Vulnerability Summary for the Week of February 12, 2024

Vulnerability Summary for the Week of February 12, 2024 | CISA

by nlqip
February 20, 2024

CVE-2023-29153
Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access. 2024-02-14 4.9 CVE-2023-29153
secure@intel.com adobe — acrobat_reader
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20733
psirt@adobe.com adobe — acrobat_reader
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20734
psirt@adobe.com adobe — acrobat_reader
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20735
psirt@adobe.com
psirt@adobe.com adobe — acrobat_reader
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20736
psirt@adobe.com adobe — acrobat_reader
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20747
psirt@adobe.com
psirt@adobe.com adobe — acrobat_reader
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20748
psirt@adobe.com
psirt@adobe.com adobe — acrobat_reader
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20749
psirt@adobe.com
psirt@adobe.com adobe — commerce Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website. 2024-02-15 6.5 CVE-2024-20718
psirt@adobe.com adobe — commerce Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-02-15 5.4 CVE-2024-20717
psirt@adobe.com adobe — commerce Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction. 2024-02-15 4.9 CVE-2024-20716
psirt@adobe.com adobe — substance_3d_painter Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20722
psirt@adobe.com adobe — substance_3d_painter Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20724
psirt@adobe.com adobe — substance_3d_painter Substance3D – Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-02-15 5.5 CVE-2024-20725
psirt@adobe.com algosec — algosec_fireflow
Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application’s code. Fixed in version A32.20 (b600 and above), A32.50 (b430 and above), A32.60 (b250 and above) 2024-02-15 5.1 CVE-2023-46596
security.vulnerabilities@algosec.com apache_software_foundation — apache_superset
This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. 2024-02-14 6.5 CVE-2024-23952
security@apache.org
security@apache.org
security@apache.org ari_soft — contact_form_7_connector
Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector. This issue affects Contact Form 7 Connector: from n/a through 1.2.2. 2024-02-12 4.3 CVE-2024-24884
audit@patchstack.com automattic — crowdsignal_dashboard Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS. This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. 2024-02-10 6.1 CVE-2023-51488
audit@patchstack.com automattic — sensei_lms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Automatic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS. This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. 2024-02-12 5.4 CVE-2023-50875
audit@patchstack.com axiosys — bento4 Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function. 2024-02-09 6.5 CVE-2024-25451
cve@mitre.org axiosys — bento4 Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. 2024-02-09 5.5 CVE-2024-25452
cve@mitre.org axiosys — bento4 Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. 2024-02-09 5.5 CVE-2024-25453
cve@mitre.org
cve@mitre.org axiosys — bento4 Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. 2024-02-09 5.5 CVE-2024-25454
cve@mitre.org ays-pro — chartify Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6. 2024-02-12 4.8 CVE-2023-47526
audit@patchstack.com badge — hacker_hotel_badge
Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial-of-service attack. Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding. This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3. 2024-02-11 5.7 CVE-2024-21875
csirt@divd.nl
csirt@divd.nl barangay_management_system_project — barangay_management_system Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter. 2024-02-14 5.4 CVE-2024-25207
cve@mitre.org barangay_management_system_project — barangay_management_system Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter. 2024-02-14 5.4 CVE-2024-25208
cve@mitre.org beds24 — online_booking Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.23. 2024-02-10 4.8 CVE-2024-24717
audit@patchstack.com beyondtrust — privilege_management_for_windows
An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When a low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges. 2024-02-16 6.3 CVE-2024-25083
cve@mitre.org calculatorsworld — cc_bmi_calculator Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1. 2024-02-10 5.4 CVE-2024-23516
audit@patchstack.com canonical_ltd — lxd
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu’s EDK2. This allows an OS-resident attacker to bypass Secure Boot. 2024-02-14 6.7 CVE-2023-48733
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com canonical_ltd — lxd
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. 2024-02-14 6.7 CVE-2023-49721
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com clicktotweet — click_to_tweet Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14. 2024-02-10 5.4 CVE-2024-23514
audit@patchstack.com comarch — erp_xl
The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. This issue affects ERP XL: from 2020.2.2 through 2023.2. 2024-02-15 6.2 CVE-2023-4538
cvd@cert.pl
cvd@cert.pl concretecms — concrete_cms Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. 2024-02-09 4.8 CVE-2024-1245
