Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
VENDOR: APPLE
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44297
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44297DATE LAST MODIFIED..: 2024-10-29T20:23Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570CVE DESCRIPTION.....: The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44294
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44294DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570CVE DESCRIPTION.....: A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with root privileges may be able to delete protected system files.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44289
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44289DATE LAST MODIFIED..: 2024-10-29T20:25Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570CVE DESCRIPTION.....: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information.
VENDOR PRODUCT(S)...: IPADOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44235
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44235DATE LAST MODIFIED..: 2024-10-29T20:32Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121563CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.
VENDOR PRODUCT(S)...: IPADOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44229
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44229DATE LAST MODIFIED..: 2024-10-29T23:15Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121566CVE DESCRIPTION.....: An information leakage was addressed with additional validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. Private browsing may leak some browsing history.
VENDOR PRODUCT(S)...: XCODE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44228
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44228DATE LAST MODIFIED..: 2024-10-29T20:42Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121239CVE DESCRIPTION.....: This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44208
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44208DATE LAST MODIFIED..: 2024-10-29T20:47Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44174
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44174DATE LAST MODIFIED..: 2024-10-29T17:33Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44159
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44159DATE LAST MODIFIED..: 2024-10-29T17:33Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570CVE DESCRIPTION.....: A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44156
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44156DATE LAST MODIFIED..: 2024-10-29T17:33Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121570CVE DESCRIPTION.....: A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44155
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44155DATE LAST MODIFIED..: 2024-10-29T17:34Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy.
VENDOR PRODUCT(S)...: WATCHOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44144
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44144DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44137
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44137DATE LAST MODIFIED..: 2024-10-29T17:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An attacker with physical access may be able to share items from the lock screen.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44126
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44126DATE LAST MODIFIED..: 2024-10-29T17:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-44123
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44123DATE LAST MODIFIED..: 2024-10-29T17:37Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. A malicious app with root privileges may be able to access keyboard input and location information without user consent.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-44122
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44122DATE LAST MODIFIED..: 2024-10-29T17:38Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox.
VENDOR PRODUCT(S)...: IPADOS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-40867
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40867DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121563CVE DESCRIPTION.....: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-40855
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40855DATE LAST MODIFIED..: 2024-10-29T17:42Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. A sandboxed app may be able to access sensitive user data.
VENDOR PRODUCT(S)...: IPADOS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-40851
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40851DATE LAST MODIFIED..: 2024-10-29T17:42Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121563CVE DESCRIPTION.....: This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from the lock screen.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-40792
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40792DATE LAST MODIFIED..: 2024-10-29T17:28Z
ORIGINAL CVE DATE...: 2024-10-28T21:15Z
REFERENCE URL.......: https://support.apple.com/en-us/121238CVE DESCRIPTION.....: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44206
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44206DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-10-24T17:15Z
REFERENCE URL.......: https://support.apple.com/en-us/120916CVE DESCRIPTION.....: An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44205
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44205DATE LAST MODIFIED..: 2024-10-29T15:27Z
ORIGINAL CVE DATE...: 2024-10-24T17:15Z
REFERENCE URL.......: https://support.apple.com/en-us/120910CVE DESCRIPTION.....: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-44185
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-44185DATE LAST MODIFIED..: 2024-10-29T15:22Z
ORIGINAL CVE DATE...: 2024-10-24T17:15Z
REFERENCE URL.......: https://support.apple.com/en-us/120916CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-40810
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40810DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-10-24T17:15Z
REFERENCE URL.......: https://support.apple.com/en-us/120911CVE DESCRIPTION.....: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6. An app may be able to cause a coprocessor crash.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-40832
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40832DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-07-29T23:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT214119CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.
VENDOR PRODUCT(S)...: IPHONE OS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-40813
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40813DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-07-29T23:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT214117CVE DESCRIPTION.....: A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-40799
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40799DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-07-29T23:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT214117CVE DESCRIPTION.....: An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
VENDOR PRODUCT(S)...: IPHONE OS
CVE SEVERITY........: LOW
CVE ID..............: CVE-2023-35990
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35990DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-09-27T15:18Z
REFERENCE URL.......: https://support.apple.com/en-us/HT213937CVE DESCRIPTION.....: The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-26699
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26699DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2023-08-14T23:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT213488CVE DESCRIPTION.....: A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients.
VENDOR PRODUCT(S)...: MACOS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-35983
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35983DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-07-27T00:15Z
REFERENCE URL.......: https://support.apple.com/en-us/HT213845CVE DESCRIPTION.....: This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.
VENDOR: ARUBANETWORKS
VENDOR PRODUCT(S)...: ARUBAOS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-45626
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45626DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-14T23:15Z
REFERENCE URL.......: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txtCVE DESCRIPTION.....: An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.
VENDOR PRODUCT(S)...: EDGECONNECT SD-WAN ORCHESTRATOR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-37440
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37440DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-08-22T19:16Z
REFERENCE URL.......: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txtCVE DESCRIPTION.....: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal
structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.
VENDOR PRODUCT(S)...: EDGECONNECT SD-WAN ORCHESTRATOR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-37439
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37439DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-08-22T19:16Z
REFERENCE URL.......: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txtCVE DESCRIPTION.....: Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to
obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
VENDOR: ATLASSIAN
VENDOR PRODUCT(S)...: JIRA ALIGN
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-36802
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36802DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2022-10-14T04:15Z
REFERENCE URL.......: https://jira.atlassian.com/browse/JIRAALIGN-4326CVE DESCRIPTION.....: The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.
VENDOR PRODUCT(S)...: JIRA DATA CENTER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-36801
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36801DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2022-08-10T03:15Z
REFERENCE URL.......: https://jira.atlassian.com/browse/JRASERVER-73740CVE DESCRIPTION.....: Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8.
VENDOR PRODUCT(S)...: JIRA SERVICE MANAGEMENT
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-36800
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36800DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2022-08-03T03:15Z
REFERENCE URL.......: https://jira.atlassian.com/browse/JSDSERVER-11900CVE DESCRIPTION.....: Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.
VENDOR PRODUCT(S)...: JIRA SERVICE MANAGEMENT
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-26135
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26135DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2022-06-30T06:15Z
REFERENCE URL.......: https://jira.atlassian.com/browse/JRASERVER-73863CVE DESCRIPTION.....: A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
VENDOR: BRIGHTPLUGINS
VENDOR PRODUCT(S)...: PRE-ORDERS FOR WOOCOMMERCE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46783
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46783DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/pre-orders-for-woocommerce/wordpress-pre-orders-for-woocommerce-plugin-1-2-13-cross-site-scripting-xss-vulnerability?_s_id=cveCVE DESCRIPTION.....: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin = 1.2.13 versions.
VENDOR: CANONICAL
VENDOR PRODUCT(S)...: NETPLAN
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-4968
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4968DATE LAST MODIFIED..: 2024-10-30T13:56Z
ORIGINAL CVE DATE...: 2024-06-07T01:15Z
REFERENCE URL.......: https://bugs.launchpad.net/netplan/+bug/1987842CVE DESCRIPTION.....: netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.
VENDOR: CEDARGATE
VENDOR PRODUCT(S)...: EZ-NET PORTAL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-23397
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23397DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2022-03-04T15:15Z
REFERENCE URL.......: https://ado.im/cedar-gate-ez-netCVE DESCRIPTION.....: The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no clear steps of reproduction."
