protected] [email protected] |
F5–BIG-IP |
When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-08-14 | 5.9 | CVE-2024-41164 [email protected] |
F5–BIG-IP |
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-08-14 | 4.3 | CVE-2024-41723 [email protected] |
F5–BIG-IP Next Central Manager |
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-08-14 | 5.3 | CVE-2024-37028 [email protected] |
F5–BIG-IP Next Central Manager |
When generating QKView of BIG-IP Next instance from the BIG-IP Next Central Manager (CM), F5 iHealth credentials will be logged in the BIG-IP Central Manager logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-08-14 | 4.2 | CVE-2024-41719 [email protected] |
F5–NGINX Open Source |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2024-08-14 | 4.7 | CVE-2024-7347 [email protected] |
Firewalla–Box Software |
Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes. | 2024-08-12 | 6.8 | CVE-2024-40893 [email protected] |
fish-shop–syntax-check |
fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the `pattern` input (specifically the command separator `;` and command substitution characters `(` and `)`) mean that arbitrary command injection is possible by modification of the input value used in a workflow. This has the potential for exposure or exfiltration of sensitive information from the workflow runner, such as might be achieved by sending environment variables to an external entity. It is recommended that users update to the patched version `v1.6.12` or the latest release version `v2.0.0`, however remediation may be possible through careful control of workflows and the `pattern` input value used by this action. | 2024-08-12 | 4.8 | CVE-2024-42482 [email protected] [email protected] [email protected] |
FIWARE–FIWARE Keyrock |
Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | 2024-08-12 | 6.3 | CVE-2024-42165 [email protected] |
FIWARE–FIWARE Keyrock |
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | 2024-08-12 | 4.3 | CVE-2024-42164 [email protected] |
Fortinet–FortiDDoS |
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root`Â via `execute` CLI commands. | 2024-08-13 | 6.6 | CVE-2022-27486 [email protected] |
Fortinet–FortiManager |
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup. | 2024-08-13 | 6.1 | CVE-2024-21757 [email protected] |
Fortinet–FortiOS |
An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system. | 2024-08-13 | 5.1 | CVE-2024-36505 [email protected] |
Fortinet–FortiSOAR |
An improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. | 2024-08-13 | 6.8 | CVE-2023-26211 [email protected] |
Fortra–GoAnywhere MFT |
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification. | 2024-08-14 | 6.5 | CVE-2024-25157 df4dee71-de3a-4139-9588-11b62fe6c0ff |
freebsd — freebsd |
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, “/”. This allows readdir(3) and related functions to return filesystem entries with names containing additional path components. The lack of validation described above gives rise to a confused deputy problem. For example, a program copying files from an NFS mount could be tricked into copying from outside the intended source directory, and/or to a location outside the intended destination directory. | 2024-08-12 | 5.3 | CVE-2024-6759 [email protected] |
Fujian–mwcms |
A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-12 | 4.7 | CVE-2024-7705 [email protected] [email protected] [email protected] [email protected] |
Fujian–mwcms |
A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-12 | 4.7 | CVE-2024-7706 [email protected] [email protected] [email protected] [email protected] |
gfazioli–WP Bannerize Pro |
The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-08-13 | 4 | CVE-2024-7388 [email protected] [email protected] |
gilacms — gila_cms |
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-12 | 5.4 | CVE-2024-7657 [email protected] [email protected] [email protected] |
gncchome — gncc_c2_firmware |
Identical Hardcoded Root Password for All Devices in GNCC’s GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices | 2024-08-15 | 6.8 | CVE-2024-31798 [email protected] [email protected] |
gncchome — gncc_c2_firmware |
Authentication Bypass in GNCC’s GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. | 2024-08-15 | 6.8 | CVE-2024-31800 [email protected] [email protected] |
gncchome — gncc_c2_firmware |
Information Disclosure in GNCC’s GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. | 2024-08-15 | 4.6 | CVE-2024-31799 [email protected] [email protected] |
gravitymaster97–Custom Field For WP Job Manager |
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the ‘cm_fieldshow’ shortcode due to missing validation on the ‘job_id’ user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata. | 2024-08-16 | 4.3 | CVE-2023-7049 [email protected] [email protected] |
HashiCorp–Nomad |
In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.16.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability. | 2024-08-15 | 5.8 | CVE-2024-7625 [email protected] |
humanityco–Cookie Notice & Compliance for GDPR / CCPA |
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cookie_notice_options[refuse_code_head]’ parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-08-16 | 4.4 | CVE-2022-3399 [email protected] [email protected] |
iberezansky–3D FlipBook PDF Flipbook Viewer, Flipbook Image Gallery |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6. | 2024-08-12 | 5.9 | CVE-2024-43152 [email protected] |
ibm — infosphere_information_server |
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279. | 2024-08-15 | 6.5 | CVE-2024-40705 [email protected] [email protected] |
ibm — infosphere_information_server |
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. | 2024-08-15 | 4.9 | CVE-2024-40704 [email protected] [email protected] |
IBM–Aspera Shares |
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574. | 2024-08-12 | 6.3 | CVE-2023-38018 [email protected] |
IBM–Common Licensing |
IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 350348. | 2024-08-13 | 5.5 | CVE-2024-41774 [email protected] [email protected] |
IBM–Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639. | 2024-08-14 | 6.5 | CVE-2024-35152 [email protected] [email protected] |
IBM–Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295. | 2024-08-14 | 6.5 | CVE-2024-37529 [email protected] [email protected] |
IBM–Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614. | 2024-08-14 | 5.3 | CVE-2024-31882 [email protected] [email protected] |
IBM–Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 291307. | 2024-08-14 | 5.3 | CVE-2024-35136 [email protected] [email protected] |
IBM–QRadar Network Packet Capture |
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858. | 2024-08-15 | 5.9 | CVE-2024-31905 [email protected] [email protected] |
IBM–QRadar Suite Software |
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430. | 2024-08-15 | 6.2 | CVE-2024-25024 [email protected] [email protected] |
IBM–QRadar Suite Software |
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. | 2024-08-14 | 5.6 | CVE-2024-28799 [email protected] [email protected] |
IBM–QRadar Suite Software |
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another user to obtain sensitive information. IBM X-Force ID: 233672. | 2024-08-13 | 4.7 | CVE-2022-38382 [email protected] [email protected] |
IBM–QRadar Suite Software |
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201. | 2024-08-16 | 4.9 | CVE-2023-47728 [email protected] [email protected] |
IBM–SDK, Java Technology Edition |
The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573. | 2024-08-14 | 5.9 | CVE-2024-27267 [email protected] [email protected] |
IBM–WebSphere Application Liberty |
IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713. | 2024-08-14 | 5.3 | CVE-2023-50314 [email protected] [email protected] |
IBM–WebSphere Application Server |
IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714. | 2024-08-14 | 5.3 | CVE-2023-50315 [email protected] [email protected] |
Igor Beni–Recipe Maker For Your Food Blog from Zip Recipes |
Missing Authorization vulnerability in Igor Benić Recipe Maker For Your Food Blog from Zip Recipes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Recipe Maker For Your Food Blog from Zip Recipes: from n/a through 8.2.6. | 2024-08-13 | 5.3 | CVE-2024-38688 [email protected] |
Iqonic Design–Graphina |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10. | 2024-08-12 | 6.5 | CVE-2024-43124 [email protected] |
itsourcecode–Vehicle Management System |
A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file mybill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-14 | 6.3 | CVE-2024-7794 [email protected] [email protected] [email protected] [email protected] |
Jeroen Sormani–WP Dashboard Notes |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11. | 2024-08-12 | 6.5 | CVE-2024-43226 [email protected] |
JetBrains–TeamCity |
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page | 2024-08-16 | 4.6 | CVE-2024-43807 [email protected] |
JetBrains–TeamCity |
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin | 2024-08-16 | 4.6 | CVE-2024-43810 [email protected] |
jfarthing84–Theme My Login |
The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_save_ms_settings() function. This makes it possible for unauthenticated attackers to update the theme’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note that this only affects multi-site instances. | 2024-08-16 | 4.3 | CVE-2024-7422 [email protected] [email protected] |
kaizencoders–Short URL |
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated attackers to add and import redirects, including comments containing cross-site scripting as detailed in CVE-2023-1602, granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-08-17 | 4.7 | CVE-2023-1604 [email protected] [email protected] |
krut1–LOGIN AND REGISTRATION ATTEMPTS LIMIT |
The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in. | 2024-08-17 | 6.5 | CVE-2022-4532 [email protected] [email protected] |
LA-Studio–LA-Studio Element Kit for Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2. | 2024-08-12 | 6.5 | CVE-2024-43210 [email protected] |
Lenovo–Printers |
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted. | 2024-08-16 | 6.5 | CVE-2024-4781 [email protected] |
Lenovo–Printers |
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer’s functionality until a manual system reboot occurs. | 2024-08-16 | 6.5 | CVE-2024-4782 [email protected] |
Lenovo–Printers |
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted. | 2024-08-16 | 6.5 | CVE-2024-5209 [email protected] |
Lenovo–Printers |
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted. | 2024-08-16 | 6.5 | CVE-2024-5210 [email protected] |
Lenovo–Printers |
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. | 2024-08-16 | 6.5 | CVE-2024-6004 [email protected] |
linux — linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 (“mm: huge_memory: don’t force huge page alignment on 32 bit”) didn’t work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/ | 2024-08-12 | 5.5 | CVE-2024-42258 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