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de concretecms — concrete_cms Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9. 2024-02-09 4.8 CVE-2024-1246
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de concretecms — concrete_cms Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. 2024-02-09 4.8 CVE-2024-1247
ff5b8ace-8b95-4078-9743-eac1ca5451de
ff5b8ace-8b95-4078-9743-eac1ca5451de content_cards_project — content_cards Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7. 2024-02-12 5.4 CVE-2024-24928
audit@patchstack.com dell — bsafe_ssl-j Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. 2024-02-10 4.4 CVE-2023-28077
security_alert@emc.com dell — mobility_e-lab_navigator
Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Object Reference Vulnerability in Feedback submission. An attacker could potentially exploit this vulnerability, to manipulate the email’s appearance, potentially deceiving recipients and causing reputational and security risks. 2024-02-14 4.4 CVE-2024-22455
security_alert@emc.com dell — recoverpoint_for_vms
Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner. 2024-02-16 6.5 CVE-2024-22425
security_alert@emc.com dell — secure_connect_gateway-application
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. 2024-02-14 5.4 CVE-2023-44293
security_alert@emc.com dell — secure_connect_gateway-application
In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. 2024-02-14 5.4 CVE-2023-44294
security_alert@emc.com dell — supportassist_client_consumer
Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes. 2024-02-14 6.3 CVE-2023-39249
security_alert@emc.com dell — unity_operating_environment Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information. 2024-02-12 6.5 CVE-2024-22221
security_alert@emc.com dell — unity_operating_environment Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges. 2024-02-12 6.5 CVE-2024-22226
security_alert@emc.com dell — unity_operating_environment Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product’s feature to compromise their systems. 2024-02-12 5.4 CVE-2024-0169
security_alert@emc.com dell — unity_operating_environment Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim’s browser. 2024-02-12 5.4 CVE-2024-22230
security_alert@emc.com derhansen — sf_event_mgt
sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-13 4.3 CVE-2024-24751
security-advisories@github.com
security-advisories@github.com ebm_technologies — risweb
EBM Technologies RISWEB’s specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. 2024-02-15 5.3 CVE-2024-26263
twcert@cert.org.tw ecshop — ecshop
A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view_sendlist.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250562 is the identifier assigned to this vulnerability. 2024-02-15 6.3 CVE-2024-1530
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com envoyproxy — envoy Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-09 5.3 CVE-2024-23323
security-advisories@github.com
security-advisories@github.com exiv2 — exiv2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-12 5.5 CVE-2024-24826
security-advisories@github.com
security-advisories@github.com exiv2 — exiv2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-12 5.5 CVE-2024-25112
security-advisories@github.com
security-advisories@github.com f5 — big-ip
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2024-02-14 6.7 CVE-2024-21782
f5sirt@f5.com f5 — big-ip
When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2024-02-14 6 CVE-2024-23976
f5sirt@f5.com f5 — big-ip_next_spk
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2024-02-14 4.4 CVE-2024-23306
f5sirt@f5.com f5 — f5os_-_appliance
When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-02-14 6.2 CVE-2024-24966
f5sirt@f5.com f5 — f5os_-_appliance
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2024-02-14 5.5 CVE-2024-23607
f5sirt@f5.com filseclab — twister_antivirus
Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver. 2024-02-13 5.8 CVE-2024-1140
help@fluidattacks.com
help@fluidattacks.com filseclab — twister_antivirus
Twister Antivirus v8.17 is vulnerable to a Denial-of-Service vulnerability by triggering the 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver. 2024-02-13 5.5 CVE-2024-1216
help@fluidattacks.com
help@fluidattacks.com fortinet — fortimanager
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. 2024-02-15 5 CVE-2023-44253
psirt@fortinet.com fortinet — fortinac
An improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiNAC 9.4.0 – 9.4.2, 9.2.0 – 9.2.8, 9.1.0 – 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs. 2024-02-15 6.8 CVE-2023-26206
psirt@fortinet.com fortinet — fortios
An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 – 7.0.13, 7.2.0 – 7.2.6 and 7.4.0 – 7.4.1 allows a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the FortiLink communication channel between the FortiOS device and FortiSwitch. 2024-02-15 4.8 CVE-2023-47537
psirt@fortinet.com geek_code_lab — all_404_pages_redirect_to_homepage
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS. This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9. 2024-02-12 6.1 CVE-2024-24889
audit@patchstack.com getawesomesupport — awesome_support The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. 2024-02-10 4.3 CVE-2024-0595
