[TLP:GREEN]

IACINet Logo

NVD CVE LIST BY VENDOR

UPDATED: Wednesday, October 30, 2024 11:00AM EST


The following are the CVE's that have been updated in the last 24 hours.
The severity of each CVE is based on CVSS V3.1 if it is provided, if CVSS V3.1 is not provided, the severity is based on CVSS V2.

The CVE's are sorted by vendor and the list of 83 vendors that appear in todays summary are as follows:


ACNOO ADD-TO-CALENDAR-BUTTONAFTABHUSAIN AGNAI
APACHE APPLE ARUBANETWORKS ATLASSIAN
BRIGHTPLUGINS CANONICAL CEDARGATE CHRISYEE
CISCO CLOUDNET360 COLORLIB ENEJBAJGORIC\/GAGANSANDHU\/CTLTDEV
FABIANROS FREEBSD FRESHLIGHTLAB FRROUTING
GNU GOOGLE HCLTECH HCLTECHSW
HIHONOR HIKASHOP HIKVISION HITACHIENERGY
HP INFORMATIK.HU-BERLIN INTEL ITALTEL
JANOBE JESWEB JETBRAINS KIBOKOLABS
LIGHTPRESS LINUX LITESTREAM LOGICHUNT
MAUVEDEV MAYURIK MECODIA METAGAUSS
MICROFOCUS MOZILLA NAYRATHEMES NINJATEAM
NTA OMAKSOLUTIONS OPENREFINE PHP
PHPGURUKUL PICKPLUGINS PIXELGRADE PLUGINUS
POCO-Z PYMUMU PYTHON QODEINTERACTIVE
REALTEK REXTHEME ROBERTDAVIDGRAHAMROLLUPJS
ROYAL-ELEMENTOR-ADDONSSGI SIXAPART SNYK
SPIDERCONTROL SUNSHINEPHOTOCART THEMEFARMER THEMEUM
TIANDIYOYO VEEAM VILLATHEME VISSER
VMWARE WEBROOT WPCHILL WPCLEVER
WPDEVELOPER X2ENGINE ZZCMS



VENDOR: ACNOO



VENDOR PRODUCT(S)...: FLUTTER API
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-50486
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50486
DATE LAST MODIFIED..: 2024-10-29T16:07Z
ORIGINAL CVE DATE...: 2024-10-28T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/acnoo-flutter-api/wordpress-acnoo-flutter-api-plugin-1-0-5-account-takeover-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5.




VENDOR: ADD-TO-CALENDAR-BUTTON



VENDOR PRODUCT(S)...: ADD TO CALENDAR BUTTON
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46613
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46613
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-08T16:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/add-to-calendar-button/wordpress-add-to-calendar-button-plugin-1-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin = 1.5.1 versions.




VENDOR: AFTABHUSAIN



VENDOR PRODUCT(S)...: CATEGORY AND TAXONOMY IMAGE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-9591
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9591
DATE LAST MODIFIED..: 2024-10-29T16:04Z
ORIGINAL CVE DATE...: 2024-10-22T08:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/5760933b-30e6-465b-9b94-c913b21f07fd?source=cve

CVE DESCRIPTION.....: The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.


VENDOR PRODUCT(S)...: CATEGORY AND TAXONOMY META FIELDS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-9590
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9590
DATE LAST MODIFIED..: 2024-10-29T16:07Z
ORIGINAL CVE DATE...: 2024-10-22T08:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/3f6d9c23-53e9-4393-beff-2f996c279ad8?source=cve

CVE DESCRIPTION.....: The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.


VENDOR PRODUCT(S)...: CATEGORY AND TAXONOMY META FIELDS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-9589
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-9589
DATE LAST MODIFIED..: 2024-10-29T16:07Z
ORIGINAL CVE DATE...: 2024-10-22T08:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/9d879fc6-97ec-4ecb-99c8-7fc0b91692ef?source=cve

CVE DESCRIPTION.....: The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.




VENDOR: AGNAI



VENDOR PRODUCT(S)...: AGNAI
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-47170
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47170
DATE LAST MODIFIED..: 2024-10-29T20:59Z
ORIGINAL CVE DATE...: 2024-09-26T18:15Z
REFERENCE URL.......: https://github.com/agnaistic/agnai/security/advisories/GHSA-h355-hm5h-cm8h

CVE DESCRIPTION.....: Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue.




VENDOR: APACHE



VENDOR PRODUCT(S)...: HTTP SERVER
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-38476
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-38476
DATE LAST MODIFIED..: 2024-10-29T17:35Z
ORIGINAL CVE DATE...: 2024-07-01T19:15Z
REFERENCE URL.......: https://httpd.apache.org/security/vulnerabilities_24.html

CVE DESCRIPTION.....: Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.




VENDOR: APPLE



VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44297
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44297
DATE LAST MODIFIED..: 2024-10-29T20:23Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570

CVE DESCRIPTION.....: The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44294
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44294
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570

CVE DESCRIPTION.....: A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44289
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44289
DATE LAST MODIFIED..: 2024-10-29T20:25Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570

CVE DESCRIPTION.....: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information.


VENDOR PRODUCT(S)...: IPADOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44235
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44235
DATE LAST MODIFIED..: 2024-10-29T20:32Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121563

CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.


VENDOR PRODUCT(S)...: IPADOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44229
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44229
DATE LAST MODIFIED..: 2024-10-29T23:15Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121566

CVE DESCRIPTION.....: An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history.


VENDOR PRODUCT(S)...: XCODE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44228
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44228
DATE LAST MODIFIED..: 2024-10-29T20:42Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121239

CVE DESCRIPTION.....: This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44208
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44208
DATE LAST MODIFIED..: 2024-10-29T20:47Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44174
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44174
DATE LAST MODIFIED..: 2024-10-29T17:33Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44159
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44159
DATE LAST MODIFIED..: 2024-10-29T17:33Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570

CVE DESCRIPTION.....: A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44156
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44156
DATE LAST MODIFIED..: 2024-10-29T17:33Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570

CVE DESCRIPTION.....: A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44155
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44155
DATE LAST MODIFIED..: 2024-10-29T17:34Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.


VENDOR PRODUCT(S)...: WATCHOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44144
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44144
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44137
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44137
DATE LAST MODIFIED..: 2024-10-29T17:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An attacker with physical access may be able to share items from the lock screen.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44126
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44126
DATE LAST MODIFIED..: 2024-10-29T17:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-44123
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44123
DATE LAST MODIFIED..: 2024-10-29T17:37Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. A malicious app with root privileges may be able to access keyboard input and location information without user consent.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44122
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44122
DATE LAST MODIFIED..: 2024-10-29T17:38Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox.


VENDOR PRODUCT(S)...: IPADOS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-40867
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40867
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121563

CVE DESCRIPTION.....: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-40855
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40855
DATE LAST MODIFIED..: 2024-10-29T17:42Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. A sandboxed app may be able to access sensitive user data.