MagePeople Team–Event Manager for WooCommerce |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a through 4.2.1. | 2024-08-13 | 6.5 | CVE-2024-43138 [email protected] |
mayurik — best_house_rental_management_system |
A Stored Cross Site Scripting (XSS) vulnerability was found in “manage_houses.php” in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via “House_no” and “Description” parameter fields. | 2024-08-12 | 5.4 | CVE-2024-40473 [email protected] [email protected] |
mayurik — best_house_rental_management_system |
A Reflected Cross Site Scripting (XSS) vulnerability was found in “edit-cate.php” in SourceCodester House Rental Management System v1.0. | 2024-08-12 | 5.4 | CVE-2024-40474 [email protected] [email protected] |
MBE Worldwide S.p.A.–MBE eShip |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2. | 2024-08-13 | 5.3 | CVE-2024-38742 [email protected] |
Mediavine–Mediavine Control Panel |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Mediavine Mediavine Control Panel allows Stored XSS.This issue affects Mediavine Control Panel: from n/a through 2.10.4. | 2024-08-12 | 6.5 | CVE-2024-43218 [email protected] |
Merkulove–Selection Lite |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Merkulove Selection Lite allows Stored XSS.This issue affects Selection Lite: from n/a through 1.11. | 2024-08-12 | 6.5 | CVE-2024-43147 [email protected] |
microsoft — .net |
.NET and Visual Studio Information Disclosure Vulnerability | 2024-08-13 | 6.5 | CVE-2024-38167 [email protected] |
microsoft — 365_apps |
Microsoft Outlook Remote Code Execution Vulnerability | 2024-08-13 | 6.7 | CVE-2024-38173 [email protected] |
microsoft — 365_apps |
Microsoft Office Spoofing Vulnerability | 2024-08-12 | 6.5 | CVE-2024-38200 [email protected] |
microsoft — teams |
Microsoft Teams for iOS Spoofing Vulnerability | 2024-08-13 | 6.5 | CVE-2024-38197 [email protected] |
microsoft — windows_10_1507 |
Windows Mark of the Web Security Feature Bypass Vulnerability | 2024-08-13 | 6.5 | CVE-2024-38213 [email protected] |
microsoft — windows_10_1507 |
Windows Initial Machine Configuration Elevation of Privilege Vulnerability | 2024-08-13 | 6.8 | CVE-2024-38223 [email protected] |
microsoft — windows_10_1507 |
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 2024-08-13 | 5.5 | CVE-2024-38118 [email protected] |
microsoft — windows_10_1507 |
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | 2024-08-13 | 5.5 | CVE-2024-38122 [email protected] |
microsoft — windows_10_1507 |
Windows Kernel Information Disclosure Vulnerability | 2024-08-13 | 5.5 | CVE-2024-38151 [email protected] |
microsoft — windows_10_1507 |
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | 2024-08-13 | 4.2 | CVE-2024-38143 [email protected] |
microsoft — windows_10_1809 |
Windows Mobile Broadband Driver Remote Code Execution Vulnerability | 2024-08-13 | 6.8 | CVE-2024-38161 [email protected] |
microsoft — windows_10_1809 |
Security Center Broker Information Disclosure Vulnerability | 2024-08-13 | 5.5 | CVE-2024-38155 [email protected] |
microsoft — windows_11_22h2 |
Windows Compressed Folder Tampering Vulnerability | 2024-08-13 | 6.5 | CVE-2024-38165 [email protected] |
microsoft — windows_11_24h2 |
Windows Bluetooth Driver Information Disclosure Vulnerability | 2024-08-13 | 4.4 | CVE-2024-38123 [email protected] |
microsoft — windows_server_2008 |
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | 2024-08-13 | 6.5 | CVE-2024-38214 [email protected] |
Microsoft–Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2024-08-12 | 6.5 | CVE-2024-38219 [email protected] |
Microsoft–Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2024-08-16 | 5.8 | CVE-2024-43472 [email protected] |
mongodb — mongodb |
“Hot” backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3 | 2024-08-13 | 5.3 | CVE-2024-6384 [email protected] |
msaari–Relevanssi A Better Search |
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to extract potentially sensitive information from password protected posts. | 2024-08-16 | 5.3 | CVE-2024-7630 [email protected] [email protected] |
n/a–3rd Generation Intel(R) Xeon(R) Scalable Processors |
Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | 2024-08-14 | 6 | CVE-2024-25939 [email protected] |
n/a–3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors |
Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.1 | CVE-2024-24980 [email protected] |
n/a–BMRA software |
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.4 | CVE-2024-21787 [email protected] |
n/a–EMON software |
Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-28953 [email protected] |
n/a–Flexlm License Daemons for Intel(R) FPGA software |
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-23908 [email protected] |
n/a–InnoCMS |
A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue affects some unknown processing of the file /panel/pages/1/edit of the component Backend. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-17 | 4.7 | CVE-2024-7899 [email protected] [email protected] [email protected] [email protected] |
n/a–installation software for Intel(R) Ethernet Adapter Driver Pack |
Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-22376 [email protected] |
n/a–Intel Unite(R) Client Extended Display Plugin software installers |
Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-22378 [email protected] |
n/a–Intel(R) Advisor software |
Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-26025 [email protected] |
n/a–Intel(R) AMT and Intel(R) Standard Manageability |
Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access. | 2024-08-14 | 6.8 | CVE-2023-38655 [email protected] |
n/a–Intel(R) Arc(TM) & Iris(R) Xe Graphics software |
Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | 2024-08-14 | 5 | CVE-2024-28050 [email protected] |
n/a–Intel(R) CIP software |
Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access. | 2024-08-14 | 5.5 | CVE-2023-43489 [email protected] |
n/a–Intel(R) Connectivity Performance Suite software installers |
Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2023-43747 [email protected] |
n/a–Intel(R) CSME |
Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 2024-08-14 | 5.7 | CVE-2023-40067 [email protected] |
n/a–Intel(R) CSME |
Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access. | 2024-08-14 | 4.4 | CVE-2023-34424 [email protected] |
n/a–Intel(R) CSME |
Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2024-08-14 | 4.3 | CVE-2024-21844 [email protected] |
n/a–Intel(R) Data Center GPU Max Series 1100 and 1550 products |
Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access. | 2024-08-14 | 6.5 | CVE-2024-24580 [email protected] |
n/a–Intel(R) Distribution for GDB software |
Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-23491 [email protected] |
n/a–Intel(R) Distribution for GDB software |
Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-23495 [email protected] |
n/a–Intel(R) Distribution for GDB software |
Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | 2024-08-14 | 5.8 | CVE-2024-25562 [email protected] |
n/a–Intel(R) Ethernet Connection I219-LM install software |
Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-21769 [email protected] |
n/a–Intel(R) Ethernet Network Controllers and Adapters E810 Series |
Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access. | 2024-08-14 | 6.5 | CVE-2024-23499 [email protected] |
n/a–Intel(R) Ethernet Network Controllers and Adapters E810 Series |
Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access. | 2024-08-14 | 6.5 | CVE-2024-24983 [email protected] |
n/a–Intel(R) Ethernet Network Controllers and Adapters E810 Series |
Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access. | 2024-08-14 | 5.5 | CVE-2024-21806 [email protected] |
n/a–Intel(R) FPGA SDK for OpenCL(TM) software technology |
Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-23909 [email protected] |
n/a–Intel(R) GPA software |
Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-28046 [email protected] |
n/a–Intel(R) HID Event Filter software installers |
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-25561 [email protected] |
n/a–Intel(R) High Level Synthesis Compiler software |
Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-23907 [email protected] |
n/a–Intel(R) IPP Cryptography software |
Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-21784 [email protected] |
n/a–Intel(R) IPP software |
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-28887 [email protected] |
n/a–Intel(R) ISH software installers |
Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-23974 [email protected] |
n/a–Intel(R) License Manager for FLEXlm product software |
Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-24977 [email protected] |
n/a–Intel(R) MAS (GUI) |
Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access. | 2024-08-14 | 5.6 | CVE-2024-27461 [email protected] |
n/a–Intel(R) MPI Library software |
Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-28876 [email protected] |
n/a–Intel(R) oneAPI Compiler software |
Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-21857 [email protected] |
n/a–Intel(R) oneAPI Math Kernel Library software |
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-21766 [email protected] |
n/a–Intel(R) Quartus(R) Prime Pro Edition Design Software |
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-22184 [email protected] |
n/a–Intel(R) Server Platforms |
Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access. | 2024-08-14 | 6.7 | CVE-2023-49144 [email protected] |
n/a–Intel(R) Server Platforms |
Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access. | 2024-08-14 | 4.3 | CVE-2023-35123 [email protected] |
n/a–Intel(R) Simics Package Manager software |
Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-26027 [email protected] |
n/a–Intel(R) TDX module software |
Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6 | CVE-2024-39283 [email protected] |
n/a–Intel(R) Trace Analyzer and Collector software |
Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-28172 [email protected] |
n/a–Intel(R) VROC software |
Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-23489 [email protected] |
n/a–Intel(R) VTune(TM) Profiler software |
Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2024-08-14 | 6.7 | CVE-2024-29015 [email protected] |
n/a–Intel(R) Xeon Processors |
Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. | 2024-08-14 | 6.5 | CVE-2024-22374 [email protected] |
n/a–n/a |
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. | 2024-08-15 | 6.1 | CVE-2024-27731 [email protected] [email protected] |
n/a–n/a |
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories. | 2024-08-12 | 6.5 | CVE-2024-41332 [email protected] [email protected] |
n/a–n/a |
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. | 2024-08-12 | 6.8 | CVE-2024-41710 [email protected] [email protected] [email protected] |
n/a–n/a |
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system. | 2024-08-13 | 6.8 | CVE-2024-41711 [email protected] |
n/a–n/a |
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | 2024-08-13 | 6.8 | CVE-2024-42740 [email protected] |
n/a–n/a |
An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. | 2024-08-16 | 6.5 | CVE-2024-42849 [email protected] [email protected] |