VENDOR: CHRISYEE
VENDOR PRODUCT(S)...: MOMENTOPRESS FOR MOMENTO360
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46782
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46782DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/cmyee-momentopress/wordpress-momentopress-for-momento360-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cveCVE DESCRIPTION.....: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin = 1.0.1 versions.
VENDOR: CISCO
VENDOR PRODUCT(S)...: FIREPOWER THREAT DEFENSE SOFTWARE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-20481
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-20481DATE LAST MODIFIED..: 2024-10-29T17:47Z
ORIGINAL CVE DATE...: 2024-10-23T18:15Z
REFERENCE URL.......: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrWCVE DESCRIPTION.....: A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service.
This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected.
Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials.
VENDOR PRODUCT(S)...: UNIFIED COMMUNICATIONS MANAGER
CVE SEVERITY........: UNKNOWN
CVE ID..............: CVE-2013-7030
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7030DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2013-12-12T17:55Z
REFERENCE URL.......: http://www.exploit-db.com/exploits/30237/CVE DESCRIPTION.....: The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue
VENDOR: CLOUDNET360
VENDOR PRODUCT(S)...: CLOUDNET360
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46643
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46643DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-08T17:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/cloudnet-sync/wordpress-cloudnet360-plugin-3-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cveCVE DESCRIPTION.....: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin = 3.2.0 versions.
VENDOR: COLORLIB
VENDOR PRODUCT(S)...: SIMPLE CUSTOM POST ORDER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49321
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49321DATE LAST MODIFIED..: 2024-10-29T15:20Z
ORIGINAL CVE DATE...: 2024-10-21T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/simple-custom-post-order/wordpress-simple-custom-post-order-plugin-2-5-7-broken-access-control-vulnerability?_s_id=cveCVE DESCRIPTION.....: Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7.
VENDOR: ENEJBAJGORIC\/GAGANSANDHU\/CTLTDEV
VENDOR PRODUCT(S)...: USER AVATAR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46621
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46621DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-08T16:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/user-avatar/wordpress-user-avatar-plugin-1-4-11-cross-site-scripting-xss-vulnerability?_s_id=cveCVE DESCRIPTION.....: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin = 1.4.11 versions.
VENDOR: FABIANROS
VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10417
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10417DATE LAST MODIFIED..: 2024-10-29T20:19Z
ORIGINAL CVE DATE...: 2024-10-27T13:15Z
REFERENCE URL.......: https://vuldb.com/?id.281958CVE DESCRIPTION.....: A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /file/delete.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10416
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10416DATE LAST MODIFIED..: 2024-10-29T20:21Z
ORIGINAL CVE DATE...: 2024-10-27T13:15Z
REFERENCE URL.......: https://vuldb.com/?id.281957CVE DESCRIPTION.....: A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /file/cancel.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10415
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10415DATE LAST MODIFIED..: 2024-10-29T20:26Z
ORIGINAL CVE DATE...: 2024-10-27T12:15Z
REFERENCE URL.......: https://vuldb.com/?id.281956CVE DESCRIPTION.....: A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10409
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10409DATE LAST MODIFIED..: 2024-10-29T20:42Z
ORIGINAL CVE DATE...: 2024-10-27T03:15Z
REFERENCE URL.......: https://vuldb.com/?id.281939CVE DESCRIPTION.....: A vulnerability was found in code-projects Blood Bank Management 1.0 and classified as critical. This issue affects some unknown processing of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: BLOOD BANK MANAGEMENT SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10408
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10408DATE LAST MODIFIED..: 2024-10-29T20:44Z
ORIGINAL CVE DATE...: 2024-10-27T03:15Z
REFERENCE URL.......: https://vuldb.com/?id.281938CVE DESCRIPTION.....: A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
VENDOR: FREEBSD
VENDOR PRODUCT(S)...: FREEBSD
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-6760
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6760DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-12T13:38Z
REFERENCE URL.......: https://security.freebsd.org/advisories/FreeBSD-SA-24:06.ktrace.ascCVE DESCRIPTION.....: A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs.
The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.
VENDOR: FRESHLIGHTLAB
VENDOR PRODUCT(S)...: WP MOBILE MENU
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-3987
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-3987DATE LAST MODIFIED..: 2024-10-29T18:39Z
ORIGINAL CVE DATE...: 2024-06-07T03:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/7bcbc6b6-ed05-4709-bf05-214418798339?source=cveCVE DESCRIPTION.....: The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VENDOR: FRROUTING
VENDOR PRODUCT(S)...: FRROUTING
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46753
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46753DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-10-26T05:15Z
REFERENCE URL.......: https://github.com/FRRouting/frr/pull/14645/commits/d8482bf011cb2b173e85b65b4bf3d5061250cdb9CVE DESCRIPTION.....: An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
VENDOR: GNU
VENDOR PRODUCT(S)...: BINUTILS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-35205
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35205DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2023-08-22T19:16Z
REFERENCE URL.......: https://sourceware.org/bugzilla/show_bug.cgi?id=29289CVE DESCRIPTION.....: An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
VENDOR: GOOGLE
VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-7978
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7978DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-21T21:15Z
REFERENCE URL.......: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.htmlCVE DESCRIPTION.....: Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-7004
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7004DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-06T16:15Z
REFERENCE URL.......: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.htmlCVE DESCRIPTION.....: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)
VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-7255
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7255DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-01T18:15Z
REFERENCE URL.......: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.htmlCVE DESCRIPTION.....: Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
VENDOR PRODUCT(S)...: ANDROID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-20264
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20264DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2023-10-30T17:15Z
REFERENCE URL.......: https://source.android.com/docs/security/bulletin/android-14CVE DESCRIPTION.....: In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
VENDOR PRODUCT(S)...: ANDROID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-35680
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35680DATE LAST MODIFIED..: 2024-10-29T18:35Z
ORIGINAL CVE DATE...: 2023-09-11T21:15Z
REFERENCE URL.......: https://source.android.com/security/bulletin/2023-09-01CVE DESCRIPTION.....: In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
VENDOR PRODUCT(S)...: ANDROID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-35677
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35677DATE LAST MODIFIED..: 2024-10-29T18:35Z
ORIGINAL CVE DATE...: 2023-09-11T21:15Z
REFERENCE URL.......: https://source.android.com/security/bulletin/2023-09-01CVE DESCRIPTION.....: In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-4025
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4025DATE LAST MODIFIED..: 2024-10-29T16:35Z
ORIGINAL CVE DATE...: 2023-01-02T23:15Z
REFERENCE URL.......: https://crbug.com/1260250CVE DESCRIPTION.....: Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)
VENDOR PRODUCT(S)...: CHROME
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-3863
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3863DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2023-01-02T23:15Z
REFERENCE URL.......: https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.htmlCVE DESCRIPTION.....: Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
VENDOR: HCLTECH
VENDOR PRODUCT(S)...: DRYICE IAUTOMATE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-23347
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23347DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-08-09T20:15Z
REFERENCE URL.......: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106674CVE DESCRIPTION.....: HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
VENDOR PRODUCT(S)...: DRYICE MYCLOUD
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-23346
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23346DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-08-09T19:15Z
REFERENCE URL.......: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106670CVE DESCRIPTION.....: HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
VENDOR: HCLTECHSW
VENDOR PRODUCT(S)...: BIGFIX BARE OSD METAL SERVER WEBUI
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-37521
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37521DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-01-16T16:15Z
REFERENCE URL.......: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109754CVE DESCRIPTION.....: HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.