VENDOR PRODUCT(S)...: IPADOS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-40851
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40851
DATE LAST MODIFIED..: 2024-10-29T17:42Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121563

CVE DESCRIPTION.....: This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-40792
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40792
DATE LAST MODIFIED..: 2024-10-29T17:28Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238

CVE DESCRIPTION.....: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44206
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44206
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-10-24T17:15Z
REFERENCE URL.......: https://support.apple.com/en-us/120916

CVE DESCRIPTION.....: An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44205
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44205
DATE LAST MODIFIED..: 2024-10-29T15:27Z
ORIGINAL CVE DATE...: 2024-10-24T17:15Z
REFERENCE URL.......: https://support.apple.com/en-us/120910

CVE DESCRIPTION.....: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44185
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44185
DATE LAST MODIFIED..: 2024-10-29T15:22Z
ORIGINAL CVE DATE...: 2024-10-24T17:15Z
REFERENCE URL.......: https://support.apple.com/en-us/120916

CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-40810
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40810
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-10-24T17:15Z
REFERENCE URL.......: https://support.apple.com/en-us/120911

CVE DESCRIPTION.....: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-40832
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40832
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-07-29T23:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT214119

CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.


VENDOR PRODUCT(S)...: IPHONE OS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-40813
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40813
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-07-29T23:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT214117

CVE DESCRIPTION.....: A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-40799
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40799
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-07-29T23:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT214117

CVE DESCRIPTION.....: An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.


VENDOR PRODUCT(S)...: IPHONE OS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2023-35990
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35990
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-09-27T15:18Z
REFERENCE URL.......: https://support.apple.com/en-us/HT213937

CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-26699
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26699
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2023-08-14T23:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT213488

CVE DESCRIPTION.....: A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients.


VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-35983
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35983
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-07-27T00:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT213845

CVE DESCRIPTION.....: This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.




VENDOR: ARUBANETWORKS



VENDOR PRODUCT(S)...: ARUBAOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-45626
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45626
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-14T23:15Z
REFERENCE URL.......: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt

CVE DESCRIPTION.....: An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.


VENDOR PRODUCT(S)...: EDGECONNECT SD-WAN ORCHESTRATOR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-37440
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37440
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-08-22T19:16Z
REFERENCE URL.......: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt

CVE DESCRIPTION.....: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal     structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.


VENDOR PRODUCT(S)...: EDGECONNECT SD-WAN ORCHESTRATOR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-37439
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37439
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-08-22T19:16Z
REFERENCE URL.......: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt

CVE DESCRIPTION.....: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.




VENDOR: ATLASSIAN



VENDOR PRODUCT(S)...: JIRA ALIGN
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-36802
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36802
DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2022-10-14T04:15Z
REFERENCE URL.......: https://jira.atlassian.com/browse/JIRAALIGN-4326

CVE DESCRIPTION.....: The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.


VENDOR PRODUCT(S)...: JIRA DATA CENTER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-36801
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36801
DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2022-08-10T03:15Z
REFERENCE URL.......: https://jira.atlassian.com/browse/JRASERVER-73740

CVE DESCRIPTION.....: Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8.


VENDOR PRODUCT(S)...: JIRA SERVICE MANAGEMENT
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-36800
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36800
DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2022-08-03T03:15Z
REFERENCE URL.......: https://jira.atlassian.com/browse/JSDSERVER-11900

CVE DESCRIPTION.....: Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.


VENDOR PRODUCT(S)...: JIRA SERVICE MANAGEMENT
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-26135
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26135
DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2022-06-30T06:15Z
REFERENCE URL.......: https://jira.atlassian.com/browse/JRASERVER-73863

CVE DESCRIPTION.....: A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.




VENDOR: BRIGHTPLUGINS



VENDOR PRODUCT(S)...: PRE-ORDERS FOR WOOCOMMERCE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46783
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46783
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/pre-orders-for-woocommerce/wordpress-pre-orders-for-woocommerce-plugin-1-2-13-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin = 1.2.13 versions.




VENDOR: CANONICAL



VENDOR PRODUCT(S)...: NETPLAN
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-4968
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4968
DATE LAST MODIFIED..: 2024-10-30T13:56Z
ORIGINAL CVE DATE...: 2024-06-07T01:15Z
REFERENCE URL.......: https://bugs.launchpad.net/netplan/+bug/1987842

CVE DESCRIPTION.....: netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.




VENDOR: CEDARGATE



VENDOR PRODUCT(S)...: EZ-NET PORTAL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-23397
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23397
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2022-03-04T15:15Z
REFERENCE URL.......: https://ado.im/cedar-gate-ez-net

CVE DESCRIPTION.....: The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction."




VENDOR: CHRISYEE



VENDOR PRODUCT(S)...: MOMENTOPRESS FOR MOMENTO360
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46782
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46782
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/cmyee-momentopress/wordpress-momentopress-for-momento360-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin = 1.0.1 versions.




VENDOR: CISCO



VENDOR PRODUCT(S)...: FIREPOWER THREAT DEFENSE SOFTWARE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-20481
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-20481
DATE LAST MODIFIED..: 2024-10-29T17:47Z
ORIGINAL CVE DATE...: 2024-10-23T18:15Z
REFERENCE URL.......: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW

CVE DESCRIPTION.....: A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials.


VENDOR PRODUCT(S)...: UNIFIED COMMUNICATIONS MANAGER
CVE SEVERITY........: UNKNOWN
CVE ID..............: CVE-2013-7030
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7030
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2013-12-12T17:55Z
REFERENCE URL.......: http://www.exploit-db.com/exploits/30237/

CVE DESCRIPTION.....: The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue




VENDOR: CLOUDNET360



VENDOR PRODUCT(S)...: CLOUDNET360
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46643
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46643
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-08T17:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/cloudnet-sync/wordpress-cloudnet360-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin = 3.2.0 versions.




VENDOR: COLORLIB



VENDOR PRODUCT(S)...: SIMPLE CUSTOM POST ORDER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49321
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49321
DATE LAST MODIFIED..: 2024-10-29T15:20Z
ORIGINAL CVE DATE...: 2024-10-21T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/simple-custom-post-order/wordpress-simple-custom-post-order-plugin-2-5-7-broken-access-control-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7.




VENDOR: ENEJBAJGORIC\/GAGANSANDHU\/CTLTDEV



VENDOR PRODUCT(S)...: USER AVATAR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46621
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46621
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-08T16:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/user-avatar/wordpress-user-avatar-plugin-1-4-11-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin = 1.4.11 versions.