security@wordfence.com
security@wordfence.com
security@wordfence.com getgrav — grav A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. 2024-02-09 5.4 CVE-2023-31506
cve@mitre.org github — enterprise_server
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. 2024-02-13 6.3 CVE-2024-1082
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com github — enterprise_server
Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. 2024-02-13 6.5 CVE-2024-1084
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com gitlab — gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. 2024-02-12 6.5 CVE-2024-1250
cve@gitlab.com givewp — givewp Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS. This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2. 2024-02-10 5.4 CVE-2023-51415
audit@patchstack.com glewlwyd_sso_server_project — glewlwyd_sso_server Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. 2024-02-11 6.1 CVE-2024-25715
cve@mitre.org
cve@mitre.org grafana — grafana
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option “verify_email_enabled” will only validate email only on sign up. 2024-02-13 5.4 CVE-2023-6152
security@grafana.com
security@grafana.com grafana — grafana-csv-datasource
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare host with no path (e.g. https://www.example.com/ https://www.example.com/` ), requests to an endpoint other than the one configured by the administrator could be triggered by a specially crafted request from any user, resulting in an SSRF vector. AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator 2024-02-14 5 CVE-2023-5122
security@grafana.com greenpau — github.com/greenpau/caddy-security
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package. 2024-02-17 6.5 CVE-2024-21495
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io greenpau — github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], [“], [‘]), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target user’s browser, compromising user sessions. 2024-02-17 6.1 CVE-2024-21496
report@snyk.io
report@snyk.io
report@snyk.io greenpau — github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server. 2024-02-17 5.3 CVE-2024-21493
report@snyk.io
report@snyk.io
report@snyk.io greenpau — github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. 2024-02-17 5.4 CVE-2024-21494
report@snyk.io
report@snyk.io
report@snyk.io greenpau — github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection. 2024-02-17 5.4 CVE-2024-21497
report@snyk.io
report@snyk.io
report@snyk.io greenpau — github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability. 2024-02-17 5.3 CVE-2024-21498
report@snyk.io
report@snyk.io
report@snyk.io greenpau — github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the “Sign Out” button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active, but supposedly logged-out session can perform unauthorized actions on behalf of the user. 2024-02-17 4.8 CVE-2024-21492
report@snyk.io
report@snyk.io
report@snyk.io greenpau — github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol. Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS. 2024-02-17 4.3 CVE-2024-21499
report@snyk.io
report@snyk.io
report@snyk.io greenpau — github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process. 2024-02-17 4.8 CVE-2024-21500
report@snyk.io
report@snyk.io
report@snyk.io hcl_software — hcl_connections
HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. 2024-02-12 5.5 CVE-2023-28018
psirt@hcl.com helm — helm
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies. 2024-02-15 6.4 CVE-2024-25620
security-advisories@github.com
security-advisories@github.com hima — f30_03x_yy_(com)
An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. 2024-02-13 4.3 CVE-2024-24782
info@cert.vde.com howardehrenberg — custom_post_carousels_with_owl Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS.This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6. 2024-02-10 5.4 CVE-2023-51493
audit@patchstack.com ibm — cics_tx_standard
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440. 2024-02-12 5.9 CVE-2022-34309
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com ibm — cics_tx_standard
IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441. 2024-02-12 5.9 CVE-2022-34310
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com ibm — cics_tx_standard
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user’s session due to insufficiently protected credentials. IBM X-Force ID: 229446. 2024-02-12 4.3 CVE-2022-34311
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com ibm — datastage_on_cloud_pak_for_data
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060. 2024-02-12 4.9 CVE-2022-38714
psirt@us.ibm.com
psirt@us.ibm.com ibm — engineering_lifecycle_optimization IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. 2024-02-09 6.1 CVE-2023-45190
psirt@us.ibm.com
psirt@us.ibm.com ibm — i_access_client_solutions IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user’s session. The hostile server could capture the NTLM hash information to obtain the user’s credentials. IBM X-Force ID: 279091. 2024-02-09 5.5 CVE-2024-22318
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com ibm — integration_bus The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. 2024-02-09 6.5 CVE-2024-22332
psirt@us.ibm.com