VENDOR PRODUCT(S)...: HCL LAUNCH
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-23348
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23348DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-07-10T18:15Z
REFERENCE URL.......: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105978CVE DESCRIPTION.....: HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed.
VENDOR: HIHONOR
VENDOR PRODUCT(S)...: VMALL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-23437
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23437DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-12-29T03:15Z
REFERENCE URL.......: https://www.hihonor.com/global/security/cve-2023-23437/CVE DESCRIPTION.....:
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak
VENDOR: HIKASHOP
VENDOR PRODUCT(S)...: HIKASHOP
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-40746
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40746DATE LAST MODIFIED..: 2024-10-29T15:34Z
ORIGINAL CVE DATE...: 2024-10-21T17:15Z
REFERENCE URL.......: https://www.hikashop.com/CVE DESCRIPTION.....: A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised in the backend.
VENDOR: HIKVISION
VENDOR PRODUCT(S)...: HIKCENTRAL MASTER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-47486
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47486DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2024-10-18T09:15Z
REFERENCE URL.......: https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-product-series/CVE DESCRIPTION.....: There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data.
VENDOR: HITACHIENERGY
VENDOR PRODUCT(S)...: UNEM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-28024
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28024DATE LAST MODIFIED..: 2024-10-29T15:15Z
ORIGINAL CVE DATE...: 2024-06-11T19:16Z
REFERENCE URL.......: https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=trueCVE DESCRIPTION.....: A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is
stored in cleartext within a resource that might be accessible to another control sphere.
VENDOR PRODUCT(S)...: UNEM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-28022
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28022DATE LAST MODIFIED..: 2024-10-29T15:15Z
ORIGINAL CVE DATE...: 2024-06-11T19:16Z
REFERENCE URL.......: https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=trueCVE DESCRIPTION.....: A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of
authentication attempts using different passwords, and eventually
gain access to other components in the same security realm using
the targeted account.
VENDOR PRODUCT(S)...: UNEM
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-28020
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28020DATE LAST MODIFIED..: 2024-10-29T15:15Z
ORIGINAL CVE DATE...: 2024-06-11T19:16Z
REFERENCE URL.......: https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=trueCVE DESCRIPTION.....: A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application
and server management. If exploited a malicious high-privileged
user could use the passwords and login information through complex routines to extend access on the server and other services.
VENDOR PRODUCT(S)...: UNEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-28021
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28021DATE LAST MODIFIED..: 2024-10-29T15:15Z
ORIGINAL CVE DATE...: 2024-06-11T14:15Z
REFERENCE URL.......: https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=trueCVE DESCRIPTION.....: A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message
queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality
and integrity.
VENDOR: HP
VENDOR PRODUCT(S)...: ONEVIEW
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-42508
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-42508DATE LAST MODIFIED..: 2024-10-29T17:38Z
ORIGINAL CVE DATE...: 2024-10-18T16:15Z
REFERENCE URL.......: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04721en_us&docLocale=en_USCVE DESCRIPTION.....: This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.
VENDOR: INFORMATIK.HU-BERLIN
VENDOR PRODUCT(S)...: FLAIR
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10073
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10073DATE LAST MODIFIED..: 2024-10-29T17:18Z
ORIGINAL CVE DATE...: 2024-10-17T17:15Z
REFERENCE URL.......: https://vuldb.com/?id.280722CVE DESCRIPTION.....: A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
VENDOR: INTEL
VENDOR PRODUCT(S)...: SOFTWARE DEVELOPMENT KIT FOR OPENCL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-36493
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36493DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:16Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00992.htmlCVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access.
VENDOR PRODUCT(S)...: COMPUTING IMPROVEMENT PROGRAM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-35769
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35769DATE LAST MODIFIED..: 2024-10-29T16:14Z
ORIGINAL CVE DATE...: 2024-02-14T14:16Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00959.htmlCVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access.
VENDOR PRODUCT(S)...: DRIVER \& SUPPORT ASSISTANT
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-35062
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35062DATE LAST MODIFIED..: 2024-10-29T16:14Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.htmlCVE DESCRIPTION.....: Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access.
VENDOR PRODUCT(S)...: BATTERY LIFE DIAGNOSTIC TOOL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-35060
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35060DATE LAST MODIFIED..: 2024-10-29T16:14Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00987.htmlCVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
VENDOR PRODUCT(S)...: PERFORMANCE COUNTER MONITOR
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-34351
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34351DATE LAST MODIFIED..: 2024-10-29T16:14Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00954.htmlCVE DESCRIPTION.....: Buffer underflow in some Intel(R) PCM software before version 202307 may allow an unauthenticated user to potentially enable denial of service via network access.
VENDOR PRODUCT(S)...: ONEAPI
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-32618
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32618DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00956.htmlCVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
VENDOR PRODUCT(S)...: ONEAPI
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-28715
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28715DATE LAST MODIFIED..: 2024-10-29T16:16Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00956.htmlCVE DESCRIPTION.....: Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access.
VENDOR PRODUCT(S)...: EXTREME TUNING UTILITY
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-28407
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28407DATE LAST MODIFIED..: 2024-10-29T15:27Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00955.htmlCVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.
VENDOR PRODUCT(S)...: ONE BOOT FLASH UPDATE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-25945
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25945DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00927.htmlCVE DESCRIPTION.....: Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
VENDOR PRODUCT(S)...: DRIVER \& SUPPORT ASSISTANT
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-25073
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25073DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.htmlCVE DESCRIPTION.....: Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access.
VENDOR PRODUCT(S)...: BINARY CONFIGURATION TOOL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2023-24591
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24591DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-02-14T14:15Z
REFERENCE URL.......: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00973.htmlCVE DESCRIPTION.....: Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
VENDOR: ITALTEL
VENDOR PRODUCT(S)...: EMBRACE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-31842
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31842DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-08-20T20:15Z
REFERENCE URL.......: https://www.gruppotim.it/it/footer/red-team.htmlCVE DESCRIPTION.....: An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.