VENDOR: FABIANROS



VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10417
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10417
DATE LAST MODIFIED..: 2024-10-29T20:19Z
ORIGINAL CVE DATE...: 2024-10-27T13:15Z
REFERENCE URL.......: https://vuldb.com/?id.281958

CVE DESCRIPTION.....: A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /file/delete.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10416
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10416
DATE LAST MODIFIED..: 2024-10-29T20:21Z
ORIGINAL CVE DATE...: 2024-10-27T13:15Z
REFERENCE URL.......: https://vuldb.com/?id.281957

CVE DESCRIPTION.....: A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /file/cancel.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10415
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10415
DATE LAST MODIFIED..: 2024-10-29T20:26Z
ORIGINAL CVE DATE...: 2024-10-27T12:15Z
REFERENCE URL.......: https://vuldb.com/?id.281956

CVE DESCRIPTION.....: A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10409
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10409
DATE LAST MODIFIED..: 2024-10-29T20:42Z
ORIGINAL CVE DATE...: 2024-10-27T03:15Z
REFERENCE URL.......: https://vuldb.com/?id.281939

CVE DESCRIPTION.....: A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10408
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10408
DATE LAST MODIFIED..: 2024-10-29T20:44Z
ORIGINAL CVE DATE...: 2024-10-27T03:15Z
REFERENCE URL.......: https://vuldb.com/?id.281938

CVE DESCRIPTION.....: A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.




VENDOR: FREEBSD



VENDOR PRODUCT(S)...: FREEBSD
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-6760
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6760
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-12T13:38Z
REFERENCE URL.......: https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.asc

CVE DESCRIPTION.....: A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.




VENDOR: FRESHLIGHTLAB



VENDOR PRODUCT(S)...: WP MOBILE MENU
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-3987
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-3987
DATE LAST MODIFIED..: 2024-10-29T18:39Z
ORIGINAL CVE DATE...: 2024-06-07T03:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/7bcbc6b6-ed05-4709-bf05-214418798339?source=cve

CVE DESCRIPTION.....: The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.




VENDOR: FRROUTING



VENDOR PRODUCT(S)...: FRROUTING
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46753
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46753
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-10-26T05:15Z
REFERENCE URL.......: https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9

CVE DESCRIPTION.....: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.




VENDOR: GNU



VENDOR PRODUCT(S)...: BINUTILS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-35205
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35205
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2023-08-22T19:16Z
REFERENCE URL.......: https://sourceware.org/bugzilla/show_bug.cgi?id=29289

CVE DESCRIPTION.....: An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.




VENDOR: GOOGLE



VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-7978
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7978
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-21T21:15Z
REFERENCE URL.......: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html

CVE DESCRIPTION.....: Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)


VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-7004
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7004
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-06T16:15Z
REFERENCE URL.......: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

CVE DESCRIPTION.....: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)


VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-7255
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7255
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-01T18:15Z
REFERENCE URL.......: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html

CVE DESCRIPTION.....: Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)


VENDOR PRODUCT(S)...: ANDROID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-20264
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20264
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2023-10-30T17:15Z
REFERENCE URL.......: https://source.android.com/docs/security/bulletin/android-14

CVE DESCRIPTION.....: In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.


VENDOR PRODUCT(S)...: ANDROID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-35680
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35680
DATE LAST MODIFIED..: 2024-10-29T18:35Z
ORIGINAL CVE DATE...: 2023-09-11T21:15Z
REFERENCE URL.......: https://source.android.com/security/bulletin/2023-09-01

CVE DESCRIPTION.....: In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.


VENDOR PRODUCT(S)...: ANDROID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-35677
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35677
DATE LAST MODIFIED..: 2024-10-29T18:35Z
ORIGINAL CVE DATE...: 2023-09-11T21:15Z
REFERENCE URL.......: https://source.android.com/security/bulletin/2023-09-01

CVE DESCRIPTION.....: In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.


VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-4025
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4025
DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2023-01-02T23:15Z
REFERENCE URL.......: https://crbug.com/1260250

CVE DESCRIPTION.....: Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)


VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-3863
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3863
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2023-01-02T23:15Z
REFERENCE URL.......: https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html

CVE DESCRIPTION.....: Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)




VENDOR: HCLTECH



VENDOR PRODUCT(S)...: DRYICE IAUTOMATE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-23347
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23347
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-08-09T20:15Z
REFERENCE URL.......: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106674

CVE DESCRIPTION.....: HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.


VENDOR PRODUCT(S)...: DRYICE MYCLOUD
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-23346
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23346
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-08-09T19:15Z
REFERENCE URL.......: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106670

CVE DESCRIPTION.....: HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.




VENDOR: HCLTECHSW



VENDOR PRODUCT(S)...: BIGFIX BARE OSD METAL SERVER WEBUI
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-37521
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37521
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-01-16T16:15Z
REFERENCE URL.......: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754

CVE DESCRIPTION.....: HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.


VENDOR PRODUCT(S)...: HCL LAUNCH
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-23348
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23348
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-07-10T18:15Z
REFERENCE URL.......: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105978

CVE DESCRIPTION.....: HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.




VENDOR: HIHONOR



VENDOR PRODUCT(S)...: VMALL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-23437
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23437
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-12-29T03:15Z
REFERENCE URL.......: https://www.hihonor.com/global/security/cve-2023-23437/

CVE DESCRIPTION.....: Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak




VENDOR: HIKASHOP



VENDOR PRODUCT(S)...: HIKASHOP
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-40746
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40746
DATE LAST MODIFIED..: 2024-10-29T15:34Z
ORIGINAL CVE DATE...: 2024-10-21T17:15Z
REFERENCE URL.......: https://www.hikashop.com/

CVE DESCRIPTION.....: A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.




VENDOR: HIKVISION



VENDOR PRODUCT(S)...: HIKCENTRAL MASTER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-47486
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47486
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2024-10-18T09:15Z
REFERENCE URL.......: https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-product-series/

CVE DESCRIPTION.....: There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data.




VENDOR: HITACHIENERGY



VENDOR PRODUCT(S)...: UNEM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-28024
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28024
DATE LAST MODIFIED..: 2024-10-29T15:15Z
ORIGINAL CVE DATE...: 2024-06-11T19:16Z
REFERENCE URL.......: https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

CVE DESCRIPTION.....: A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.


VENDOR PRODUCT(S)...: UNEM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-28022
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28022
DATE LAST MODIFIED..: 2024-10-29T15:15Z
ORIGINAL CVE DATE...: 2024-06-11T19:16Z
REFERENCE URL.......: https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true

CVE DESCRIPTION.....: A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.


VENDOR PRODUCT(S)...: UNEM
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-28020
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28020
DATE LAST MODIFIED..: 2024-10-29T15:15Z
ORIGINAL CVE DATE...: 2024-06-11T19:16Z
REFERENCE URL.......: https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true

CVE DESCRIPTION.....: A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.


VENDOR PRODUCT(S)...: UNEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-28021
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28021
DATE LAST MODIFIED..: 2024-10-29T15:15Z
ORIGINAL CVE DATE...: 2024-06-11T14:15Z
REFERENCE URL.......: https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true

CVE DESCRIPTION.....: A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity.




VENDOR: HP



VENDOR PRODUCT(S)...: ONEVIEW
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-42508
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-42508
DATE LAST MODIFIED..: 2024-10-29T17:38Z
ORIGINAL CVE DATE...: 2024-10-18T16:15Z
REFERENCE URL.......: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04721en_us&docLocale=en_US

CVE DESCRIPTION.....: This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.