psirt@us.ibm.com ibm — jazz_for_service_management
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929. 2024-02-14 5.3 CVE-2023-46186
psirt@us.ibm.com
psirt@us.ibm.com ibm — qradar_suite_software
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975. 2024-02-17 5.1 CVE-2024-22335
psirt@us.ibm.com
psirt@us.ibm.com ibm — qradar_suite_software
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976. 2024-02-17 5.1 CVE-2024-22336
psirt@us.ibm.com
psirt@us.ibm.com ibm — qradar_suite_software
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977. 2024-02-17 5.1 CVE-2024-22337
psirt@us.ibm.com
psirt@us.ibm.com ibm — qradar_suite_software
IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747. 2024-02-17 4 CVE-2023-50951
psirt@us.ibm.com
psirt@us.ibm.com ibm — robotic_process_automation
IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293. 2024-02-12 4.6 CVE-2022-22506
psirt@us.ibm.com
psirt@us.ibm.com ibm — sterling_b2b_integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. 2024-02-09 6.5 CVE-2023-32341
psirt@us.ibm.com
psirt@us.ibm.com ibm — sterling_b2b_integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. 2024-02-09 4.3 CVE-2023-42016
psirt@us.ibm.com
psirt@us.ibm.com ibm — storage_defender_resiliency_service IBM Storage Defender – Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. 2024-02-10 5.5 CVE-2024-22312
psirt@us.ibm.com
psirt@us.ibm.com if-so — dynamic_content_personalization Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1. 2024-02-10 5.4 CVE-2023-51492
audit@patchstack.com intel — acat_software_maintained_by_intel(r)
Incorrect default permissions in some ACAT software maintained by Intel(R) before version 2.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-41231
secure@intel.com intel — intel(r)_battery_life_diagnostic_tool_software
Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool software before version 2.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-35060
secure@intel.com intel — intel(r)_binary_configuration_tool_software
Uncontrolled search path in some Intel(R) Binary Configuration Tool software before version 3.4.4 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-24591
secure@intel.com intel — intel(r)_c++_compiler_classic
Improper buffer restrictions in some Intel(R) C++ Compiler Classic before version 2021.8 may allow authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6 CVE-2023-29162
secure@intel.com intel — intel(r)_chipset_driver_software
Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-25174
secure@intel.com intel — intel(r)_chipset_driver_software
Incorrect default permissions in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-28739
secure@intel.com intel — intel(r)_cip_software
Uncontrolled search path in some Intel(R) CIP software before version 2.4.10577 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-35769
secure@intel.com intel — intel(r)_dsa_software
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-02-14 6.3 CVE-2023-35062
secure@intel.com intel — intel(r)_dsa_software
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access. 2024-02-14 5.5 CVE-2023-25073
secure@intel.com intel — intel(r)_ethernet_tools_and_driver_install_software
Insecure inherited permissions in some Intel(R) Ethernet tools and driver install software may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-33870
secure@intel.com intel — intel(r)_ethernet_tools_and_driver_install_software
Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-39432
secure@intel.com intel — intel(r)_ispc_software
Uncontrolled search path in some Intel(R) ISPC software before version 1.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-38566
secure@intel.com intel — intel(r)_mas_software
Improper initialization in some Intel(R) MAS software before version 2.3 may allow an authenticated user to potentially enable denial of service via local access. 2024-02-14 5 CVE-2023-36490
secure@intel.com intel — intel(r)_mpi_library_software
Uncontrolled search path for some Intel(R) MPI Library Software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-41091
secure@intel.com intel — intel(r)_ofu_software
Protection mechanism failure in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-25945
secure@intel.com intel — intel(r)_oneapi_toolkit_and_component_software_installers
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-32618
secure@intel.com intel — intel(r)_oneapi_toolkit_and_component_software_installers
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access. 2024-02-14 5 CVE-2023-28715
secure@intel.com intel — intel(r)_optane(tm)_pmem_100_series_management_software
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-22311
secure@intel.com intel — intel(r)_optane(tm)_pmem_software
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.6 CVE-2023-27517
secure@intel.com intel — intel(r)_pm_software
Improper authorization in some Intel(R) PM software may allow a privileged user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-38135
secure@intel.com intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-02-14 6 CVE-2023-25951
secure@intel.com intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-02-14 6.1 CVE-2023-28374
secure@intel.com intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-02-14 6.1 CVE-2023-28720
secure@intel.com intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-02-14 4.3 CVE-2023-26586