VENDOR: JANOBE
VENDOR PRODUCT(S)...: ONLINE HOTEL RESERVATION SYSTEM
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10413
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10413DATE LAST MODIFIED..: 2024-10-29T20:33Z
ORIGINAL CVE DATE...: 2024-10-27T10:15Z
REFERENCE URL.......: https://vuldb.com/?id.281954CVE DESCRIPTION.....: A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: ONLINE HOTEL RESERVATION SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10411
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10411DATE LAST MODIFIED..: 2024-10-29T20:28Z
ORIGINAL CVE DATE...: 2024-10-27T05:15Z
REFERENCE URL.......: https://vuldb.com/?id.281940CVE DESCRIPTION.....: A vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: ONLINE HOTEL RESERVATION SYSTEM
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10410
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10410DATE LAST MODIFIED..: 2024-10-29T20:41Z
ORIGINAL CVE DATE...: 2024-10-27T04:15Z
REFERENCE URL.......: https://vuldb.com/?id.281953CVE DESCRIPTION.....: A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
VENDOR: JESWEB
VENDOR PRODUCT(S)...: ANCHOR EPISODES INDEX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10189
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10189DATE LAST MODIFIED..: 2024-10-29T15:27Z
ORIGINAL CVE DATE...: 2024-10-22T10:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/8c8e37f8-708e-41d5-a6b8-3ba587437532?source=cveCVE DESCRIPTION.....: The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VENDOR: JETBRAINS
VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50582
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50582DATE LAST MODIFIED..: 2024-10-29T17:16Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements
VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50581
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50581DATE LAST MODIFIED..: 2024-10-29T17:17Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag
VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50580
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50580DATE LAST MODIFIED..: 2024-10-29T17:17Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule
VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50579
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50579DATE LAST MODIFIED..: 2024-10-29T17:17Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible
VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50578
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50578DATE LAST MODIFIED..: 2024-10-29T17:17Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page
VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50577
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50577DATE LAST MODIFIED..: 2024-10-29T17:18Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50576
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50576DATE LAST MODIFIED..: 2024-10-29T17:18Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50575
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50575DATE LAST MODIFIED..: 2024-10-29T17:18Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API
VENDOR PRODUCT(S)...: YOUTRACK
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50574
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50574DATE LAST MODIFIED..: 2024-10-29T17:16Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality
VENDOR PRODUCT(S)...: HUB
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50573
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50573DATE LAST MODIFIED..: 2024-10-29T17:12Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://www.jetbrains.com/privacy-security/issues-fixed/CVE DESCRIPTION.....: In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
VENDOR PRODUCT(S)...: KOTLIN
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-24329
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24329DATE LAST MODIFIED..: 2024-10-29T15:36Z
ORIGINAL CVE DATE...: 2022-02-25T15:15Z
REFERENCE URL.......: https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/CVE DESCRIPTION.....: In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
VENDOR: KIBOKOLABS
VENDOR PRODUCT(S)...: NAMASTE\! LMS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50408
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50408DATE LAST MODIFIED..: 2024-10-29T16:01Z
ORIGINAL CVE DATE...: 2024-10-28T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/namaste-lms/wordpress-namaste-lms-plugin-2-6-3-php-object-injection-vulnerability?_s_id=cveCVE DESCRIPTION.....: Deserialization of Untrusted Data vulnerability in Kiboko Labs Namaste! LMS allows Object Injection.This issue affects Namaste! LMS: from n/a through 2.6.3.
VENDOR: LIGHTPRESS
VENDOR PRODUCT(S)...: LIGHTBOX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-5425
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-5425DATE LAST MODIFIED..: 2024-10-29T19:49Z
ORIGINAL CVE DATE...: 2024-06-07T04:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/b3439710-1159-4677-93c9-14bacfbf0b55?source=cveCVE DESCRIPTION.....: The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VENDOR: LINUX
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50067
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50067DATE LAST MODIFIED..: 2024-10-29T16:30Z
ORIGINAL CVE DATE...: 2024-10-28T01:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/373b9338c9722a368925d83bc622c596896b328eCVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
uprobe: avoid out-of-bounds memory access of fetching args
Uprobe needs to fetch args into a percpu buffer, and then copy to ring
buffer to avoid non-atomic context problem.
Sometimes user-space strings, arrays can be very large, but the size of
percpu buffer is only page size. And store_trace_args() won't check
whether these data exceeds a single page or not, caused out-of-bounds
memory access.
It could be reproduced by following steps:
1. build kernel with CONFIG_KASAN enabled
2. save follow program as test.c
```
\#include stdio.h
\#include stdlib.h
\#include string.h
// If string length large than MAX_STRING_SIZE, the fetch_store_strlen()
// will return 0, cause __get_data_size() return shorter size, and
// store_trace_args() will not trigger out-of-bounds access.
// So make string length less than 4096.
\#define STRLEN 4093
void generate_string(char *str, int n)
{
int i;
for (i = 0; i n; ++i)
{
char c = i % 26 + 'a';
str[i] = c;
}
str[n-1] = '\0';
}
void print_string(char *str)
{
printf("%s\n", str);
}
int main()
{
char tmp[STRLEN];
generate_string(tmp, STRLEN);
print_string(tmp);
return 0;
}
```
3. compile program
`gcc -o test test.c`
4. get the offset of `print_string()`
```
objdump -t test | grep -w print_string
0000000000401199 g F .text 000000000000001b print_string
```
5. configure uprobe with offset 0x1199
```
off=0x1199
cd /sys/kernel/debug/tracing/
echo "p /root/test:${off} arg1=+0(%di):ustring arg2=\$comm arg3=+0(%di):ustring"
uprobe_events
echo 1 events/uprobes/enable
echo 1 tracing_on
```
6. run `test`, and kasan will report error.
==================================================================
BUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0
Write of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18
Hardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014
Call Trace:
TASK
dump_stack_lvl+0x55/0x70
print_address_description.constprop.0+0x27/0x310
kasan_report+0x10f/0x120
? strncpy_from_user+0x1d6/0x1f0
strncpy_from_user+0x1d6/0x1f0
? rmqueue.constprop.0+0x70d/0x2ad0
process_fetch_insn+0xb26/0x1470
? __pfx_process_fetch_insn+0x10/0x10
? _raw_spin_lock+0x85/0xe0
? __pfx__raw_spin_lock+0x10/0x10
? __pte_offset_map+0x1f/0x2d0
? unwind_next_frame+0xc5f/0x1f80
? arch_stack_walk+0x68/0xf0
? is_bpf_text_address+0x23/0x30
? kernel_text_address.part.0+0xbb/0xd0
? __kernel_text_address+0x66/0xb0
? unwind_get_return_address+0x5e/0xa0
? __pfx_stack_trace_consume_entry+0x10/0x10
? arch_stack_walk+0xa2/0xf0
? _raw_spin_lock_irqsave+0x8b/0xf0
? __pfx__raw_spin_lock_irqsave+0x10/0x10
? depot_alloc_stack+0x4c/0x1f0
? _raw_spin_unlock_irqrestore+0xe/0x30
? stack_depot_save_flags+0x35d/0x4f0
? kasan_save_stack+0x34/0x50
? kasan_save_stack+0x24/0x50
? mutex_lock+0x91/0xe0
? __pfx_mutex_lock+0x10/0x10
prepare_uprobe_buffer.part.0+0x2cd/0x500
uprobe_dispatcher+0x2c3/0x6a0
? __pfx_uprobe_dispatcher+0x10/0x10
? __kasan_slab_alloc+0x4d/0x90
handler_chain+0xdd/0x3e0
handle_swbp+0x26e/0x3d0
? __pfx_handle_swbp+0x10/0x10
? uprobe_pre_sstep_notifier+0x151/0x1b0
irqentry_exit_to_user_mode+0xe2/0x1b0
asm_exc_int3+0x39/0x40
RIP: 0033:0x401199
Code: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce
RSP: 002b:00007ffdf00576a8 EFLAGS: 00000206
RAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2
RDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0
RBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20
R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040
R13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000
/TASK
This commit enforces the buffer's maxlen less than a page-size to avoid
store_trace_args() out-of-memory access.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-48949
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48949DATE LAST MODIFIED..: 2024-10-29T16:32Z
ORIGINAL CVE DATE...: 2024-10-21T20:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/a6629659af3f5c6a91e3914ea62554c975ab77f4CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
igb: Initialize mailbox message for VF reset
When a MAC address is not assigned to the VF, that portion of the message
sent to the VF is not set. The memory, however, is allocated from the
stack meaning that information may be leaked to the VM. Initialize the
message buffer to 0 so that no information is passed to the VM in this
case.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2022-48948
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48948DATE LAST MODIFIED..: 2024-10-29T16:34Z
ORIGINAL CVE DATE...: 2024-10-21T20:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Prevent buffer overflow in setup handler
Setup function uvc_function_setup permits control transfer
requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),
data stage handler for OUT transfer uses memcpy to copy req-actual
bytes to uvc_event-data.data array of size 60. This may result
in an overflow of 4 bytes.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49999
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49999DATE LAST MODIFIED..: 2024-10-29T18:03Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/3d51ab44123f35dd1d646d99a15ebef10f55e263CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
afs: Fix the setting of the server responding flag
In afs_wait_for_operation(), we set transcribe the call responded flag to
the server record that we used after doing the fileserver iteration loop -
but it's possible to exit the loop having had a response from the server
that we've discarded (e.g. it returned an abort or we started receiving
data, but the call didn't complete).