VENDOR: INFORMATIK.HU-BERLIN



VENDOR PRODUCT(S)...: FLAIR
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10073
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10073
DATE LAST MODIFIED..: 2024-10-29T17:18Z
ORIGINAL CVE DATE...: 2024-10-17T17:15Z
REFERENCE URL.......: https://vuldb.com/?id.280722

CVE DESCRIPTION.....: A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.




VENDOR: INTEL



VENDOR PRODUCT(S)...: SOFTWARE DEVELOPMENT KIT FOR OPENCL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-36493
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36493
DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:16Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00992.html

CVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access.


VENDOR PRODUCT(S)...: COMPUTING IMPROVEMENT PROGRAM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-35769
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35769
DATE LAST MODIFIED..: 2024-10-29T16:14Z
ORIGINAL CVE DATE...: 2024-02-14T14:16Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00959.html

CVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access.


VENDOR PRODUCT(S)...: DRIVER \& SUPPORT ASSISTANT
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-35062
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35062
DATE LAST MODIFIED..: 2024-10-29T16:14Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.html

CVE DESCRIPTION.....: Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access.


VENDOR PRODUCT(S)...: BATTERY LIFE DIAGNOSTIC TOOL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-35060
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35060
DATE LAST MODIFIED..: 2024-10-29T16:14Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00987.html

CVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.


VENDOR PRODUCT(S)...: PERFORMANCE COUNTER MONITOR
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-34351
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34351
DATE LAST MODIFIED..: 2024-10-29T16:14Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00954.html

CVE DESCRIPTION.....: Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.


VENDOR PRODUCT(S)...: ONEAPI
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-32618
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32618
DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00956.html

CVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.


VENDOR PRODUCT(S)...: ONEAPI
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-28715
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28715
DATE LAST MODIFIED..: 2024-10-29T16:16Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00956.html

CVE DESCRIPTION.....: Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access.


VENDOR PRODUCT(S)...: EXTREME TUNING UTILITY
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-28407
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28407
DATE LAST MODIFIED..: 2024-10-29T15:27Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00955.html

CVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.


VENDOR PRODUCT(S)...: ONE BOOT FLASH UPDATE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-25945
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25945
DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00927.html

CVE DESCRIPTION.....: Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.


VENDOR PRODUCT(S)...: DRIVER \& SUPPORT ASSISTANT
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-25073
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25073
DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.html

CVE DESCRIPTION.....: Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access.


VENDOR PRODUCT(S)...: BINARY CONFIGURATION TOOL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-24591
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24591
DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00973.html

CVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.




VENDOR: ITALTEL



VENDOR PRODUCT(S)...: EMBRACE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-31842
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31842
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-08-20T20:15Z
REFERENCE URL.......: https://www.gruppotim.it/it/footer/red-team.html

CVE DESCRIPTION.....: An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.




VENDOR: JANOBE



VENDOR PRODUCT(S)...: ONLINE HOTEL RESERVATION SYSTEM
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10413
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10413
DATE LAST MODIFIED..: 2024-10-29T20:33Z
ORIGINAL CVE DATE...: 2024-10-27T10:15Z
REFERENCE URL.......: https://vuldb.com/?id.281954

CVE DESCRIPTION.....: A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: ONLINE HOTEL RESERVATION SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10411
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10411
DATE LAST MODIFIED..: 2024-10-29T20:28Z
ORIGINAL CVE DATE...: 2024-10-27T05:15Z
REFERENCE URL.......: https://vuldb.com/?id.281940

CVE DESCRIPTION.....: A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: ONLINE HOTEL RESERVATION SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10410
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10410
DATE LAST MODIFIED..: 2024-10-29T20:41Z
ORIGINAL CVE DATE...: 2024-10-27T04:15Z
REFERENCE URL.......: https://vuldb.com/?id.281953

CVE DESCRIPTION.....: A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.




VENDOR: JESWEB



VENDOR PRODUCT(S)...: ANCHOR EPISODES INDEX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10189
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10189
DATE LAST MODIFIED..: 2024-10-29T15:27Z
ORIGINAL CVE DATE...: 2024-10-22T10:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/8c8e37f8-708e-41d5-a6b8-3ba587437532?source=cve

CVE DESCRIPTION.....: The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.




VENDOR: JETBRAINS



VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50582
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50582
DATE LAST MODIFIED..: 2024-10-29T17:16Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements


VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50581
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50581
DATE LAST MODIFIED..: 2024-10-29T17:17Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag


VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50580
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50580
DATE LAST MODIFIED..: 2024-10-29T17:17Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule


VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50579
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50579
DATE LAST MODIFIED..: 2024-10-29T17:17Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible


VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50578
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50578
DATE LAST MODIFIED..: 2024-10-29T17:17Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page


VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50577
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50577
DATE LAST MODIFIED..: 2024-10-29T17:18Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings


VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50576
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50576
DATE LAST MODIFIED..: 2024-10-29T17:18Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest


VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50575
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50575
DATE LAST MODIFIED..: 2024-10-29T17:18Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API


VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50574
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50574
DATE LAST MODIFIED..: 2024-10-29T17:16Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality


VENDOR PRODUCT(S)...: HUB
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50573
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50573
DATE LAST MODIFIED..: 2024-10-29T17:12Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/

CVE DESCRIPTION.....: In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services


VENDOR PRODUCT(S)...: KOTLIN
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-24329
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24329
DATE LAST MODIFIED..: 2024-10-29T15:36Z
ORIGINAL CVE DATE...: 2022-02-25T15:15Z
REFERENCE URL.......: https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/

CVE DESCRIPTION.....: In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.




VENDOR: KIBOKOLABS



VENDOR PRODUCT(S)...: NAMASTE\! LMS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50408
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50408
DATE LAST MODIFIED..: 2024-10-29T16:01Z
ORIGINAL CVE DATE...: 2024-10-28T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/namaste-lms/wordpress-namaste-lms-plugin-2-6-3-php-object-injection-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Deserialization of Untrusted Data vulnerability in Kiboko Labs Namaste! LMS allows Object Injection.This issue affects Namaste! LMS: from n/a through 2.6.3.




VENDOR: LIGHTPRESS



VENDOR PRODUCT(S)...: LIGHTBOX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-5425
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-5425
DATE LAST MODIFIED..: 2024-10-29T19:49Z
ORIGINAL CVE DATE...: 2024-06-07T04:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/b3439710-1159-4677-93c9-14bacfbf0b55?source=cve

CVE DESCRIPTION.....: The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.