n/a–n/a |
Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component. | 2024-08-15 | 5 | CVE-2024-42678 [email protected] |
n/a–n/a |
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. | 2024-08-12 | 4 | CVE-2024-39338 [email protected] [email protected] |
n/a–OcoMon |
A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/require_access_recovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.1 and 5.0 is able to address this issue. It is recommended to upgrade the affected component. | 2024-08-13 | 4.3 | CVE-2024-7709 [email protected] [email protected] [email protected] [email protected] [email protected] |
nissan-global — blind_spot_detection_sensor_ecu_firmware |
* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU’s programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication. | 2024-08-15 | 6.5 | CVE-2024-6347 [email protected] |
NVIDIA–NVIDIA CV-CUDA |
NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains a vulnerability in Python APIs where a user may cause an uncontrolled resource consumption issue by a long running CV-CUDA Python process. A successful exploit of this vulnerability may lead to denial of service and data loss. | 2024-08-12 | 6.1 | CVE-2024-0115 [email protected] |
Olive Themes–Olive One Click Demo Import |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2. | 2024-08-13 | 5.3 | CVE-2024-38749 [email protected] |
open-telemetry–opentelemetry-collector-contrib |
OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension’s server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. This impacts anyone using the `bearertokenauth` server authenticator. Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured token, by iteratively sending tokens and comparing the response time. This would allow an attacker to introduce fabricated or bad data into the collector’s telemetry pipeline. The observable timing vulnerability was fixed by using constant-time comparison in 0.107.0 | 2024-08-13 | 6.5 | CVE-2024-42368 [email protected] [email protected] [email protected] |
openhab–openhab-webui |
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don’t require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data. This issue may lead to sensitive information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch. | 2024-08-12 | 6.5 | CVE-2024-42470 [email protected] [email protected] |
openhab–openhab-webui |
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch. | 2024-08-12 | 5.3 | CVE-2024-42468 [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. This vulnerability affects the function save_package of the file admin/packages/manag_package.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 6.5 | CVE-2024-7662 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument contact/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 6.1 | CVE-2024-7677 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_package. The manipulation of the argument name/description/training_duration leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 6.1 | CVE-2024-7678 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 5.3 | CVE-2024-7663 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability, which was classified as critical, has been found in SourceCodester Car Driving School Management System 1.0. Affected by this issue is some unknown functionality of the file view_package.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 5.3 | CVE-2024-7666 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability, which was classified as critical, was found in SourceCodester Car Driving School Management System 1.0. This affects the function delete_users of the file User.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 5.3 | CVE-2024-7667 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability has been found in SourceCodester Car Driving School Management System 1.0 and classified as critical. This vulnerability affects the function delete_package of the file Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 5.3 | CVE-2024-7668 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability was found in SourceCodester Car Driving School Management System 1.0 and classified as critical. This issue affects the function delete_enrollment of the file Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 5.3 | CVE-2024-7669 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability was found in Sourcecodester Car Driving School Management System 1.0. It has been classified as critical. Affected is the function save_package of the file /classes/Master.php?f=save_package. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 5.3 | CVE-2024-7676 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability classified as critical has been found in SourceCodester Car Driving School Management System 1.0. Affected is an unknown function of the file view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 4.3 | CVE-2024-7664 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — car_driving_school_management_system |
A vulnerability classified as critical was found in SourceCodester Car Driving School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_package.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 4.3 | CVE-2024-7665 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — clinics_patient_management_system |
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /update_medicine.php. The manipulation of the argument medicine_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-14 | 6.1 | CVE-2024-7752 [email protected] [email protected] [email protected] [email protected] |
oretnom23 — clinics_patient_management_system |
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file users.php of the component User Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 5.4 | CVE-2024-7645 [email protected] [email protected] [email protected] [email protected] |
Patrick Posner–Filr Secure document library |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Patrick Posner Filr – Secure document library allows Stored XSS.This issue affects Filr – Secure document library: from n/a through 1.2.4. | 2024-08-12 | 6.5 | CVE-2024-43216 [email protected] |
Pepperl+Fuchs–ICDM-RX/TCP-DB9/RJ45-DIN |
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. | 2024-08-13 | 6.1 | CVE-2024-38501 [email protected] |
phpgurukul — old_age_home_management_system |
A Reflected Cross Site Scripting (XSS) vulnerability was found in “/oahms/search.php” in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the “searchdata” parameter. | 2024-08-12 | 6.1 | CVE-2024-40484 [email protected] |
phpgurukul — old_age_home_management_system |
A Stored Cross Site Scripting (XSS) vulnerability was found in “/admin/view-enquiry.php” in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page “message” parameter. | 2024-08-12 | 5.4 | CVE-2024-40481 [email protected] |
PickPlugins–ComboBlocks |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86. | 2024-08-12 | 6.5 | CVE-2024-43155 [email protected] |
pickplugins–Gutenberg Blocks, Page Builder ComboBlocks |
The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-14 | 6.4 | CVE-2024-7588 [email protected] [email protected] |
pkp–ojs |
A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-17 | 4.3 | CVE-2024-7902 [email protected] [email protected] [email protected] |
princeahmed–Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress |
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances. | 2024-08-17 | 5.3 | CVE-2023-4024 [email protected] [email protected] [email protected] [email protected] |
princeahmed–Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress |
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances. | 2024-08-17 | 5.3 | CVE-2023-4025 [email protected] [email protected] [email protected] [email protected] |
princeahmed–Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress |
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings. | 2024-08-17 | 5.3 | CVE-2023-4027 [email protected] [email protected] [email protected] [email protected] |
projectsend — projectsend |
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function get_preview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720 is able to address this issue. The patch is named eb5a04774927e5855b9d0e5870a2aae5a3dc5a08. It is recommended to upgrade the affected component. | 2024-08-12 | 5.3 | CVE-2024-7658 [email protected] [email protected] [email protected] [email protected] [email protected] |
PTC–Kepware ThingWorx Kepware Server |
When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages. | 2024-08-16 | 5.3 | CVE-2024-6098 [email protected] [email protected] |
Pylons–webob |
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python’s urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8. | 2024-08-14 | 6.1 | CVE-2024-42353 [email protected] [email protected] |
QNAP Systems Inc.–QTS |
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | 2024-08-12 | 4.2 | CVE-2024-32765 [email protected] |
Rashid87–WPSection |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8. | 2024-08-13 | 6.5 | CVE-2024-43165 [email protected] |
Red Hat–Red Hat Enterprise Linux 6 |
A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound’s config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. | 2024-08-12 | 4.8 | CVE-2024-43168 [email protected] [email protected] [email protected] [email protected] |
Red Hat–Red Hat Satellite 6 |
A command injection flaw was found in the “Host Init Config” template in the Foreman application via the “Install Packages” field on the “Register Host” page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script. | 2024-08-12 | 6.5 | CVE-2024-7700 [email protected] [email protected] |
rems — accounts_manager_app |
A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-13 | 5.4 | CVE-2024-7749 [email protected] [email protected] [email protected] [email protected] |
rems — file_manager_app |
A vulnerability has been found in SourceCodester File Manager App 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Add File Handler. The manipulation of the argument File Title/Uploaded By leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 6.1 | CVE-2024-7660 [email protected] [email protected] [email protected] [email protected] |
rems — leads_manager_tool |
A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 5.4 | CVE-2024-7644 [email protected] [email protected] [email protected] [email protected] |
reputeinfosystems–ARMember Membership Plugin, Content Restriction, Member Levels, User Profile & User signup |
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-08-17 | 6.4 | CVE-2024-7703 [email protected] [email protected] [email protected] [email protected] |
SAP_SE–SAP BusinessObjects Business Intelligence Platform |
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | 2024-08-13 | 4.3 | CVE-2024-42375 [email protected] [email protected] |
SAP_SE–SAP Commerce |
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability | 2024-08-13 | 5.3 | CVE-2024-41733 [email protected] [email protected] |
SAP_SE–SAP Commerce Backoffice |
SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. | 2024-08-13 | 5.4 | CVE-2024-41735 [email protected] [email protected] |
SAP_SE–SAP CRM ABAP (Insights Management) |
SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. | 2024-08-13 | 5 | CVE-2024-41737 [email protected] [email protected] |
SAP_SE–SAP Document Builder |
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. | 2024-08-13 | 4.3 | CVE-2024-39591 [email protected] [email protected] |
SAP_SE–SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server |
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications. | 2024-08-13 | 6.3 | CVE-2024-33005 [email protected] [email protected] |
SAP_SE–SAP NetWeaver Application Server ABAP |
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application. | 2024-08-13 | 4.7 | CVE-2024-41732 [email protected] [email protected] |
SAP_SE–SAP NetWeaver Application Server ABAP and ABAP Platform |
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability. | 2024-08-13 | 4.3 | CVE-2024-41734 [email protected] [email protected] |
SAP_SE–SAP Permit to Work |
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. | 2024-08-13 | 4.3 | CVE-2024-41736 [email protected] [email protected] |
SAP_SE–SAP Shared Service Framework |
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application. | 2024-08-13 | 6.5 | CVE-2024-42376 [email protected] [email protected] |
SAP_SE–SAP Shared Service Framework |
SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application | 2024-08-13 | 4.3 | CVE-2024-42377 [email protected] [email protected] |
SAP_SE–SAP Student Life Cycle Management (SLcM) |
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application. | 2024-08-13 | 4.3 | CVE-2024-42373 [email protected] [email protected] |
siemens — location_intelligence |
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords. | 2024-08-13 | 5.3 | CVE-2024-41682 [email protected] |
siemens — location_intelligence |
A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force attack against legitimate user passwords. | 2024-08-13 | 5.3 | CVE-2024-41683 [email protected] |
siemens — sinec_nms |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization. | 2024-08-13 | 4.3 | CVE-2024-41941 [email protected] |
siemens — sinec_traffic_analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege’s to get access to sensitive information. | 2024-08-13 | 6.5 | CVE-2024-41905 [email protected] |
siemens — sinec_traffic_analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache. | 2024-08-13 | 6.5 | CVE-2024-41906 [email protected] |
siemens — sinec_traffic_analyzer |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack. | 2024-08-13 | 5.4 | CVE-2024-41907 [email protected] |
Siemens–LOGO! 12/24RCE |
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs. | 2024-08-13 | 4.6 | CVE-2024-39922 [email protected] |
Siemens–RUGGEDCOM RM1224 LTE(4G) EU |
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices insert sensitive information about the generation of 2FA tokens into log files. This could allow an authenticated remote attacker to forge 2FA tokens of other users. | 2024-08-13 | 6.5 | CVE-2024-41978 [email protected] |
smub–Easy Digital Downloads eCommerce Payments and Subscriptions made easy |
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-08-12 | 4.4 | CVE-2024-6691 [email protected] [email protected] |
Soliloquy Team–Slider by Soliloquy |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6. | 2024-08-12 | 5.9 | CVE-2024-35775 [email protected] |
SourceCodester–Clinics Patient Management System |
A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 6.3 | CVE-2024-7841 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Daily Expenses Monitoring App |
A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 6.3 | CVE-2024-7811 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Online Graduate Tracer System |
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/view_itprofile.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 6.3 | CVE-2024-7810 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Online Graduate Tracer System |
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/fetch_it.php. The manipulation of the argument request leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-16 | 6.3 | CVE-2024-7845 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Online Graduate Tracer System |
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 5.3 | CVE-2024-7809 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Online Graduate Tracer System |
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Graduate Tracer System 1.0. This issue affects some unknown processing of the file /tracking/admin/export_it.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 5.3 | CVE-2024-7842 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Online Graduate Tracer System |
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file /tracking/admin/exportcs.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 5.3 | CVE-2024-7843 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Prison Management System |
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 5.3 | CVE-2024-7813 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Simple Online Bidding System |
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 6.3 | CVE-2024-7800 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Simple Online Bidding System |
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 5.3 | CVE-2024-7799 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Task Progress Tracker |
A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-14 | 6.3 | CVE-2024-7792 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Yoga Class Registration System |
A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-16 | 6.3 | CVE-2024-7851 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Yoga Class Registration System |
A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/view_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-16 | 6.3 | CVE-2024-7853 [email protected] [email protected] [email protected] [email protected] |
sprecher-automation — sprecon-e_cp-2500_firmware |
Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments. | 2024-08-12 | 6.5 | CVE-2024-6758 [email protected] |
steve-community — steve |
SteVe is an open platform that implements different version of the OCPP protocol for Electric Vehicle charge points, acting as a central server for management of registered charge points. Attackers can inject arbitrary HTML and Javascript code via WebSockets leading to persistent Cross-Site Scripting in the SteVe management interface. | 2024-08-12 | 6.1 | CVE-2024-21550 [email protected] [email protected] [email protected] [email protected] |
symphony-cms — symphony_cms |
A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note. | 2024-08-13 | 5.4 | CVE-2024-41613 [email protected] |
symphony-cms — symphony_cms |
symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles. | 2024-08-13 | 4.8 | CVE-2024-41614 [email protected] |
Techeshta–Card Elements for Elementor |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Techeshta Card Elements for Elementor allows Stored XSS.This issue affects Card Elements for Elementor: from n/a through 1.2.2. | 2024-08-12 | 6.5 | CVE-2024-43123 [email protected] |
ThemeLooks–Enter Addons |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.7. | 2024-08-12 | 6.5 | CVE-2024-43225 [email protected] |
ThemeSphere–SmartMag |
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0. | 2024-08-12 | 5.3 | CVE-2024-37930 [email protected] |
Themeum–Tutor LMS |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3. | 2024-08-12 | 6.5 | CVE-2024-43231 [email protected] |
Themify–Themify Shortcodes |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1. | 2024-08-12 | 6.5 | CVE-2024-43133 [email protected] |
ThimPress–LearnPress |
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2. | 2024-08-13 | 6.5 | CVE-2024-39642 [email protected] |
Tosei–Online Store Management System |
A vulnerability was found in Tosei Online Store Management System ãƒãƒƒãƒˆåº—舗管ç†ã‚·ã‚¹ãƒ†ãƒ 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1_ftpserver.php. The manipulation of the argument adr_txt leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-17 | 6.3 | CVE-2024-7896 [email protected] [email protected] [email protected] [email protected] |
Tosei–Online Store Management System |
A vulnerability classified as critical has been found in Tosei Online Store Management System ãƒãƒƒãƒˆåº—舗管ç†ã‚·ã‚¹ãƒ†ãƒ 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-17 | 6.3 | CVE-2024-7897 [email protected] [email protected] [email protected] [email protected] |
typora — typora |
Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. | 2024-08-12 | 6.1 | CVE-2024-41481 [email protected] |
typora — typora |
Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. | 2024-08-12 | 6.1 | CVE-2024-41482 [email protected] |
Unknown–Category Posts Widget |
The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its “Category Posts” widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-08-12 | 4.8 | CVE-2024-6158 [email protected] |
Unknown–Generate Images |
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-08-13 | 4.8 | CVE-2024-6724 [email protected] |
Unknown–wp-cart-for-digital-products |
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-08-12 | 6.5 | CVE-2024-6133 [email protected] |
Unknown–wp-cart-for-digital-products |
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-08-12 | 5.4 | CVE-2024-6134 [email protected] |
Unknown–wp-cart-for-digital-products |
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | 2024-08-12 | 5.4 | CVE-2024-6136 [email protected] |
vim–vim |
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678. | 2024-08-16 | 4.5 | CVE-2024-43374 [email protected] [email protected] |
wanglongcn–ltcms |
A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-13 | 5.3 | CVE-2024-7741 [email protected] [email protected] [email protected] [email protected] |
WappPress Team–WappPress |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4. | 2024-08-12 | 5.9 | CVE-2024-43137 [email protected] |
WC Product Table–WooCommerce Product Table Lite |
Improper Control of Generation of Code (‘Code Injection’) vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1. | 2024-08-13 | 6.5 | CVE-2024-43128 [email protected] |
Weaver–e-cology |
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-12 | 5.3 | CVE-2024-7704 [email protected] [email protected] [email protected] [email protected] |
Weblizar–Coming Soon |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3. | 2024-08-13 | 5.3 | CVE-2024-38756 [email protected] |
WP Table Builder–WP Table Builder WordPress Table Plugin |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Table Builder WP Table Builder – WordPress Table Plugin allows Stored XSS.This issue affects WP Table Builder – WordPress Table Plugin: from n/a through 1.4.15. | 2024-08-12 | 6.5 | CVE-2024-43125 [email protected] |
Wp2speed–WP2Speed Faster |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1. | 2024-08-12 | 5.3 | CVE-2024-37924 [email protected] |
wp_media–BackWPup WordPress Backup & Restore Plugin |
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site. | 2024-08-17 | 6.8 | CVE-2023-5505 [email protected] [email protected] [email protected] [email protected] [email protected] |