This means that op-server might be NULL, but we don't check that before
attempting to set the server flag.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-49997
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49997DATE LAST MODIFIED..: 2024-10-29T16:20Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/185df159843d30fb71f821e7ea4368c2a3bfcd36CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: lantiq_etop: fix memory disclosure
When applying padding, the buffer is not zeroed, which results in memory
disclosure. The mentioned data is observed on the wire. This patch uses
skb_put_padto() to pad Ethernet frames properly. The mentioned function
zeroes the expanded buffer.
In case the packet cannot be padded it is silently dropped. Statistics
are also not incremented. This driver does not support statistics in the
old 32-bit format or the new 64-bit format. These will be added in the
future. In its current form, the patch should be easily backported to
stable versions.
Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets
in hardware, so software padding must be applied.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-49984
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49984DATE LAST MODIFIED..: 2024-10-29T16:22Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/73ad583bd4938bf37d2709fc36901eb6f22f2722CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Prevent out of bounds access in performance query extensions
Check that the number of perfmons userspace is passing in the copy and
reset extensions is not greater than the internal kernel storage where
the ids will be copied into.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-49983
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49983DATE LAST MODIFIED..: 2024-10-29T16:23Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/8c26d9e53e5fbacda0732a577e97c5a5b7882aafCVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
When calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),
the 'ppath' is updated but it is the 'path' that is freed, thus potentially
triggering a double-free in the following process:
ext4_ext_replay_update_ex
ppath = path
ext4_force_split_extent_at(&ppath)
ext4_split_extent_at
ext4_ext_insert_extent
ext4_ext_create_new_leaf
ext4_ext_grow_indepth
ext4_find_extent
if (depth path[0].p_maxdepth)
kfree(path) --- path First freed
*orig_path = path = NULL --- null ppath
kfree(path) --- path double-free !!!
So drop the unnecessary ppath and use path directly to avoid this problem.
And use ext4_find_extent() directly to update path, avoiding unnecessary
memory allocation and freeing. Also, propagate the error returned by
ext4_find_extent() instead of using strange error codes.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49979
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49979DATE LAST MODIFIED..: 2024-10-29T18:02Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/3fdd8c83e83fa5e82f1b5585245c51e0355c9f46CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
net: gso: fix tcp fraglist segmentation after pull from frag_list
Detect tcp gso fraglist skbs with corrupted geometry (see below) and
pass these to skb_segment instead of skb_segment_list, as the first
can segment them correctly.
Valid SKB_GSO_FRAGLIST skbs
- consist of two or more segments
- the head_skb holds the protocol headers plus first gso_size
- one or more frag_list skbs hold exactly one segment
- all but the last must be gso_size
Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can
modify these skbs, breaking these invariants.
In extreme cases they pull all data into skb linear. For TCP, this
causes a NULL ptr deref in __tcpv4_gso_segment_list_csum at
tcp_hdr(seg-next).
Detect invalid geometry due to pull, by checking head_skb size.
Don't just drop, as this may blackhole a destination. Convert to be
able to pass to regular skb_segment.
Approach and description based on a patch by Willem de Bruijn.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49978
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49978DATE LAST MODIFIED..: 2024-10-29T18:01Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffcCVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
gso: fix udp gso fraglist segmentation after pull from frag_list
Detect gso fraglist skbs with corrupted geometry (see below) and
pass these to skb_segment instead of skb_segment_list, as the first
can segment them correctly.
Valid SKB_GSO_FRAGLIST skbs
- consist of two or more segments
- the head_skb holds the protocol headers plus first gso_size
- one or more frag_list skbs hold exactly one segment
- all but the last must be gso_size
Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can
modify these skbs, breaking these invariants.
In extreme cases they pull all data into skb linear. For UDP, this
causes a NULL ptr deref in __udpv4_gso_segment_list_csum at
udp_hdr(seg-next)-dest.
Detect invalid geometry due to pull, by checking head_skb size.
Don't just drop, as this may blackhole a destination. Convert to be
able to pass to regular skb_segment.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49970
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49970DATE LAST MODIFIED..: 2024-10-29T15:57Z
ORIGINAL CVE DATE...: 2024-10-21T18:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/b219b46ad42df1dea9258788bcfea37181f3ccb2CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Implement bounds check for stream encoder creation in DCN401
'stream_enc_regs' array is an array of dcn10_stream_enc_registers
structures. The array is initialized with four elements, corresponding
to the four calls to stream_enc_regs() in the array initializer. This
means that valid indices for this array are 0, 1, 2, and 3.
The error message 'stream_enc_regs' 4 = 5 below, is indicating that
there is an attempt to access this array with an index of 5, which is
out of bounds. This could lead to undefined behavior
Here, eng_id is used as an index to access the stream_enc_regs array. If
eng_id is 5, this would result in an out-of-bounds access on the
stream_enc_regs array.
Thus fixing Buffer overflow error in dcn401_stream_encoder_create
Found by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn401/dcn401_resource.c:1209 dcn401_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 = 5
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-43843
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43843DATE LAST MODIFIED..: 2024-10-29T16:29Z
ORIGINAL CVE DATE...: 2024-08-17T10:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/3e6a1b1b179abb643ec3560c02bc3082bc92285fCVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
riscv, bpf: Fix out-of-bounds issue when preparing trampoline image
We get the size of the trampoline image during the dry run phase and
allocate memory based on that size. The allocated image will then be
populated with instructions during the real patch phase. But after
commit 26ef208c209a ("bpf: Use arch_bpf_trampoline_size"), the `im`
argument is inconsistent in the dry run and real patch phase. This may
cause emit_imm in RV64 to generate a different number of instructions
when generating the 'im' address, potentially causing out-of-bounds
issues. Let's emit the maximum number of instructions for the "im"
address during dry run to fix this problem.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: LOW
CVE ID..............: CVE-2024-43841
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43841DATE LAST MODIFIED..: 2024-10-29T16:27Z
ORIGINAL CVE DATE...: 2024-08-17T10:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3CVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
wifi: virt_wifi: avoid reporting connection success with wrong SSID
When user issues a connection with a different SSID than the one
virt_wifi has advertised, the __cfg80211_connect_result() will
trigger the warning: WARN_ON(bss_not_found).
The issue is because the connection code in virt_wifi does not
check the SSID from user space (it only checks the BSSID), and
virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS
even if the SSID is different from the one virt_wifi has advertised.
Eventually cfg80211 won't be able to find the cfg80211_bss and generate
the warning.
Fixed it by checking the SSID (from user space) in the connection code.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-43840
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43840DATE LAST MODIFIED..: 2024-10-29T16:25Z
ORIGINAL CVE DATE...: 2024-08-17T10:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/6d218fcc707d6b2c3616b6cd24b948fd4825cfecCVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
When BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls
__bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them
the struct bpf_tramp_image *im pointer as an argument in R0.