VENDOR: LINUX



VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50067
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50067
DATE LAST MODIFIED..: 2024-10-29T16:30Z
ORIGINAL CVE DATE...: 2024-10-28T01:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/373b9338c9722a368925d83bc622c596896b328e

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large, but the size of percpu buffer is only page size. And store_trace_args() won't check whether these data exceeds a single page or not, caused out-of-bounds memory access. It could be reproduced by following steps: 1. build kernel with CONFIG_KASAN enabled 2. save follow program as test.c ``` \#include stdio.h \#include stdlib.h \#include string.h // If string length large than MAX_STRING_SIZE, the fetch_store_strlen() // will return 0, cause __get_data_size() return shorter size, and // store_trace_args() will not trigger out-of-bounds access. // So make string length less than 4096. \#define STRLEN 4093 void generate_string(char *str, int n) { int i; for (i = 0; i n; ++i) { char c = i % 26 + 'a'; str[i] = c; } str[n-1] = '\0'; } void print_string(char *str) { printf("%s\n", str); } int main() { char tmp[STRLEN]; generate_string(tmp, STRLEN); print_string(tmp); return 0; } ``` 3. compile program `gcc -o test test.c` 4. get the offset of `print_string()` ``` objdump -t test | grep -w print_string 0000000000401199 g F .text 000000000000001b print_string ``` 5. configure uprobe with offset 0x1199 ``` off=0x1199 cd /sys/kernel/debug/tracing/ echo "p /root/test:${off} arg1=+0(%di):ustring arg2=\$comm arg3=+0(%di):ustring" uprobe_events echo 1 events/uprobes/enable echo 1 tracing_on ``` 6. run `test`, and kasan will report error. ================================================================== BUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0 Write of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18 Hardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014 Call Trace: TASK dump_stack_lvl+0x55/0x70 print_address_description.constprop.0+0x27/0x310 kasan_report+0x10f/0x120 ? strncpy_from_user+0x1d6/0x1f0 strncpy_from_user+0x1d6/0x1f0 ? rmqueue.constprop.0+0x70d/0x2ad0 process_fetch_insn+0xb26/0x1470 ? __pfx_process_fetch_insn+0x10/0x10 ? _raw_spin_lock+0x85/0xe0 ? __pfx__raw_spin_lock+0x10/0x10 ? __pte_offset_map+0x1f/0x2d0 ? unwind_next_frame+0xc5f/0x1f80 ? arch_stack_walk+0x68/0xf0 ? is_bpf_text_address+0x23/0x30 ? kernel_text_address.part.0+0xbb/0xd0 ? __kernel_text_address+0x66/0xb0 ? unwind_get_return_address+0x5e/0xa0 ? __pfx_stack_trace_consume_entry+0x10/0x10 ? arch_stack_walk+0xa2/0xf0 ? _raw_spin_lock_irqsave+0x8b/0xf0 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? depot_alloc_stack+0x4c/0x1f0 ? _raw_spin_unlock_irqrestore+0xe/0x30 ? stack_depot_save_flags+0x35d/0x4f0 ? kasan_save_stack+0x34/0x50 ? kasan_save_stack+0x24/0x50 ? mutex_lock+0x91/0xe0 ? __pfx_mutex_lock+0x10/0x10 prepare_uprobe_buffer.part.0+0x2cd/0x500 uprobe_dispatcher+0x2c3/0x6a0 ? __pfx_uprobe_dispatcher+0x10/0x10 ? __kasan_slab_alloc+0x4d/0x90 handler_chain+0xdd/0x3e0 handle_swbp+0x26e/0x3d0 ? __pfx_handle_swbp+0x10/0x10 ? uprobe_pre_sstep_notifier+0x151/0x1b0 irqentry_exit_to_user_mode+0xe2/0x1b0 asm_exc_int3+0x39/0x40 RIP: 0033:0x401199 Code: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce RSP: 002b:00007ffdf00576a8 EFLAGS: 00000206 RAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2 RDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0 RBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20 R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040 R13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000 /TASK This commit enforces the buffer's maxlen less than a page-size to avoid store_trace_args() out-of-memory access.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-48949
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48949
DATE LAST MODIFIED..: 2024-10-29T16:32Z
ORIGINAL CVE DATE...: 2024-10-21T20:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2022-48948
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48948
DATE LAST MODIFIED..: 2024-10-29T16:34Z
ORIGINAL CVE DATE...: 2024-10-21T20:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req-actual bytes to uvc_event-data.data array of size 60. This may result in an overflow of 4 bytes.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49999
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49999
DATE LAST MODIFIED..: 2024-10-29T18:03Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/3d51ab44123f35dd1d646d99a15ebef10f55e263

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afs_wait_for_operation(), we set transcribe the call responded flag to the server record that we used after doing the fileserver iteration loop - but it's possible to exit the loop having had a response from the server that we've discarded (e.g. it returned an abort or we started receiving data, but the call didn't complete). This means that op-server might be NULL, but we don't check that before attempting to set the server flag.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-49997
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49997
DATE LAST MODIFIED..: 2024-10-29T16:20Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/185df159843d30fb71f821e7ea4368c2a3bfcd36

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. This driver does not support statistics in the old 32-bit format or the new 64-bit format. These will be added in the future. In its current form, the patch should be easily backported to stable versions. Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets in hardware, so software padding must be applied.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-49984
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49984
DATE LAST MODIFIED..: 2024-10-29T16:22Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage where the ids will be copied into.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-49983
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49983
DATE LAST MODIFIED..: 2024-10-29T16:23Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/8c26d9e53e5fbacda0732a577e97c5a5b7882aaf

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free When calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(), the 'ppath' is updated but it is the 'path' that is freed, thus potentially triggering a double-free in the following process: ext4_ext_replay_update_ex ppath = path ext4_force_split_extent_at(&ppath) ext4_split_extent_at ext4_ext_insert_extent ext4_ext_create_new_leaf ext4_ext_grow_indepth ext4_find_extent if (depth path[0].p_maxdepth) kfree(path) --- path First freed *orig_path = path = NULL --- null ppath kfree(path) --- path double-free !!! So drop the unnecessary ppath and use path directly to avoid this problem. And use ext4_find_extent() directly to update path, avoiding unnecessary memory allocation and freeing. Also, propagate the error returned by ext4_find_extent() instead of using strange error codes.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49979
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49979
DATE LAST MODIFIED..: 2024-10-29T18:02Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/3fdd8c83e83fa5e82f1b5585245c51e0355c9f46

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from frag_list Detect tcp gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For TCP, this causes a NULL ptr deref in __tcpv4_gso_segment_list_csum at tcp_hdr(seg-next). Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. Approach and description based on a patch by Willem de Bruijn.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49978
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49978
DATE LAST MODIFIED..: 2024-10-29T18:01Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffc

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg-next)-dest. Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49970
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49970
DATE LAST MODIFIED..: 2024-10-29T15:57Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/b219b46ad42df1dea9258788bcfea37181f3ccb2

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN401 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 = 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in dcn401_stream_encoder_create Found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn401/dcn401_resource.c:1209 dcn401_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 = 5


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-43843
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43843
DATE LAST MODIFIED..: 2024-10-29T16:29Z
ORIGINAL CVE DATE...: 2024-08-17T10:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285f

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image We get the size of the trampoline image during the dry run phase and allocate memory based on that size. The allocated image will then be populated with instructions during the real patch phase. But after commit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im` argument is inconsistent in the dry run and real patch phase. This may cause emit_imm in RV64 to generate a different number of instructions when generating the 'im' address, potentially causing out-of-bounds issues. Let's emit the maximum number of instructions for the "im" address during dry run to fix this problem.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-43841
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43841
DATE LAST MODIFIED..: 2024-10-29T16:27Z
ORIGINAL CVE DATE...: 2024-08-17T10:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-43840
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43840
DATE LAST MODIFIED..: 2024-10-29T16:25Z
ORIGINAL CVE DATE...: 2024-08-17T10:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfec

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG When BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls __bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them the struct bpf_tramp_image *im pointer as an argument in R0. The trampoline generation code uses emit_addr_mov_i64() to emit instructions for moving the bpf_tramp_image address into R0, but emit_addr_mov_i64() assumes the address to be in the vmalloc() space and uses only 48 bits. Because bpf_tramp_image is allocated using kzalloc(), its address can use more than 48-bits, in this case the trampoline will pass an invalid address to __bpf_tramp_enter/exit() causing a kernel crash. Fix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64() as it can work with addresses that are greater than 48-bits.


VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-43838
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43838
DATE LAST MODIFIED..: 2024-10-29T16:24Z
ORIGINAL CVE DATE...: 2024-08-17T10:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/345652866a8869825a2a582ee5a28d75141f184a

CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved: bpf: fix overflow check in adjust_jmp_off() adjust_jmp_off() incorrectly used the insn-imm field for all overflow check, which is incorrect as that should only be done or the BPF_JMP32 | BPF_JA case, not the general jump instruction case. Fix it by using insn-off for overflow check in the general case.




VENDOR: LITESTREAM



VENDOR PRODUCT(S)...: LITESTREAM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-41254
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-41254
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-07-31T21:15Z
REFERENCE URL.......: https://gist.github.com/nyxfqq/d857f268a53aa62402655c8dcd95c68f

CVE DESCRIPTION.....: An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.




VENDOR: LOGICHUNT



VENDOR PRODUCT(S)...: LOGO SLIDER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-3288
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-3288
DATE LAST MODIFIED..: 2024-10-29T17:52Z
ORIGINAL CVE DATE...: 2024-06-07T06:15Z
REFERENCE URL.......: https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/

CVE DESCRIPTION.....: The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks




VENDOR: MAUVEDEV



VENDOR PRODUCT(S)...: MEDIALIST
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46640
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46640
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-08T16:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/media-list/wordpress-medialist-plugin-1-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin = 1.3.9 versions.




VENDOR: MAYURIK



VENDOR PRODUCT(S)...: PETROL PUMP MANAGEMENT
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10407
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10407
DATE LAST MODIFIED..: 2024-10-29T20:47Z
ORIGINAL CVE DATE...: 2024-10-27T00:15Z
REFERENCE URL.......: https://vuldb.com/?id.281937

CVE DESCRIPTION.....: A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: PETROL PUMP MANAGEMENT
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10406
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10406
DATE LAST MODIFIED..: 2024-10-29T20:48Z
ORIGINAL CVE DATE...: 2024-10-26T22:15Z
REFERENCE URL.......: https://vuldb.com/?id.281936

CVE DESCRIPTION.....: A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_fuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: BEST HOUSE RENTAL MANAGEMENT SYSTEM
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10349
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10349
DATE LAST MODIFIED..: 2024-10-30T13:14Z
ORIGINAL CVE DATE...: 2024-10-24T22:15Z
REFERENCE URL.......: https://vuldb.com/?id.281696

CVE DESCRIPTION.....: A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: BEST HOUSE RENTAL MANAGEMENT SYSTEM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10348
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10348
DATE LAST MODIFIED..: 2024-10-30T13:03Z
ORIGINAL CVE DATE...: 2024-10-24T22:15Z
REFERENCE URL.......: https://vuldb.com/?id.281697

CVE DESCRIPTION.....: A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.




VENDOR: MECODIA



VENDOR PRODUCT(S)...: FERIPRO
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-41519
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-41519
DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-08-02T17:16Z
REFERENCE URL.......: https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/

CVE DESCRIPTION.....: Feripro = v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/program_id/zuordnung/veranstaltungen/event_id" through the "school" input field.




VENDOR: METAGAUSS



VENDOR PRODUCT(S)...: PROFILEGRID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49273
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49273
DATE LAST MODIFIED..: 2024-10-29T15:48Z
ORIGINAL CVE DATE...: 2024-10-21T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-9-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3.




VENDOR: MICROFOCUS



VENDOR PRODUCT(S)...: DIMENSIONS CM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-32261
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32261
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-07-19T16:15Z
REFERENCE URL.......: https://www.jenkins.io/security/advisory/2023-06-14/

CVE DESCRIPTION.....: A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/




VENDOR: MOZILLA



VENDOR PRODUCT(S)...: FIREFOX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-7518
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7518
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-06T13:15Z
REFERENCE URL.......: https://bugzilla.mozilla.org/show_bug.cgi?id=1875354

CVE DESCRIPTION.....: Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1.




VENDOR: NAYRATHEMES



VENDOR PRODUCT(S)...: CLEVER FOX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-1768
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1768
DATE LAST MODIFIED..: 2024-10-29T19:44Z
ORIGINAL CVE DATE...: 2024-06-07T03:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/16af8724-595c-4daa-80bd-8125a32cc502?source=cve

CVE DESCRIPTION.....: The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


VENDOR PRODUCT(S)...: CLEVER FOX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-6876
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6876
DATE LAST MODIFIED..: 2024-10-29T19:50Z
ORIGINAL CVE DATE...: 2024-06-07T02:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cve

CVE DESCRIPTION.....: The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.




VENDOR: NINJATEAM



VENDOR PRODUCT(S)...: GDPR CCPA COMPLIANCE \& COOKIE CONSENT BANNER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-5607
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-5607
DATE LAST MODIFIED..: 2024-10-29T20:08Z
ORIGINAL CVE DATE...: 2024-06-07T03:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/b8f870a6-26a5-4f98-9bd6-12736c561265?source=cve

CVE DESCRIPTION.....: The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts.




VENDOR: NTA



VENDOR PRODUCT(S)...: E-TAX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46802
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46802
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T02:15Z
REFERENCE URL.......: https://www.e-tax.nta.go.jp/topics/topics_20231102.htm

CVE DESCRIPTION.....: e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.




VENDOR: OMAKSOLUTIONS



VENDOR PRODUCT(S)...: SLICK POPUP
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46824
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46824
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/slick-popup/wordpress-slick-popup-plugin-1-7-14-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin = 1.7.14 versions.




VENDOR: OPENREFINE



VENDOR PRODUCT(S)...: BUTTERFLY
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-47883
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47883
DATE LAST MODIFIED..: 2024-10-29T15:38Z
ORIGINAL CVE DATE...: 2024-10-24T21:15Z
REFERENCE URL.......: https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8

CVE DESCRIPTION.....: The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local file. However, prior to version 1.2.6, if a `file:/` URL is directly given where a relative path (resource name) is expected, this is also accepted in some code paths; the app then fetches the file, from a remote machine if indicated, and uses it as if it was a trusted part of the app's codebase. This leads to multiple weaknesses and potential weaknesses. An attacker that has network access to the application could use it to gain access to files, either on the the server's filesystem (path traversal) or shared by nearby machines (server-side request forgery with e.g. SMB). An attacker that can lead or redirect a user to a crafted URL belonging to the app could cause arbitrary attacker-controlled JavaScript to be loaded in the victim's browser (cross-site scripting). If an app is written in such a way that an attacker can influence the resource name used for a template, that attacker could cause the app to fetch and execute an attacker-controlled template (remote code execution). Version 1.2.6 contains a patch.