WPDeveloper–BetterDocs |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8. | 2024-08-13 | 6.5 | CVE-2024-43129 [email protected] |
WPDeveloper–BetterDocs |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPDeveloper BetterDocs allows Stored XSS.This issue affects BetterDocs: from n/a through 3.5.8. | 2024-08-12 | 6.5 | CVE-2024-43227 [email protected] |
wpdevteam–Essential Addons for Elementor Best Elementor Templates, Widgets, Kits & WooCommerce Builders |
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘no_more_items_text’ parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-13 | 6.4 | CVE-2024-7092 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
wpfeedback–Visual Website Collaboration, Feedback & Project Management Atarim |
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin’s settings. | 2024-08-12 | 5.4 | CVE-2024-7621 [email protected] [email protected] [email protected] |
wpmet–ElementsKit Pro |
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-15 | 6.4 | CVE-2024-7064 [email protected] [email protected] |
wpmet–ElementsKit Pro |
The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the ‘render_raw’ function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts. | 2024-08-15 | 4.3 | CVE-2024-7063 [email protected] [email protected] |
wpopal–Opal Membership |
The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-08-12 | 6.1 | CVE-2024-7649 [email protected] [email protected] |
wpopal–Opal Membership |
The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access and above, to view private notes via recent comments that should be restricted to just administrators. | 2024-08-12 | 4.3 | CVE-2024-7648 [email protected] [email protected] [email protected] |
Xpro–Xpro Elementor Addons |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.4.2. | 2024-08-12 | 6.5 | CVE-2024-43150 [email protected] |
Xyzscripts–Insert PHP Code Snippet |
Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts Insert PHP Code Snippet.This issue affects Insert PHP Code Snippet: from n/a through 1.3.6. | 2024-08-15 | 5.4 | CVE-2024-43275 [email protected] |
yogeshojha–rengine |
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain’s DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine’s dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3. | 2024-08-16 | 5 | CVE-2024-43381 [email protected] [email protected] |
Yuri Baranov–YaMaps for WordPress |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27. | 2024-08-12 | 6.5 | CVE-2024-43224 [email protected] |
yzane–vscode-markdown-pdf |
A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-13 | 4.3 | CVE-2024-7739 [email protected] [email protected] [email protected] [email protected] [email protected] |
Zabbix–Zabbix |
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. | 2024-08-12 | 6.1 | CVE-2024-22121 [email protected] |
Zabbix–Zabbix |
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard. | 2024-08-12 | 4.3 | CVE-2024-22114 [email protected] |
zimbra — collaboration |
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim’s session, potentially leading to execution of arbitrary JavaScript code. | 2024-08-12 | 6.1 | CVE-2024-27443 [email protected] [email protected] |
zimbra — collaboration |
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user’s browser session. By uploading a malicious JavaScript file and crafting a URL containing its location in the packages parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed. | 2024-08-12 | 5.4 | CVE-2024-33533 [email protected] [email protected] |
zimbra — collaboration |
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user’s browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed. | 2024-08-12 | 5.4 | CVE-2024-33536 [email protected] [email protected] |
Zoho Campaigns–Zoho Campaigns |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8. | 2024-08-13 | 6.5 | CVE-2024-38752 [email protected] |
ZoneMinder–zoneminder |
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61. | 2024-08-12 | 6.1 | CVE-2024-43358 [email protected] [email protected] [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access. | 2024-08-14 | 6.5 | CVE-2024-39822 [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | 2024-08-14 | 6.5 | CVE-2024-42436 [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | 2024-08-14 | 6.5 | CVE-2024-42437 [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. | 2024-08-14 | 6.5 | CVE-2024-42438 [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | 2024-08-14 | 4.9 | CVE-2024-39823 [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | 2024-08-14 | 4.9 | CVE-2024-39824 [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | 2024-08-14 | 4.9 | CVE-2024-42434 [email protected] |
Zoom Communications Inc.–Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | 2024-08-14 | 4.9 | CVE-2024-42435 [email protected] |
Zoom Communications Inc.–Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS |
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access. | 2024-08-14 | 6.5 | CVE-2024-42439 [email protected] |
Zoom Communications Inc.–Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS |
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | 2024-08-14 | 6.2 | CVE-2024-42440 [email protected] |
Zoom Communications Inc.–Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS |
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | 2024-08-14 | 6.2 | CVE-2024-42441 [email protected] |
zvijerka–Admission AppManager |
The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘q’ parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-08-17 | 6.1 | CVE-2023-4507 [email protected] [email protected] |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
AMD–AMD EPYC 7001 Series Processors |
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity. | 2024-08-13 | 3.9 | CVE-2021-26387 [email protected] [email protected] |
AMD–AMD EPYC 7002 Series Processors |
Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service. | 2024-08-13 | 3.9 | CVE-2021-46772 [email protected] [email protected] [email protected] |
AMD–AMD EPYC 9004 Series Processors |
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. | 2024-08-13 | 1.9 | CVE-2023-20518 [email protected] [email protected] |
AMD–AMD Radeon RX 6000 Series Graphics Cards |
An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service. | 2024-08-13 | 3.3 | CVE-2023-20513 [email protected] |
AMD–AMD Radeon RX 6000 Series Graphics Cards |
Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF)   to modify the PCIe® lane count and speed, potentially leading to a loss of availability. | 2024-08-13 | 2.3 | CVE-2023-31304 [email protected] |
AMD–AMD Radeon RX 6000 Series Graphics Cards |
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. | 2024-08-13 | 2.3 | CVE-2023-31307 [email protected] |
AMD–AMD Radeon RX 6000 Series Graphics Cards |
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage. | 2024-08-13 | 1.9 | CVE-2023-20512 [email protected] |
AMD–AMD Radeon RX 6000 Series Graphics Cards |
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure. | 2024-08-13 | 1.9 | CVE-2023-31305 [email protected] |
AMD–Prof Tool |
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. | 2024-08-13 | 3.3 | CVE-2023-31366 [email protected] |
CodeAstro–Online Railway Reservation System |
A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 2.4 | CVE-2024-7814 [email protected] [email protected] [email protected] |
CodeAstro–Online Railway Reservation System |
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 2.4 | CVE-2024-7815 [email protected] [email protected] [email protected] [email protected] |
Fortinet–FortiPAM |
An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials. | 2024-08-13 | 3.7 | CVE-2022-45862 [email protected] |
JetBrains–TeamCity |
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin | 2024-08-16 | 3.7 | CVE-2024-43808 [email protected] |
JetBrains–TeamCity |
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page | 2024-08-16 | 3.5 | CVE-2024-43809 [email protected] |
N-able–Ecosystem Agent |
Ecosystem Agent version 4 < 4.5.1.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position. | 2024-08-12 | 3.8 | CVE-2024-5445 a5532a13-c4dd-4202-bef1-e0b8f2f8d12b a5532a13-c4dd-4202-bef1-e0b8f2f8d12b a5532a13-c4dd-4202-bef1-e0b8f2f8d12b |
n/a–FastCMS |
A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-13 | 3.5 | CVE-2024-7733 [email protected] [email protected] [email protected] |
n/a–Intel(R) CSME |
Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access. | 2024-08-14 | 2.3 | CVE-2023-48361 [email protected] |
n/a–Intel(R) Distribution for GDB software |
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access. | 2024-08-14 | 2.2 | CVE-2024-24973 [email protected] |
n/a–LimeSurvey |
A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-17 | 2.7 | CVE-2024-7887 [email protected] [email protected] [email protected] [email protected] |
n/a–Scada-LTS |
A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-17 | 3.5 | CVE-2024-7901 [email protected] [email protected] [email protected] |
Red Hat–Red Hat Enterprise Linux 6 |
A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. | 2024-08-12 | 2.8 | CVE-2024-43167 [email protected] [email protected] [email protected] [email protected] |
SAP_SE–SAP BusinessObjects Business Intelligence Platform |
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | 2024-08-13 | 3.7 | CVE-2024-28166 [email protected] [email protected] |
SAP_SE–SAP BusinessObjects Business Intelligence Platform |
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | 2024-08-13 | 3.1 | CVE-2024-41731 [email protected] [email protected] |
siemens — sinec_nms |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on. | 2024-08-13 | 3.8 | CVE-2024-41938 [email protected] |
smub–Easy Digital Downloads eCommerce Payments and Subscriptions made easy |
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-08-12 | 3.3 | CVE-2024-6692 [email protected] [email protected] |
SourceCodester–Best House Rental Management System |
A vulnerability classified as problematic was found in SourceCodester Best House Rental Management System 1.0. This vulnerability affects unknown code of the file /rental_0/rental/ajax.php?action=save_tenant of the component POST Parameter Handler. The manipulation of the argument lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 3.5 | CVE-2024-7812 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Kortex Lite Advocate Office Management System |
A vulnerability classified as problematic has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected is an unknown function of the file addcase_stage.php. The manipulation of the argument cname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 3.5 | CVE-2024-7683 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Kortex Lite Advocate Office Management System |
A vulnerability classified as problematic was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add_act.php. The manipulation of the argument aname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 3.5 | CVE-2024-7684 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Kortex Lite Advocate Office Management System |
A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/email/mobile/address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 3.5 | CVE-2024-7685 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Kortex Lite Advocate Office Management System |