The trampoline generation code uses emit_addr_mov_i64() to emit
instructions for moving the bpf_tramp_image address into R0, but
emit_addr_mov_i64() assumes the address to be in the vmalloc() space
and uses only 48 bits. Because bpf_tramp_image is allocated using
kzalloc(), its address can use more than 48-bits, in this case the
trampoline will pass an invalid address to __bpf_tramp_enter/exit()
causing a kernel crash.
Fix this by using emit_a64_mov_i64() in place of emit_addr_mov_i64()
as it can work with addresses that are greater than 48-bits.
VENDOR PRODUCT(S)...: LINUX KERNEL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-43838
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43838DATE LAST MODIFIED..: 2024-10-29T16:24Z
ORIGINAL CVE DATE...: 2024-08-17T10:15Z
REFERENCE URL.......: https://git.kernel.org/stable/c/345652866a8869825a2a582ee5a28d75141f184aCVE DESCRIPTION.....: In the Linux kernel, the following vulnerability has been resolved:
bpf: fix overflow check in adjust_jmp_off()
adjust_jmp_off() incorrectly used the insn-imm field for all overflow check,
which is incorrect as that should only be done or the BPF_JMP32 | BPF_JA case,
not the general jump instruction case. Fix it by using insn-off for overflow
check in the general case.
VENDOR: LITESTREAM
VENDOR PRODUCT(S)...: LITESTREAM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-41254
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-41254DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-07-31T21:15Z
REFERENCE URL.......: https://gist.github.com/nyxfqq/d857f268a53aa62402655c8dcd95c68fCVE DESCRIPTION.....: An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.
VENDOR: LOGICHUNT
VENDOR PRODUCT(S)...: LOGO SLIDER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-3288
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-3288DATE LAST MODIFIED..: 2024-10-29T17:52Z
ORIGINAL CVE DATE...: 2024-06-07T06:15Z
REFERENCE URL.......: https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/CVE DESCRIPTION.....: The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
VENDOR: MAUVEDEV
VENDOR PRODUCT(S)...: MEDIALIST
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46640
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46640DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-08T16:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/media-list/wordpress-medialist-plugin-1-3-9-cross-site-scripting-xss-vulnerability?_s_id=cveCVE DESCRIPTION.....: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin = 1.3.9 versions.
VENDOR: MAYURIK
VENDOR PRODUCT(S)...: PETROL PUMP MANAGEMENT
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10407
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10407DATE LAST MODIFIED..: 2024-10-29T20:47Z
ORIGINAL CVE DATE...: 2024-10-27T00:15Z
REFERENCE URL.......: https://vuldb.com/?id.281937CVE DESCRIPTION.....: A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: PETROL PUMP MANAGEMENT
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-10406
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10406DATE LAST MODIFIED..: 2024-10-29T20:48Z
ORIGINAL CVE DATE...: 2024-10-26T22:15Z
REFERENCE URL.......: https://vuldb.com/?id.281936CVE DESCRIPTION.....: A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_fuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: BEST HOUSE RENTAL MANAGEMENT SYSTEM
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10349
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10349DATE LAST MODIFIED..: 2024-10-30T13:14Z
ORIGINAL CVE DATE...: 2024-10-24T22:15Z
REFERENCE URL.......: https://vuldb.com/?id.281696CVE DESCRIPTION.....: A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: BEST HOUSE RENTAL MANAGEMENT SYSTEM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10348
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10348DATE LAST MODIFIED..: 2024-10-30T13:03Z
ORIGINAL CVE DATE...: 2024-10-24T22:15Z
REFERENCE URL.......: https://vuldb.com/?id.281697CVE DESCRIPTION.....: A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.
VENDOR: MECODIA
VENDOR PRODUCT(S)...: FERIPRO
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-41519
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-41519DATE LAST MODIFIED..: 2024-10-29T21:35Z
ORIGINAL CVE DATE...: 2024-08-02T17:16Z
REFERENCE URL.......: https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/CVE DESCRIPTION.....: Feripro = v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/program_id/zuordnung/veranstaltungen/event_id" through the "school" input field.
VENDOR: METAGAUSS
VENDOR PRODUCT(S)...: PROFILEGRID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49273
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49273DATE LAST MODIFIED..: 2024-10-29T15:48Z
ORIGINAL CVE DATE...: 2024-10-21T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-9-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cveCVE DESCRIPTION.....: Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3.
VENDOR: MICROFOCUS
VENDOR PRODUCT(S)...: DIMENSIONS CM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-32261
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32261DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-07-19T16:15Z
REFERENCE URL.......: https://www.jenkins.io/security/advisory/2023-06-14/CVE DESCRIPTION.....:
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
VENDOR: MOZILLA
VENDOR PRODUCT(S)...: FIREFOX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-7518
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7518DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2024-08-06T13:15Z
REFERENCE URL.......: https://bugzilla.mozilla.org/show_bug.cgi?id=1875354CVE DESCRIPTION.....: Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1.
VENDOR: NAYRATHEMES
VENDOR PRODUCT(S)...: CLEVER FOX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-1768
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1768DATE LAST MODIFIED..: 2024-10-29T19:44Z
ORIGINAL CVE DATE...: 2024-06-07T03:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/16af8724-595c-4daa-80bd-8125a32cc502?source=cveCVE DESCRIPTION.....: The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VENDOR PRODUCT(S)...: CLEVER FOX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-6876
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6876DATE LAST MODIFIED..: 2024-10-29T19:50Z
ORIGINAL CVE DATE...: 2024-06-07T02:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cveCVE DESCRIPTION.....: The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.
VENDOR: NINJATEAM
VENDOR PRODUCT(S)...: GDPR CCPA COMPLIANCE \& COOKIE CONSENT BANNER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-5607
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-5607DATE LAST MODIFIED..: 2024-10-29T20:08Z
ORIGINAL CVE DATE...: 2024-06-07T03:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/b8f870a6-26a5-4f98-9bd6-12736c561265?source=cveCVE DESCRIPTION.....: The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts.
VENDOR: NTA
VENDOR PRODUCT(S)...: E-TAX
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46802
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46802DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T02:15Z
REFERENCE URL.......: https://www.e-tax.nta.go.jp/topics/topics_20231102.htmCVE DESCRIPTION.....: e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
VENDOR: OMAKSOLUTIONS
VENDOR PRODUCT(S)...: SLICK POPUP
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46824
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46824DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/slick-popup/wordpress-slick-popup-plugin-1-7-14-cross-site-scripting-xss-vulnerability?_s_id=cveCVE DESCRIPTION.....: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin = 1.7.14 versions.
VENDOR: OPENREFINE
VENDOR PRODUCT(S)...: BUTTERFLY
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-47883
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47883DATE LAST MODIFIED..: 2024-10-29T15:38Z
ORIGINAL CVE DATE...: 2024-10-24T21:15Z
REFERENCE URL.......: https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8CVE DESCRIPTION.....: The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local file. However, prior to version 1.2.6, if a `file:/` URL is directly given where a relative path (resource name) is expected, this is also accepted in some code paths; the app then fetches the file, from a remote machine if indicated, and uses it as if it was a trusted part of the app's codebase. This leads to multiple weaknesses and potential weaknesses. An attacker that has network access to the application could use it to gain access to files, either on the the server's filesystem (path traversal) or shared by nearby machines (server-side request forgery with e.g. SMB). An attacker that can lead or redirect a user to a crafted URL belonging to the app could cause arbitrary attacker-controlled JavaScript to be loaded in the victim's browser (cross-site scripting). If an app is written in such a way that an attacker can influence the resource name used for a template, that attacker could cause the app to fetch and execute an attacker-controlled template (remote code execution). Version 1.2.6 contains a patch.