VENDOR: PHP



VENDOR PRODUCT(S)...: PHP
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-31629
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31629
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2022-09-28T23:15Z
REFERENCE URL.......: https://bugs.php.net/bug.php?id=81727

CVE DESCRIPTION.....: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.


VENDOR PRODUCT(S)...: PHP
CVE SEVERITY........: UNKNOWN
CVE ID..............: CVE-2014-9426
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9426
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2014-12-31T02:59Z
REFERENCE URL.......: https://bugs.php.net/bug.php?id=68665

CVE DESCRIPTION.....: The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable




VENDOR: PHPGURUKUL



VENDOR PRODUCT(S)...: VEHICLE RECORD SYSTEM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10414
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10414
DATE LAST MODIFIED..: 2024-10-29T20:46Z
ORIGINAL CVE DATE...: 2024-10-27T11:15Z
REFERENCE URL.......: https://vuldb.com/?id.281955

CVE DESCRIPTION.....: A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The manipulation of the argument Brand Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "phone_number" to be affected. But this might be a mistake because the textbox field label is "Brand Name".




VENDOR: PICKPLUGINS



VENDOR PRODUCT(S)...: POST GRID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-1988
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1988
DATE LAST MODIFIED..: 2024-10-29T19:54Z
ORIGINAL CVE DATE...: 2024-06-07T04:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9?source=cve

CVE DESCRIPTION.....: The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.




VENDOR: PIXELGRADE



VENDOR PRODUCT(S)...: COMMENTS RATING
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-23702
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23702
DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions.




VENDOR: PLUGINUS



VENDOR PRODUCT(S)...: WORDPRESS META DATA AND TAXONOMIES FILTER
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-50450
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50450
DATE LAST MODIFIED..: 2024-10-29T16:05Z
ORIGINAL CVE DATE...: 2024-10-28T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-bypass-vulnerability-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.




VENDOR: POCO-Z



VENDOR PRODUCT(S)...: GUNS-MEDIAL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10412
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10412
DATE LAST MODIFIED..: 2024-10-29T20:40Z
ORIGINAL CVE DATE...: 2024-10-27T08:15Z
REFERENCE URL.......: https://vuldb.com/?id.281941

CVE DESCRIPTION.....: A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched remotely.




VENDOR: PYMUMU



VENDOR PRODUCT(S)...: SMARTDNS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-24199
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24199
DATE LAST MODIFIED..: 2024-10-29T19:26Z
ORIGINAL CVE DATE...: 2024-06-06T22:15Z
REFERENCE URL.......: https://github.com/pymumu/smartdns/issues/1628

CVE DESCRIPTION.....: smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c.


VENDOR PRODUCT(S)...: SMARTDNS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-24198
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24198
DATE LAST MODIFIED..: 2024-10-29T18:45Z
ORIGINAL CVE DATE...: 2024-06-06T22:15Z
REFERENCE URL.......: https://github.com/pymumu/smartdns/issues/1629

CVE DESCRIPTION.....: smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.




VENDOR: PYTHON



VENDOR PRODUCT(S)...: SETUPTOOLS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-40897
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40897
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2022-12-23T00:15Z
REFERENCE URL.......: https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200

CVE DESCRIPTION.....: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.




VENDOR: QODEINTERACTIVE



VENDOR PRODUCT(S)...: QI ADDONS FOR ELEMENTOR
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-4887
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-4887
DATE LAST MODIFIED..: 2024-10-29T19:52Z
ORIGINAL CVE DATE...: 2024-06-07T04:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/284daad9-d31e-4d29-ac15-ba293ba9640d?source=cve

CVE DESCRIPTION.....: The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, resulting in code execution. Please note that this requires an attacker to create a non-existent directory or target an instance where file_exists won't return false with a non-existent directory in the path, in order to successfully exploit.




VENDOR: REALTEK



VENDOR PRODUCT(S)...: RTSPER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-25477
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25477
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2024-07-02T19:15Z
REFERENCE URL.......: http://realtek.com

CVE DESCRIPTION.....: Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.




VENDOR: REXTHEME



VENDOR PRODUCT(S)...: WP VR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49293
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49293
DATE LAST MODIFIED..: 2024-10-29T15:07Z
ORIGINAL CVE DATE...: 2024-10-21T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/wpvr/wordpress-wp-vr-plugin-8-5-4-broken-access-control-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4.




VENDOR: ROBERTDAVIDGRAHAM



VENDOR PRODUCT(S)...: ROBDNS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-24195
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24195
DATE LAST MODIFIED..: 2024-10-29T18:24Z
ORIGINAL CVE DATE...: 2024-06-06T22:15Z
REFERENCE URL.......: https://github.com/robertdavidgraham/robdns/issues/9

CVE DESCRIPTION.....: robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.


VENDOR PRODUCT(S)...: ROBDNS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-24192
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24192
DATE LAST MODIFIED..: 2024-10-29T18:25Z
ORIGINAL CVE DATE...: 2024-06-06T22:15Z
REFERENCE URL.......: https://github.com/robertdavidgraham/robdns/issues/8

CVE DESCRIPTION.....: robdns commit d76d2e6 was discovered to contain a heap overflow via the component block-filename at /src/zonefile-insertion.c.




VENDOR: ROLLUPJS



VENDOR PRODUCT(S)...: ROLLUP
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-47068
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47068
DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-09-23T16:15Z
REFERENCE URL.......: https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm

CVE DESCRIPTION.....: Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.




VENDOR: ROYAL-ELEMENTOR-ADDONS



VENDOR PRODUCT(S)...: ROYAL ELEMENTOR ADDONS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50442
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50442
DATE LAST MODIFIED..: 2024-10-29T16:04Z
ORIGINAL CVE DATE...: 2024-10-28T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-980-xml-external-entity-xxe-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.




VENDOR: SGI



VENDOR PRODUCT(S)...: IRIX
CVE SEVERITY........: UNKNOWN
CVE ID..............: CVE-1999-0029
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0029
DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 1997-07-16T04:00Z
REFERENCE URL.......: https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0029

CVE DESCRIPTION.....: root privileges via buffer overflow in ordist command on SGI IRIX systems.




VENDOR: SIXAPART



VENDOR PRODUCT(S)...: MOVABLE TYPE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-45746
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45746
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-10-30T05:15Z
REFERENCE URL.......: https://jvn.jp/en/jp/JVN39139884/

CVE DESCRIPTION.....: Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.