secure@intel.com intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-02-14 4.3 CVE-2023-32642
secure@intel.com intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-02-14 4.3 CVE-2023-32644
secure@intel.com intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-02-14 4.3 CVE-2023-32651
secure@intel.com intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2024-02-14 4.3 CVE-2023-34983
secure@intel.com intel — intel(r)_proset/wireless_and_intel(r)_killer(tm)_wi
Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. 2024-02-14 4.3 CVE-2023-35061
secure@intel.com intel — intel(r)_qat_software_drivers_for_windows
Out-of-bounds read in some Intel(R) QAT software drivers for Windows before version QAT1.7-W-1.11.0 may allow an authenticated user to potentially enable denial of service via local access. 2024-02-14 6.5 CVE-2023-41252
secure@intel.com intel — intel(r)_qsfp+_configuration_utility_software
Uncontrolled search path in Intel(R) QSFP+ Configuration Utility software, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-28745
secure@intel.com intel — intel(r)_sdk_for_opencl(tm)_applications_software
Uncontrolled search path in some Intel(R) SDK for OpenCL(TM) Applications software may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-36493
secure@intel.com intel — intel(r)_server_product_openbmc_firmware
Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access. 2024-02-14 5.2 CVE-2023-31189
secure@intel.com intel — intel(r)_server_product_openbmc_firmware
Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access. 2024-02-14 5.3 CVE-2023-32280
secure@intel.com intel — intel(r)_ssu_software
Uncontrolled search path element in some Intel(R) SSU software before version 3.0.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-40156
secure@intel.com intel — intel(r)_sur_for_gameplay_software
Uncontrolled search path in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-39932
secure@intel.com intel — intel(r)_sur_for_gameplay_software
Incorrect default permissions in the Intel(R) SUR for Gameplay Software before version 2.0.1901 may allow privileged user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-40154
secure@intel.com intel — intel(r)_thunderbolt(tm)_controllers_versions
Improper access control in firmware for some Intel(R) Thunderbolt(TM) Controllers versions before 41 may allow a privileged user to enable denial of service via local access. 2024-02-14 6.1 CVE-2023-28396
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. 2024-02-14 6.5 CVE-2023-22390
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.3 CVE-2023-24481
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Unquoted search path or element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-24542
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-02-14 6.1 CVE-2023-24589
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Uncontrolled search path element in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-25779
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. 2024-02-14 5.5 CVE-2023-22848
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. 2024-02-14 5.5 CVE-2023-25769
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. 2024-02-14 5 CVE-2023-26585
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. 2024-02-14 4.3 CVE-2023-24463
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 4.2 CVE-2023-27301
secure@intel.com intel — intel(r)_thunderbolt(tm)_dch_drivers_for_windows
Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access. 2024-02-14 4.6 CVE-2023-27308
secure@intel.com intel — intel(r)_vroc_software
Improper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-31271
secure@intel.com intel — intel(r)_vroc_software
Uncontrolled search path element in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-32646
secure@intel.com intel — intel(r)_vroc_software
Incorrect default permissions in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-34315
secure@intel.com intel — intel(r)_vroc_software
Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-35003
secure@intel.com intel — intel(r)_xtu_software
Uncontrolled search path in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.7 CVE-2023-28407
secure@intel.com intel — intel(r)_xtu_software
Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.8 CVE-2023-32647
secure@intel.com intel — intel(r)_xtu_software
Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 5.5 CVE-2023-38561
secure@intel.com intel — intel_unite(r)_client_software
Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 6.6 CVE-2023-40161
secure@intel.com intel — tensorflow
Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access. 2024-02-14 5.5 CVE-2023-30767
secure@intel.com internallinkjuicer — internal_link_juicer The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as ‘ilj_settings_field_links_per_page’ in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-02-09 4.8 CVE-2024-0657
security@wordfence.com
security@wordfence.com isc — bind_9
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. 2024-02-13 5.3 CVE-2023-5680
security-officer@isc.org jboss — undertow
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. 2024-02-12 5.3 CVE-2024-1459
secalert@redhat.com
secalert@redhat.com jwcrypto — jwcrypto
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial-of-service attack. 2024-02-12 5.3 CVE-2023-6681