A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file register_case.php. The manipulation of the argument title/description/opposite_lawyer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-08-12 | 3.5 | CVE-2024-7686 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Online Graduate Tracer System |
A vulnerability has been found in SourceCodester Online Graduate Tracer System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/admin/add_acc.php. The manipulation of the argument name/user/position leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-15 | 3.5 | CVE-2024-7844 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Task Progress Tracker |
A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-08-14 | 3.5 | CVE-2024-7793 [email protected] [email protected] [email protected] [email protected] |
SourceCodester–Yoga Class Registration System |
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-08-16 | 3.5 | CVE-2024-7852 [email protected] [email protected] [email protected] [email protected] |
xiaohe4966–TpMeCMS |
A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact address/copyright/technical support leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-08-17 | 2.4 | CVE-2024-7900 [email protected] [email protected] [email protected] [email protected] [email protected] |
yzane–vscode-markdown-pdf |
A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2024-08-13 | 3.3 | CVE-2024-7738 [email protected] [email protected] [email protected] [email protected] [email protected] |
Zabbix–Zabbix |
Zabbix allows to configure SMS notifications. AT command injection occurs on “Zabbix Server” because there is no validation of “Number” field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. | 2024-08-12 | 3 | CVE-2024-22122 [email protected] |
Zabbix–Zabbix |
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. | 2024-08-12 | 2.7 | CVE-2024-22123 [email protected] |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
Apache Software Foundation–Apache Answer |
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue. | 2024-08-12 | not yet calculated | CVE-2024-41888 [email protected] |
Apache Software Foundation–Apache Answer |
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link’s validity period, this could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue. | 2024-08-12 | not yet calculated | CVE-2024-41890 [email protected] |
Apache Software Foundation–Apache DolphinScheduler |
File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue. | 2024-08-12 | not yet calculated | CVE-2024-30188 [email protected] |
Apache Software Foundation–Apache MINA SSHD |
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected. | 2024-08-12 | not yet calculated | CVE-2024-41909 [email protected] [email protected] |
AVEVA–Historian Web Server |
AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL. | 2024-08-15 | not yet calculated | CVE-2024-6456 [email protected] |
AVEVA–SuiteLink Server |
If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack. | 2024-08-13 | not yet calculated | CVE-2024-7113 [email protected] |
B&R Industrial Automation–Automation Runtime |
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication. | 2024-08-12 | not yet calculated | CVE-2024-5800 [email protected] |
B&R Industrial Automation–Automation Runtime |
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering. | 2024-08-12 | not yet calculated | CVE-2024-5801 [email protected] |
Celsius Benelux–ComfortKey |
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2. | 2024-08-14 | not yet calculated | CVE-2024-27120 [email protected] [email protected] |
Concrete CMS–Concrete CMS |
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.0 with a vector of AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator  and a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N  Thanks, m3dium for reporting. | 2024-08-12 | not yet calculated | CVE-2024-4350 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
Concrete CMS–Concrete CMS |
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 1.8 with vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA: N. Versions below 9 are not affected.  Thanks, m3dium for reporting. | 2024-08-12 | not yet calculated | CVE-2024-7512 ff5b8ace-8b95-4078-9743-eac1ca5451de ff5b8ace-8b95-4078-9743-eac1ca5451de |
Elastic–Elastic Agent |
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs. | 2024-08-12 | not yet calculated | CVE-2024-37283 [email protected] |
Enphase–Envoy |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225. | 2024-08-12 | not yet calculated | CVE-2024-21877 [email protected] [email protected] [email protected] |
Enphase–Envoy |
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched. | 2024-08-12 | not yet calculated | CVE-2024-21878 [email protected] [email protected] [email protected] |
Enphase–Envoy |
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | 2024-08-12 | not yet calculated | CVE-2024-21879 [email protected] [email protected] [email protected] |
Enphase–Envoy |
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x | 2024-08-12 | not yet calculated | CVE-2024-21880 [email protected] [email protected] [email protected] |
Enphase–Envoy |
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x | 2024-08-12 | not yet calculated | CVE-2024-21881 [email protected] [email protected] [email protected] |
Enphase–IQ Gateway |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | 2024-08-12 | not yet calculated | CVE-2024-21876 [email protected] [email protected] [email protected] |
FreeBSD–FreeBSD |
In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated. ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table. | 2024-08-12 | not yet calculated | CVE-2024-6640 [email protected] |
Google–Android |
In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | not yet calculated | CVE-2024-34727 [email protected] [email protected] |
Google–Android |
In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | not yet calculated | CVE-2024-34736 [email protected] [email protected] |
Google–Android |
In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | not yet calculated | CVE-2024-34742 [email protected] [email protected] |
Google–Android |
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-08-15 | not yet calculated | CVE-2024-34743 [email protected] [email protected] |
GST Electronics–inohom Nova Panel N7 |
Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass.This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported. | 2024-08-12 | not yet calculated | CVE-2024-6684 [email protected] |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SK_CTX(sk)->label is updated in apparmor_socket_post_create(), but the packet is delivered to the socket before that, causing the null pointer dereference. Drop the packet if label context is not set. BUG: kernel NULL pointer dereference, address: 000000000000004c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 407 Comm: a.out Not tainted 6.4.12-arch1-1 #1 3e6fa2753a2d75925c34ecb78e22e85a65d083df Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/28/2020 RIP: 0010:aa_label_next_confined+0xb/0x40 Code: 00 00 48 89 ef e8 d5 25 0c 00 e9 66 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 89 f0 <8b> 77 4c 39 c6 7e 1f 48 63 d0 48 8d 14 d7 eb 0b 83 c0 01 48 83 c2 RSP: 0018:ffffa92940003b08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e RDX: ffffa92940003be8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8b57471e7800 R08: ffff8b574c642400 R09: 0000000000000002 R10: ffffffffbd820eeb R11: ffffffffbeb7ff00 R12: ffff8b574c642400 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 FS: 00007fb092ea7640(0000) GS:ffff8b577bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000004c CR3: 00000001020f2005 CR4: 00000000007706f0 PKRU: 55555554 Call Trace: <IRQ> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? aa_label_next_confined+0xb/0x40 apparmor_secmark_check+0xec/0x330 security_sock_rcv_skb+0x35/0x50 sk_filter_trim_cap+0x47/0x250 sock_queue_rcv_skb_reason+0x20/0x60 raw_rcv+0x13c/0x210 raw_local_deliver+0x1f3/0x250 ip_protocol_deliver_rcu+0x4f/0x2f0 ip_local_deliver_finish+0x76/0xa0 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x119/0x170 ? __netdev_alloc_skb+0x3d/0x140 vmxnet3_rq_rx_complete+0xb23/0x1010 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3 56a84f9c97178c57a43a24ec073b45a9d6f01f3a] __napi_poll+0x28/0x1b0 net_rx_action+0x2a4/0x380 __do_softirq+0xd1/0x2c8 __irq_exit_rcu+0xbb/0xf0 common_interrupt+0x86/0xa0 </IRQ> <TASK> asm_common_interrupt+0x26/0x40 RIP: 0010:apparmor_socket_post_create+0xb/0x200 Code: 08 48 85 ff 75 a1 eb b1 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 <55> 48 89 fd 53 45 85 c0 0f 84 b2 00 00 00 48 8b 1d 80 56 3f 02 48 RSP: 0018:ffffa92940ce7e50 EFLAGS: 00000286 RAX: ffffffffbc756440 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 0000000000000003 RSI: 0000000000000002 RDI: ffff8b574eaab740 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: ffff8b57444cec70 R11: 0000000000000000 R12: 0000000000000003 R13: 0000000000000002 R14: ffff8b574eaab740 R15: ffffffffbd8e4748 ? __pfx_apparmor_socket_post_create+0x10/0x10 security_socket_post_create+0x4b/0x80 __sock_create+0x176/0x1f0 __sys_socket+0x89/0x100 __x64_sys_socket+0x17/0x20 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc | 2024-08-17 | not yet calculated | CVE-2023-52889 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritten in a clearer and more understandable form. [Joonas: Add Requires: tag] Requires: 60a2066c5005 (“drm/i915/gem: Adjust vma offset for framebuffer mmap offset”) (cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417) | 2024-08-14 | not yet calculated | CVE-2024-42259 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. (cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213) | 2024-08-17 | not yet calculated | CVE-2024-42260 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. (cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3) | 2024-08-17 | not yet calculated | CVE-2024-42261 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the performance extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. (cherry picked from commit 484de39fa5f5b7bd0c5f2e2c5265167250ef7501) | 2024-08-17 | not yet calculated | CVE-2024-42262 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the timestamp extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. (cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e) | 2024-08-17 | not yet calculated | CVE-2024-42263 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into. (cherry picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb) | 2024-08-17 | not yet calculated | CVE-2024-42264 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That’s wrong for the same reasons why it’s wrong in close_fd()/file_close_fd_locked(); the same solution applies – array_index_nospec(fd, fdt->max_fds) could differ from fd only in case of speculative execution on mispredicted path. | 2024-08-17 | not yet calculated | CVE-2024-42265 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: make cow_file_range_inline() honor locked_page on error The btrfs buffered write path runs through __extent_writepage() which has some tricky return value handling for writepage_delalloc(). Specifically, when that returns 1, we exit, but for other return values we continue and end up calling btrfs_folio_end_all_writers(). If the folio has been unlocked (note that we check the PageLocked bit at the start of __extent_writepage()), this results in an assert panic like this one from syzbot: BTRFS: error (device loop0 state EAL) in free_log_tree:3267: errno=-5 IO failure BTRFS warning (device loop0 state EAL): Skipping commit of aborted transaction. BTRFS: error (device loop0 state EAL) in cleanup_transaction:2018: errno=-5 IO failure assertion failed: folio_test_locked(folio), in fs/btrfs/subpage.c:871 ————[ cut here ]———— kernel BUG at fs/btrfs/subpage.c:871! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 5090 Comm: syz-executor225 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 RIP: 0010:btrfs_folio_end_all_writers+0x55b/0x610 fs/btrfs/subpage.c:871 Code: e9 d3 fb ff ff e8 25 22 c2 fd 48 c7 c7 c0 3c 0e 8c 48 c7 c6 80 3d 0e 8c 48 c7 c2 60 3c 0e 8c b9 67 03 00 00 e8 66 47 ad 07 90 <0f> 0b e8 6e 45 b0 07 4c 89 ff be 08 00 00 00 e8 21 12 25 fe 4c 89 RSP: 0018:ffffc900033d72e0 EFLAGS: 00010246 RAX: 0000000000000045 RBX: 00fff0000000402c RCX: 663b7a08c50a0a00 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffffc900033d73b0 R08: ffffffff8176b98c R09: 1ffff9200067adfc R10: dffffc0000000000 R11: fffff5200067adfd R12: 0000000000000001 R13: dffffc0000000000 R14: 0000000000000000 R15: ffffea0001cbee80 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5f076012f8 CR3: 000000000e134000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __extent_writepage fs/btrfs/extent_io.c:1597 [inline] extent_write_cache_pages fs/btrfs/extent_io.c:2251 [inline] btrfs_writepages+0x14d7/0x2760 fs/btrfs/extent_io.c:2373 do_writepages+0x359/0x870 mm/page-writeback.c:2656 filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:397 __filemap_fdatawrite_range mm/filemap.c:430 [inline] __filemap_fdatawrite mm/filemap.c:436 [inline] filemap_flush+0xdf/0x130 mm/filemap.c:463 btrfs_release_file+0x117/0x130 fs/btrfs/file.c:1547 __fput+0x24a/0x8a0 fs/file_table.c:422 task_work_run+0x24f/0x310 kernel/task_work.c:222 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0xa2f/0x27f0 kernel/exit.c:877 do_group_exit+0x207/0x2c0 kernel/exit.c:1026 __do_sys_exit_group kernel/exit.c:1037 [inline] __se_sys_exit_group kernel/exit.c:1035 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f075b70c9 Code: Unable to access opcode bytes at 0x7f5f075b709f. I was hitting the same issue by doing hundreds of accelerated runs of generic/475, which also hits IO errors by design. I instrumented that reproducer with bpftrace and found that the undesirable folio_unlock was coming from the following callstack: folio_unlock+5 __process_pages_contig+475 cow_file_range_inline.constprop.0+230 cow_file_range+803 btrfs_run_delalloc_range+566 writepage_delalloc+332 __extent_writepage # inlined in my stacktrace, but I added it here extent_write_cache_pages+622 Looking at the bisected-to pa —truncated— | 2024-08-17 | not yet calculated | CVE-2024-42266 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctly kill the process and we don’t BUG() the kernel. | 2024-08-17 | not yet calculated | CVE-2024-42267 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlink_remote_reload_actions_performed() which results in triggering lock assert like the following: WARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 ¦ CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ #116 Hardware name: Supermicro SYS-2028TP-DECTR/X10DRT-PT, BIOS 2.0 12/18/2015 Workqueue: mlx5_fw_reset_events mlx5_sync_reset_reload_work [mlx5_core] RIP: 0010:devl_assert_locked+0x3e/0x50 ¦ Call Trace: <TASK> ? __warn+0xa4/0x210 ? devl_assert_locked+0x3e/0x50 ? report_bug+0x160/0x280 ? handle_bug+0x3f/0x80 ? exc_invalid_op+0x17/0x40 ? asm_exc_invalid_op+0x1a/0x20 ? devl_assert_locked+0x3e/0x50 devlink_notify+0x88/0x2b0 ? mlx5_attach_device+0x20c/0x230 [mlx5_core] ? __pfx_devlink_notify+0x10/0x10 ? process_one_work+0x4b6/0xbb0 process_one_work+0x4b6/0xbb0 | 2024-08-17 | not yet calculated | CVE-2024-42268 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). ip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id], but the function is exposed to user space before the entry is allocated via register_pernet_subsys(). Let’s call register_pernet_subsys() before xt_register_template(). | 2024-08-17 | not yet calculated | CVE-2024-42269 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. [0] The problem is that iptable_nat_table_init() is exposed to user space before the kernel fully initialises netns. In the small race window, a user could call iptable_nat_table_init() that accesses net_generic(net, iptable_nat_net_id), which is available only after registering iptable_nat_net_ops. Let’s call register_pernet_subsys() before xt_register_template(). [0]: bpfilter: Loaded bpfilter_umh pid 11702 Started bpfilter BUG: kernel NULL pointer dereference, address: 0000000000000013 PF: supervisor write access in kernel mode PF: error_code(0x0002) – not-present page PGD 0 P4D 0 PREEMPT SMP NOPTI CPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x86_64 #1 Hardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017 RIP: 0010:iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat Code: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c RSP: 0018:ffffbef902843cd0 EFLAGS: 00010246 RAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80 RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0 RBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240 R10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000 R13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004 FS: 00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? xt_find_table_lock (net/netfilter/x_tables.c:1259) ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420) ? page_fault_oops (arch/x86/mm/fault.c:727) ? exc_page_fault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:570) ? iptable_nat_table_init (net/ipv4/netfilter/iptable_nat.c:87 net/ipv4/netfilter/iptable_nat.c:121) iptable_nat xt_find_table_lock (net/netfilter/x_tables.c:1259) xt_request_find_table_lock (net/netfilter/x_tables.c:1287) get_info (net/ipv4/netfilter/ip_tables.c:965) ? security_capable (security/security.c:809 (discriminator 13)) ? ns_capable (kernel/capability.c:376 kernel/capability.c:397) ? do_ipt_get_ctl (net/ipv4/netfilter/ip_tables.c:1656) ? bpfilter_send_req (net/bpfilter/bpfilter_kern.c:52) bpfilter nf_getsockopt (net/netfilter/nf_sockopt.c:116) ip_getsockopt (net/ipv4/ip_sockglue.c:1827) __sys_getsockopt (net/socket.c:2327) __x64_sys_getsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121) RIP: 0033:0x7f62844685ee Code: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09 RSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0 R10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2 R13: 00007f6284 —truncated— | 2024-08-17 | not yet calculated | CVE-2024-42270 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path (or it is already removed / never existed). This needs to be done with atomic compare and swap, otherwise there is a small window where iucv_sock_close() will try to work with a path that has already been severed and freed by iucv_callback_connrej() called by iucv_tasklet_fn(). Example: [452744.123844] Call Trace: [452744.123845] ([<0000001e87f03880>] 0x1e87f03880) [452744.123966] [<00000000d593001e>] iucv_path_sever+0x96/0x138 [452744.124330] [<000003ff801ddbca>] iucv_sever_path+0xc2/0xd0 [af_iucv] [452744.124336] [<000003ff801e01b6>] iucv_sock_close+0xa6/0x310 [af_iucv] [452744.124341] [<000003ff801e08cc>] iucv_sock_release+0x3c/0xd0 [af_iucv] [452744.124345] [<00000000d574794e>] __sock_release+0x5e/0xe8 [452744.124815] [<00000000d5747a0c>] sock_close+0x34/0x48 [452744.124820] [<00000000d5421642>] __fput+0xba/0x268 [452744.124826] [<00000000d51b382c>] task_work_run+0xbc/0xf0 [452744.124832] [<00000000d5145710>] do_notify_resume+0x88/0x90 [452744.124841] [<00000000d5978096>] system_call+0xe2/0x2c8 [452744.125319] Last Breaking-Event-Address: [452744.125321] [<00000000d5930018>] iucv_path_sever+0x90/0x138 [452744.125324] [452744.125325] Kernel panic – not syncing: Fatal exception in interrupt Note that bh_lock_sock() is not serializing the tasklet context against process context, because the check for sock_owned_by_user() and corresponding handling is missing. Ideas for a future clean-up patch: A) Correct usage of bh_lock_sock() in tasklet context, as described in Re-enqueue, if needed. This may require adding return values to the tasklet functions and thus changes to all users of iucv. B) Change iucv tasklet into worker and use only lock_sock() in af_iucv. | 2024-08-17 | not yet calculated | CVE-2024-42271 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sched: act_ct: take care of padding in struct zones_ht_key Blamed commit increased lookup key size from 2 bytes to 16 bytes, because zones_ht_key got a struct net pointer. Make sure rhashtable_lookup() is not using the padding bytes which are not initialized. BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline] BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline] BUG: KMSAN: uninit-value in rhashtable_lookup include/linux/rhashtable.h:646 [inline] BUG: KMSAN: uninit-value in rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] BUG: KMSAN: uninit-value in tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329 rht_ptr_rcu include/linux/rhashtable.h:376 [inline] __rhashtable_lookup include/linux/rhashtable.h:607 [inline] rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] tcf_ct_flow_table_get+0x611/0x2260 net/sched/act_ct.c:329 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408 tcf_action_init_1+0x6cc/0xb30 net/sched/act_api.c:1425 tcf_action_init+0x458/0xf00 net/sched/act_api.c:1488 tcf_action_add net/sched/act_api.c:2061 [inline] tc_ctl_action+0x4be/0x19d0 net/sched/act_api.c:2118 rtnetlink_rcv_msg+0x12fc/0x1410 net/core/rtnetlink.c:6647 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2550 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6665 netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1357 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_sendmsg+0x877/0xb60 net/socket.c:2597 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2651 __sys_sendmsg net/socket.c:2680 [inline] __do_sys_sendmsg net/socket.c:2689 [inline] __se_sys_sendmsg net/socket.c:2687 [inline] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2687 x64_sys_call+0x2dd6/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable key created at: tcf_ct_flow_table_get+0x4a/0x2260 net/sched/act_ct.c:324 tcf_ct_init+0xa67/0x2890 net/sched/act_ct.c:1408 | 2024-08-17 | not yet calculated | CVE-2024-42272 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid mkdir /mnt/test/comp f2fs_io setflags compression /mnt/test/comp dd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1 truncate –size 13 /mnt/test/comp/testfile In the above scenario, we can get a BUG_ON. kernel BUG at fs/f2fs/segment.c:3589! Call Trace: do_write_page+0x78/0x390 [f2fs] f2fs_outplace_write_data+0x62/0xb0 [f2fs] f2fs_do_write_data_page+0x275/0x740 [f2fs] f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs] f2fs_write_multi_pages+0x1e5/0xae0 [f2fs] f2fs_write_cache_pages+0xab1/0xc60 [f2fs] f2fs_write_data_pages+0x2d8/0x330 [f2fs] do_writepages+0xcf/0x270 __writeback_single_inode+0x44/0x350 writeback_sb_inodes+0x242/0x530 __writeback_inodes_wb+0x54/0xf0 wb_writeback+0x192/0x310 wb_workfn+0x30d/0x400 The reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the page was set the gcing flag by set_cluster_dirty(). | 2024-08-17 | not yet calculated | CVE-2024-42273 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: Revert “ALSA: firewire-lib: operate for period elapse event in process context” Commit 7ba5ca32fe6e (“ALSA: firewire-lib: operate for period elapse event in process context”) removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing an AB/BA deadlock competition for the substream lock with eventual system freeze under ALSA operation: thread 0: * (lock A) acquire substream lock by snd_pcm_stream_lock_irq() in snd_pcm_status64() * (lock B) wait for tasklet to finish by calling tasklet_unlock_spin_wait() in tasklet_disable_in_atomic() in ohci_flush_iso_completions() of ohci.c thread 1: * (lock B) enter tasklet * (lock A) attempt to acquire substream lock, waiting for it to be released: snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed() in update_pcm_pointers() in process_ctx_payloads() in process_rx_packets() of amdtp-stream.c ? tasklet_unlock_spin_wait </NMI> <TASK> ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? native_queued_spin_lock_slowpath </NMI> <IRQ> _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restore the process context work queue to prevent deadlock AB/BA deadlock competition for ALSA substream lock of snd_pcm_stream_lock_irq() in snd_pcm_status64() and snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed(). revert commit 7ba5ca32fe6e (“ALSA: firewire-lib: operate for period elapse event in process context”) Replace inline description to prevent future deadlock. | 2024-08-17 | not yet calculated | CVE-2024-42274 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix error code in drm_client_buffer_vmap_local() This function accidentally returns zero/success on the failure path. It leads to locking issues and an uninitialized *map_copy in the caller. | 2024-08-17 | not yet calculated | CVE-2024-42275 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvme_map_data() is called when request has physical segments, hence the nvme_unmap_data() should have same condition to avoid dereference. | 2024-08-17 | not yet calculated | CVE-2024-42276 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en() dom->sdev is equal to NULL, which leads to null dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. | 2024-08-17 | not yet calculated | CVE-2024-42277 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ASoC: TAS2781: Fix tasdev_load_calibrated_data() This function has a reversed if statement so it’s either a no-op or it leads to a NULL dereference. | 2024-08-17 | not yet calculated | CVE-2024-42278 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rx_len == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the previous transfer out of the RX FIFO into the start RX buffer. The core provides a register that will empty the RX and TX FIFOs, so do that before each transfer. | 2024-08-17 | not yet calculated | CVE-2024-42279 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix a use after free in hfcmulti_tx() Don’t dereference *sp after calling dev_kfree_skb(*sp). | 2024-08-17 | not yet calculated | CVE-2024-42280 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. | 2024-08-17 | not yet calculated | CVE-2024-42281 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling Move the freeing of the dummy net_device from mtk_free_dev() to mtk_remove(). Previously, if alloc_netdev_dummy() failed in mtk_probe(), eth->dummy_dev would be NULL. The error path would then call mtk_free_dev(), which in turn called free_netdev() assuming dummy_dev was allocated (but it was not), potentially causing a NULL pointer dereference. By moving free_netdev() to mtk_remove(), we ensure it’s only called when mtk_probe() has succeeded and dummy_dev is fully allocated. This addresses a potential NULL pointer dereference detected by Smatch[1]. | 2024-08-17 | not yet calculated | CVE-2024-42282 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be observed e.g. with strace (edited for clarity): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace -e recvmsg ip nexthop get id 101 … recvmsg(… [{nla_len=12, nla_type=NHA_GROUP}, [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] …) = 52 The fields are reserved and therefore not currently used. But as they are, they leak kernel memory, and the fact they are not just zero complicates repurposing of the fields for new ends. Initialize the full structure. | 2024-08-17 | not yet calculated | CVE-2024-42283 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. | 2024-08-17 | not yet calculated | CVE-2024-42284 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished. | 2024-08-17 | not yet calculated | CVE-2024-42285 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000 RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000 RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030 R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4 R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8 FS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0 Call Trace: qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx] ? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx] qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx] qla_register_fcport_fn+0x54/0xc0 [qla2xxx] Exit the qla_nvme_register_remote() function when qla_nvme_register_hba() fails and correctly validate nvme_local_port. | 2024-08-17 | not yet calculated | CVE-2024-42286 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT_RT SMP NOPTI RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0 RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034 R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000 FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x16f/0x4a0 ? do_user_addr_fault+0x174/0x7f0 ? exc_page_fault+0x69/0x1a0 ? asm_exc_page_fault+0x22/0x30 ? dma_direct_unmap_sg+0x51/0x1e0 ? preempt_count_sub+0x96/0xe0 qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx] qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx] __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx] The command completion was done early while aborting the commands in driver unload path but outside lock to avoid the WARN_ON condition of performing dma_free_attr within the lock. However this caused race condition while command completion via multiple paths causing system crash. Hence complete the command early in unload path but within the lock to avoid race condition. | 2024-08-17 | not yet calculated | CVE-2024-42287 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB | 2024-08-17 | not yet calculated | CVE-2024-42288 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) – not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI Workqueue: qla2xxx_wq qla_do_work [qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8 R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0 Call Trace: <TASK> qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830 ? newidle_balance+0x2f0/0x430 ? dequeue_entity+0x100/0x3c0 ? qla24xx_process_response_queue+0x6a1/0x19e0 ? __schedule+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? process_one_work+0x267/0x440 ? process_one_work+0x440/0x440 ? worker_thread+0x2d/0x3d0 ? process_one_work+0x440/0x440 ? kthread+0x156/0x180 ? set_kthread_struct+0x50/0x50 ? ret_from_fork+0x22/0x30 </TASK> Send out async logout explicitly for all the ports during vport delete. | 2024-08-17 | not yet calculated | CVE-2024-42289 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clk_prepare(). However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping functions, which triggers the ‘scheduling while atomic’ bug in the context switch path during device probing: BUG: scheduling while atomic: kworker/u13:1/48/0x00000002 Call trace: __schedule_bug+0x54/0x6c __schedule+0x7f0/0xa94 schedule+0x5c/0xc4 schedule_preempt_disabled+0x24/0x40 __mutex_lock.constprop.0+0x2c0/0x540 __mutex_lock_slowpath+0x14/0x20 mutex_lock+0x48/0x54 clk_prepare_lock+0x44/0xa0 clk_prepare+0x20/0x44 imx_irqsteer_resume+0x28/0xe0 pm_generic_runtime_resume+0x2c/0x44 __genpd_runtime_resume+0x30/0x80 genpd_runtime_resume+0xc8/0x2c0 __rpm_callback+0x48/0x1d8 rpm_callback+0x6c/0x78 rpm_resume+0x490/0x6b4 __pm_runtime_resume+0x50/0x94 irq_chip_pm_get+0x2c/0xa0 __irq_do_set_handler+0x178/0x24c irq_set_chained_handler_and_data+0x60/0xa4 mxc_gpio_probe+0x160/0x4b0 Cure this by implementing the irq_bus_lock/sync_unlock() interrupt chip callbacks and handle power management in them as they are invoked from non-atomic context. [ tglx: Rewrote change log, added Fixes tag ] | 2024-08-17 | not yet calculated | CVE-2024-42290 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ice: Add a per-VF limit on number of FDIR filters While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust the resources for other VFs. Add a similar limit in ice. | 2024-08-17 | not yet calculated | CVE-2024-42291 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: kobject_uevent: Fix OOB access within zap_modalias_env() zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove. | 2024-08-17 | not yet calculated | CVE-2024-42292 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Fix lockless walks with static and dynamic page-table folding Lina reports random oopsen originating from the fast GUP code when 16K pages are used with 4-level page-tables, the fourth level being folded at runtime due to lack of LPA2. In this configuration, the generic implementation of p4d_offset_lockless() will return a ‘p4d_t *’ corresponding to the ‘pgd_t’ allocated on the stack of the caller, gup_fast_pgd_range(). This is normally fine, but when the fourth level of page-table is folded at runtime, pud_offset_lockless() will offset from the address of the ‘p4d_t’ to calculate the address of the PUD in the same page-table page. This results in a stray stack read when the ‘p4d_t’ has been allocated on the stack and can send the walker into the weeds. Fix the problem by providing our own definition of p4d_offset_lockless() when CONFIG_PGTABLE_LEVELS <= 4 which returns the real page-table pointer rather than the address of the local stack variable. | 2024-08-17 | not yet calculated | CVE-2024-42293 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between sd_remove & sd_release Our test report the following hung task: [ 2538.459400] INFO: task “kworker/0:0”:7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task “fsck.”:15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q->mq_freeze_depth bdev_release mutex_lock(&disk->open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q->mq_freeze_depth) mutex_lock(&disk->open_mutex) SCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in this scenario. This is a classic ABBA deadlock. To fix the deadlock, make sure we don’t try to acquire disk->open_mutex after freezing the queue. | 2 |