VENDOR: SNYK



VENDOR PRODUCT(S)...: SNYK CLI
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-48964
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-48964
DATE LAST MODIFIED..: 2024-10-30T13:46Z
ORIGINAL CVE DATE...: 2024-10-23T19:15Z
REFERENCE URL.......: https://github.com/snyk/snyk-gradle-plugin/commit/2f5ee7579f00660282dd161a0b79690f4a9c865d

CVE DESCRIPTION.....: The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.




VENDOR: SPIDERCONTROL



VENDOR PRODUCT(S)...: SCADAWEBSERVER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-3329
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3329
DATE LAST MODIFIED..: 2024-10-29T18:35Z
ORIGINAL CVE DATE...: 2023-08-02T23:15Z
REFERENCE URL.......: https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03

CVE DESCRIPTION.....: SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.




VENDOR: SUNSHINEPHOTOCART



VENDOR PRODUCT(S)...: SUNSHINE PHOTO CART
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50463
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50463
DATE LAST MODIFIED..: 2024-10-29T16:25Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-9-open-redirection-vulnerability?_s_id=cve

CVE DESCRIPTION.....: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.




VENDOR: THEMEFARMER



VENDOR PRODUCT(S)...: WOOCOMMERCE TOOLS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-1689
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1689
DATE LAST MODIFIED..: 2024-10-29T19:49Z
ORIGINAL CVE DATE...: 2024-06-07T02:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/3830c901-be36-4c4b-976b-d388b6af0c67?source=cve

CVE DESCRIPTION.....: The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules.




VENDOR: THEMEUM



VENDOR PRODUCT(S)...: TUTOR LMS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-4902
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-4902
DATE LAST MODIFIED..: 2024-10-29T18:07Z
ORIGINAL CVE DATE...: 2024-06-07T05:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=cve

CVE DESCRIPTION.....: The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.




VENDOR: TIANDIYOYO



VENDOR PRODUCT(S)...: FLAT UI BUTTON
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10014
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10014
DATE LAST MODIFIED..: 2024-10-29T16:58Z
ORIGINAL CVE DATE...: 2024-10-18T05:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/ec5474ac-62d7-4431-b789-51c831dd1c20?source=cve

CVE DESCRIPTION.....: The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.




VENDOR: VEEAM



VENDOR PRODUCT(S)...: ONE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-41723
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41723
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-07T07:15Z
REFERENCE URL.......: https://www.veeam.com/kb4508

CVE DESCRIPTION.....: A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.




VENDOR: VILLATHEME



VENDOR PRODUCT(S)...: WOOCOMMERCE EMAIL TEMPLATE CUSTOMIZER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49288
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49288
DATE LAST MODIFIED..: 2024-10-29T16:59Z
ORIGINAL CVE DATE...: 2024-10-17T20:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/email-template-customizer-for-woo/wordpress-email-template-customizer-for-woocommerce-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5.




VENDOR: VISSER



VENDOR PRODUCT(S)...: STORE EXPORTER FOR WOOCOMMERCE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46822
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46822
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/woocommerce-exporter/wordpress-store-exporter-for-woocommerce-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin = 2.7.2 versions.




VENDOR: VMWARE



VENDOR PRODUCT(S)...: VCENTER SERVER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-34056
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34056
DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-10-25T18:17Z
REFERENCE URL.......: https://www.vmware.com/security/advisories/VMSA-2023-0023.html

CVE DESCRIPTION.....: vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.




VENDOR: WEBROOT



VENDOR PRODUCT(S)...: SECUREANYWHERE WEB SHIELD
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-7826
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7826
DATE LAST MODIFIED..: 2024-10-30T13:48Z
ORIGINAL CVE DATE...: 2024-10-03T17:15Z
REFERENCE URL.......: https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=4275

CVE DESCRIPTION.....: Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.


VENDOR PRODUCT(S)...: SECUREANYWHERE WEB SHIELD
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-7825
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7825
DATE LAST MODIFIED..: 2024-10-30T13:49Z
ORIGINAL CVE DATE...: 2024-10-03T17:15Z
REFERENCE URL.......: https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=4275

CVE DESCRIPTION.....: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.


VENDOR PRODUCT(S)...: SECUREANYWHERE WEB SHIELD
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-7824
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7824
DATE LAST MODIFIED..: 2024-10-30T13:50Z
ORIGINAL CVE DATE...: 2024-10-03T17:15Z
REFERENCE URL.......: https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=4275

CVE DESCRIPTION.....: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.




VENDOR: WPCHILL



VENDOR PRODUCT(S)...: STRONG TESTIMONIALS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-6491
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6491
DATE LAST MODIFIED..: 2024-10-29T17:59Z
ORIGINAL CVE DATE...: 2024-06-07T06:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cve

CVE DESCRIPTION.....: The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.




VENDOR: WPCLEVER



VENDOR PRODUCT(S)...: WPC SHOP AS A CUSTOMER FOR WOOCOMMERCE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50416
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50416
DATE LAST MODIFIED..: 2024-10-29T16:02Z
ORIGINAL CVE DATE...: 2024-10-28T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/wpc-shop-as-customer/wordpress-wpc-shop-as-a-customer-for-woocommerce-plugin-1-2-6-php-object-injection-vulnerability?_s_id=cve

CVE DESCRIPTION.....: Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through 1.2.6.




VENDOR: WPDEVELOPER



VENDOR PRODUCT(S)...: ESSENTIAL ADDONS FOR ELEMENTOR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-5612
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-5612
DATE LAST MODIFIED..: 2024-10-29T18:05Z
ORIGINAL CVE DATE...: 2024-06-07T05:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/8dbe4104-b7d1-484f-a843-a3d1fc02999d?source=cve

CVE DESCRIPTION.....: The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.




VENDOR: X2ENGINE



VENDOR PRODUCT(S)...: X2CRM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-48120
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-48120
DATE LAST MODIFIED..: 2024-10-29T20:57Z
ORIGINAL CVE DATE...: 2024-10-14T14:15Z
REFERENCE URL.......: https://okankurtulus.com.tr/2024/09/12/x2crm-v8-5-stored-cross-site-scripting-xss-authenticated/

CVE DESCRIPTION.....: X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.




VENDOR: ZZCMS



VENDOR PRODUCT(S)...: ZZCMS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10293
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10293
DATE LAST MODIFIED..: 2024-10-30T13:37Z
ORIGINAL CVE DATE...: 2024-10-23T16:15Z
REFERENCE URL.......: https://vuldb.com/?id.281562

CVE DESCRIPTION.....: A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: ZZCMS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10292
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10292
DATE LAST MODIFIED..: 2024-10-30T13:40Z
ORIGINAL CVE DATE...: 2024-10-23T16:15Z
REFERENCE URL.......: https://vuldb.com/?id.281561

CVE DESCRIPTION.....: A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.


VENDOR PRODUCT(S)...: ZZCMS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10291
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10291
DATE LAST MODIFIED..: 2024-10-30T13:23Z
ORIGINAL CVE DATE...: 2024-10-23T16:15Z
REFERENCE URL.......: https://vuldb.com/?id.281560

CVE DESCRIPTION.....: A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

[TLP:GREEN]

IACINet Logo