VENDOR: PHP
VENDOR PRODUCT(S)...: PHP
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-31629
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31629DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2022-09-28T23:15Z
REFERENCE URL.......: https://bugs.php.net/bug.php?id=81727CVE DESCRIPTION.....: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
VENDOR PRODUCT(S)...: PHP
CVE SEVERITY........: UNKNOWN
CVE ID..............: CVE-2014-9426
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9426DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2014-12-31T02:59Z
REFERENCE URL.......: https://bugs.php.net/bug.php?id=68665CVE DESCRIPTION.....: The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable
VENDOR: PHPGURUKUL
VENDOR PRODUCT(S)...: VEHICLE RECORD SYSTEM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10414
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10414DATE LAST MODIFIED..: 2024-10-29T20:46Z
ORIGINAL CVE DATE...: 2024-10-27T11:15Z
REFERENCE URL.......: https://vuldb.com/?id.281955CVE DESCRIPTION.....: A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The manipulation of the argument Brand Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "phone_number" to be affected. But this might be a mistake because the textbox field label is "Brand Name".
VENDOR: PICKPLUGINS
VENDOR PRODUCT(S)...: POST GRID
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-1988
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1988DATE LAST MODIFIED..: 2024-10-29T19:54Z
ORIGINAL CVE DATE...: 2024-06-07T04:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9?source=cveCVE DESCRIPTION.....: The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VENDOR: PIXELGRADE
VENDOR PRODUCT(S)...: COMMENTS RATING
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-23702
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23702DATE LAST MODIFIED..: 2024-10-29T20:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/comments-ratings/wordpress-comments-ratings-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cveCVE DESCRIPTION.....: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions.
VENDOR: PLUGINUS
VENDOR PRODUCT(S)...: WORDPRESS META DATA AND TAXONOMIES FILTER
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-50450
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50450DATE LAST MODIFIED..: 2024-10-29T16:05Z
ORIGINAL CVE DATE...: 2024-10-28T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-bypass-vulnerability-vulnerability?_s_id=cveCVE DESCRIPTION.....: Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
VENDOR: POCO-Z
VENDOR PRODUCT(S)...: GUNS-MEDIAL
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10412
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10412DATE LAST MODIFIED..: 2024-10-29T20:40Z
ORIGINAL CVE DATE...: 2024-10-27T08:15Z
REFERENCE URL.......: https://vuldb.com/?id.281941CVE DESCRIPTION.....: A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched remotely.
VENDOR: PYMUMU
VENDOR PRODUCT(S)...: SMARTDNS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-24199
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24199DATE LAST MODIFIED..: 2024-10-29T19:26Z
ORIGINAL CVE DATE...: 2024-06-06T22:15Z
REFERENCE URL.......: https://github.com/pymumu/smartdns/issues/1628CVE DESCRIPTION.....: smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c.
VENDOR PRODUCT(S)...: SMARTDNS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-24198
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24198DATE LAST MODIFIED..: 2024-10-29T18:45Z
ORIGINAL CVE DATE...: 2024-06-06T22:15Z
REFERENCE URL.......: https://github.com/pymumu/smartdns/issues/1629CVE DESCRIPTION.....: smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.
VENDOR: PYTHON
VENDOR PRODUCT(S)...: SETUPTOOLS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-40897
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40897DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2022-12-23T00:15Z
REFERENCE URL.......: https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200CVE DESCRIPTION.....: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
VENDOR: QODEINTERACTIVE
VENDOR PRODUCT(S)...: QI ADDONS FOR ELEMENTOR
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-4887
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-4887DATE LAST MODIFIED..: 2024-10-29T19:52Z
ORIGINAL CVE DATE...: 2024-06-07T04:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/284daad9-d31e-4d29-ac15-ba293ba9640d?source=cveCVE DESCRIPTION.....: The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, resulting in code execution. Please note that this requires an attacker to create a non-existent directory or target an instance where file_exists won't return false with a non-existent directory in the path, in order to successfully exploit.
VENDOR: REALTEK
VENDOR PRODUCT(S)...: RTSPER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2022-25477
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25477DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 2024-07-02T19:15Z
REFERENCE URL.......: http://realtek.comCVE DESCRIPTION.....: Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.
VENDOR: REXTHEME
VENDOR PRODUCT(S)...: WP VR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49293
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49293DATE LAST MODIFIED..: 2024-10-29T15:07Z
ORIGINAL CVE DATE...: 2024-10-21T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/wpvr/wordpress-wp-vr-plugin-8-5-4-broken-access-control-vulnerability?_s_id=cveCVE DESCRIPTION.....: Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4.
VENDOR: ROBERTDAVIDGRAHAM
VENDOR PRODUCT(S)...: ROBDNS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-24195
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24195DATE LAST MODIFIED..: 2024-10-29T18:24Z
ORIGINAL CVE DATE...: 2024-06-06T22:15Z
REFERENCE URL.......: https://github.com/robertdavidgraham/robdns/issues/9CVE DESCRIPTION.....: robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.
VENDOR PRODUCT(S)...: ROBDNS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-24192
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24192DATE LAST MODIFIED..: 2024-10-29T18:25Z
ORIGINAL CVE DATE...: 2024-06-06T22:15Z
REFERENCE URL.......: https://github.com/robertdavidgraham/robdns/issues/8CVE DESCRIPTION.....: robdns commit d76d2e6 was discovered to contain a heap overflow via the component block-filename at /src/zonefile-insertion.c.
VENDOR: ROLLUPJS
VENDOR PRODUCT(S)...: ROLLUP
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-47068
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47068DATE LAST MODIFIED..: 2024-10-29T16:15Z
ORIGINAL CVE DATE...: 2024-09-23T16:15Z
REFERENCE URL.......: https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wmCVE DESCRIPTION.....: Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.
VENDOR: ROYAL-ELEMENTOR-ADDONS
VENDOR PRODUCT(S)...: ROYAL ELEMENTOR ADDONS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50442
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50442DATE LAST MODIFIED..: 2024-10-29T16:04Z
ORIGINAL CVE DATE...: 2024-10-28T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-980-xml-external-entity-xxe-vulnerability?_s_id=cveCVE DESCRIPTION.....: Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through 1.3.980.
VENDOR: SGI
VENDOR PRODUCT(S)...: IRIX
CVE SEVERITY........: UNKNOWN
CVE ID..............: CVE-1999-0029
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0029DATE LAST MODIFIED..: 2024-10-29T15:35Z
ORIGINAL CVE DATE...: 1997-07-16T04:00Z
REFERENCE URL.......: https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0029CVE DESCRIPTION.....: root privileges via buffer overflow in ordist command on SGI IRIX systems.
VENDOR: SIXAPART
VENDOR PRODUCT(S)...: MOVABLE TYPE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-45746
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45746DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-10-30T05:15Z
REFERENCE URL.......: https://jvn.jp/en/jp/JVN39139884/CVE DESCRIPTION.....: Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.
VENDOR: SNYK
VENDOR PRODUCT(S)...: SNYK CLI
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-48964
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-48964DATE LAST MODIFIED..: 2024-10-30T13:46Z
ORIGINAL CVE DATE...: 2024-10-23T19:15Z
REFERENCE URL.......: https://github.com/snyk/snyk-gradle-plugin/commit/2f5ee7579f00660282dd161a0b79690f4a9c865dCVE DESCRIPTION.....: The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
VENDOR: SPIDERCONTROL
VENDOR PRODUCT(S)...: SCADAWEBSERVER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-3329
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3329DATE LAST MODIFIED..: 2024-10-29T18:35Z
ORIGINAL CVE DATE...: 2023-08-02T23:15Z
REFERENCE URL.......: https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03CVE DESCRIPTION.....: SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.
VENDOR: SUNSHINEPHOTOCART
VENDOR PRODUCT(S)...: SUNSHINE PHOTO CART
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-50463
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50463DATE LAST MODIFIED..: 2024-10-29T16:25Z
ORIGINAL CVE DATE...: 2024-10-28T13:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-9-open-redirection-vulnerability?_s_id=cveCVE DESCRIPTION.....: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
VENDOR: THEMEFARMER
VENDOR PRODUCT(S)...: WOOCOMMERCE TOOLS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-1689
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1689DATE LAST MODIFIED..: 2024-10-29T19:49Z
ORIGINAL CVE DATE...: 2024-06-07T02:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/3830c901-be36-4c4b-976b-d388b6af0c67?source=cveCVE DESCRIPTION.....: The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules.
VENDOR: THEMEUM
VENDOR PRODUCT(S)...: TUTOR LMS
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-4902
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-4902DATE LAST MODIFIED..: 2024-10-29T18:07Z
ORIGINAL CVE DATE...: 2024-06-07T05:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=cveCVE DESCRIPTION.....: The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
VENDOR: TIANDIYOYO
VENDOR PRODUCT(S)...: FLAT UI BUTTON
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-10014
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10014DATE LAST MODIFIED..: 2024-10-29T16:58Z
ORIGINAL CVE DATE...: 2024-10-18T05:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/ec5474ac-62d7-4431-b789-51c831dd1c20?source=cveCVE DESCRIPTION.....: The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VENDOR: VEEAM
VENDOR PRODUCT(S)...: ONE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-41723
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41723DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-07T07:15Z
REFERENCE URL.......: https://www.veeam.com/kb4508CVE DESCRIPTION.....: A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.
VENDOR: VILLATHEME
VENDOR PRODUCT(S)...: WOOCOMMERCE EMAIL TEMPLATE CUSTOMIZER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-49288
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49288DATE LAST MODIFIED..: 2024-10-29T16:59Z
ORIGINAL CVE DATE...: 2024-10-17T20:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/email-template-customizer-for-woo/wordpress-email-template-customizer-for-woocommerce-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cveCVE DESCRIPTION.....: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5.
VENDOR: VISSER
VENDOR PRODUCT(S)...: STORE EXPORTER FOR WOOCOMMERCE
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-46822
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46822DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-11-06T10:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/woocommerce-exporter/wordpress-store-exporter-for-woocommerce-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cveCVE DESCRIPTION.....: Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin = 2.7.2 versions.
VENDOR: VMWARE
VENDOR PRODUCT(S)...: VCENTER SERVER
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-34056
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34056DATE LAST MODIFIED..: 2024-10-29T19:35Z
ORIGINAL CVE DATE...: 2023-10-25T18:17Z
REFERENCE URL.......: https://www.vmware.com/security/advisories/VMSA-2023-0023.htmlCVE DESCRIPTION.....: vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
VENDOR: WEBROOT
VENDOR PRODUCT(S)...: SECUREANYWHERE WEB SHIELD
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-7826
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7826DATE LAST MODIFIED..: 2024-10-30T13:48Z
ORIGINAL CVE DATE...: 2024-10-03T17:15Z
REFERENCE URL.......: https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=4275CVE DESCRIPTION.....: Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
VENDOR PRODUCT(S)...: SECUREANYWHERE WEB SHIELD
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-7825
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7825DATE LAST MODIFIED..: 2024-10-30T13:49Z
ORIGINAL CVE DATE...: 2024-10-03T17:15Z
REFERENCE URL.......: https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=4275CVE DESCRIPTION.....: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
VENDOR PRODUCT(S)...: SECUREANYWHERE WEB SHIELD
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-7824
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-7824DATE LAST MODIFIED..: 2024-10-30T13:50Z
ORIGINAL CVE DATE...: 2024-10-03T17:15Z
REFERENCE URL.......: https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=4275CVE DESCRIPTION.....: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
VENDOR: WPCHILL
VENDOR PRODUCT(S)...: STRONG TESTIMONIALS
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2023-6491
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6491DATE LAST MODIFIED..: 2024-10-29T17:59Z
ORIGINAL CVE DATE...: 2024-06-07T06:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/c3277d93-4f47-445b-a193-ff990b55d054?source=cveCVE DESCRIPTION.....: The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
VENDOR: WPCLEVER
VENDOR PRODUCT(S)...: WPC SHOP AS A CUSTOMER FOR WOOCOMMERCE
CVE SEVERITY........: HIGH
CVE ID..............: CVE-2024-50416
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50416DATE LAST MODIFIED..: 2024-10-29T16:02Z
ORIGINAL CVE DATE...: 2024-10-28T12:15Z
REFERENCE URL.......: https://patchstack.com/database/vulnerability/wpc-shop-as-customer/wordpress-wpc-shop-as-a-customer-for-woocommerce-plugin-1-2-6-php-object-injection-vulnerability?_s_id=cveCVE DESCRIPTION.....: Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through 1.2.6.
VENDOR: WPDEVELOPER
VENDOR PRODUCT(S)...: ESSENTIAL ADDONS FOR ELEMENTOR
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-5612
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-5612DATE LAST MODIFIED..: 2024-10-29T18:05Z
ORIGINAL CVE DATE...: 2024-06-07T05:15Z
REFERENCE URL.......: https://www.wordfence.com/threat-intel/vulnerabilities/id/8dbe4104-b7d1-484f-a843-a3d1fc02999d?source=cveCVE DESCRIPTION.....: The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VENDOR: X2ENGINE
VENDOR PRODUCT(S)...: X2CRM
CVE SEVERITY........: MEDIUM
CVE ID..............: CVE-2024-48120
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-48120DATE LAST MODIFIED..: 2024-10-29T20:57Z
ORIGINAL CVE DATE...: 2024-10-14T14:15Z
REFERENCE URL.......: https://okankurtulus.com.tr/2024/09/12/x2crm-v8-5-stored-cross-site-scripting-xss-authenticated/CVE DESCRIPTION.....: X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.
VENDOR: ZZCMS
VENDOR PRODUCT(S)...: ZZCMS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10293
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10293DATE LAST MODIFIED..: 2024-10-30T13:37Z
ORIGINAL CVE DATE...: 2024-10-23T16:15Z
REFERENCE URL.......: https://vuldb.com/?id.281562CVE DESCRIPTION.....: A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: ZZCMS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10292
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10292DATE LAST MODIFIED..: 2024-10-30T13:40Z
ORIGINAL CVE DATE...: 2024-10-23T16:15Z
REFERENCE URL.......: https://vuldb.com/?id.281561CVE DESCRIPTION.....: A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
VENDOR PRODUCT(S)...: ZZCMS
CVE SEVERITY........: CRITICAL
CVE ID..............: CVE-2024-10291
NIST REFERENCE URL..: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-10291DATE LAST MODIFIED..: 2024-10-30T13:23Z
ORIGINAL CVE DATE...: 2024-10-23T16:15Z
REFERENCE URL.......: https://vuldb.com/?id.281560CVE DESCRIPTION.....: A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
[TLP:GREEN]