secalert@redhat.com
secalert@redhat.com kalli_dan — kd_coming_soon
Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon. This issue affects KD Coming Soon: from n/a through 1.7. 2024-02-12 5.4 CVE-2023-46615
audit@patchstack.com leap13 — premium_addons_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16. 2024-02-10 5.4 CVE-2024-24831
audit@patchstack.com linksys — wrt54gl_firmware A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-10 4.3 CVE-2024-1405
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com linksys — wrt54gl_firmware A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-10 4.3 CVE-2024-1406
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com linux — kernel
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. 2024-02-11 5.5 CVE-2024-1151
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com linux — linux
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope. 2024-02-14 6.8 CVE-2024-1485
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com logichunt — owl_carousel Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0. 2024-02-10 5.4 CVE-2024-24801
audit@patchstack.com mastodon — mastodon
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-14 4.2 CVE-2024-25618
security-advisories@github.com
security-advisories@github.com mattermost — mattermost_server Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. 2024-02-09 4.3 CVE-2024-1402
responsibledisclosure@mattermost.com mattermost — mattermost_server Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. 2024-02-09 4.1 CVE-2024-24774
responsibledisclosure@mattermost.com mattermost — mattermost_server Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions. 2024-02-09 4.3 CVE-2024-24776
responsibledisclosure@mattermost.com mediawiki — managewiki
ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability. 2024-02-09 6.5 CVE-2024-25109
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com microsoft — azure_file_sync
Microsoft Azure File Sync Elevation of Privilege Vulnerability 2024-02-13 5.3 CVE-2024-21397
secure@microsoft.com microsoft — azure_stack_hub
Azure Stack Hub Spoofing Vulnerability 2024-02-13 6.5 CVE-2024-20679
secure@microsoft.com microsoft — entra
Microsoft Azure Active Directory B2C Spoofing Vulnerability 2024-02-13 6.8 CVE-2024-21381
secure@microsoft.com microsoft — microsoft_teams_for_android
Microsoft Teams for Android Information Disclosure 2024-02-13 5 CVE-2024-21374
secure@microsoft.com microsoft — skype_for_business_server_2019_cu7
Skype for Business Information Disclosure Vulnerability 2024-02-13 5.7 CVE-2024-20695
secure@microsoft.com microsoft — windows_10_version_1809
Windows USB Generic Parent Driver Remote Code Execution Vulnerability 2024-02-13 6.4 CVE-2024-21339
secure@microsoft.com microsoft — windows_10_version_1809
Windows Kernel Remote Code Execution Vulnerability 2024-02-13 6.8 CVE-2024-21341
secure@microsoft.com microsoft — windows_10_version_1809
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability 2024-02-13 6.5 CVE-2024-21356
secure@microsoft.com microsoft — windows_10_version_1809
Windows Network Address Translation (NAT) Denial of Service Vulnerability 2024-02-13 5.9 CVE-2024-21343
secure@microsoft.com microsoft — windows_10_version_1809
Windows Network Address Translation (NAT) Denial of Service Vulnerability 2024-02-13 5.9 CVE-2024-21344
secure@microsoft.com microsoft — windows_10_version_1809
Windows Kernel Security Feature Bypass Vulnerability 2024-02-13 5.5 CVE-2024-21362
secure@microsoft.com microsoft — windows_10_version_1809
Trusted Compute Base Elevation of Privilege Vulnerability 2024-02-13 4.1 CVE-2024-21304
secure@microsoft.com microsoft — windows_10_version_1809
Windows Kernel Information Disclosure Vulnerability 2024-02-13 4.6 CVE-2024-21340
secure@microsoft.com microsoft — windows_server_2022
Windows Hyper-V Denial of Service Vulnerability 2024-02-13 6.5 CVE-2024-20684
secure@microsoft.com mitsubishi_electric_corporation — melsec_iq-r_series_safety_cpu_r08sfcpu
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allow a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. 2024-02-13 6.5 CVE-2023-6815
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp moodle — lms
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent. 2024-02-12 6.5 CVE-2024-1439
cve-coordination@incibe.es netapp — snapcenter
SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings 2024-02-16 5.4 CVE-2024-21987
security-alert@netapp.com netapp — storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. 2024-02-16 6.5 CVE-2024-21983
security-alert@netapp.com netapp — storagegrid
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts. 2024-02-16 5.9 CVE-2024-21984
security-alert@netapp.com netgear — r7000_firmware A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-11 6.5 CVE-2024-1430
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netgear — r7000_firmware A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-11 6.5 CVE-2024-1431
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com nicdark — restaurant_reservations
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8. 2024-02-12 6.5 CVE-2023-51403
audit@patchstack.com ninjateam — wp_chat_app
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NinjaTeam WP Chat App allows Stored XSS. This issue affects WP Chat App: from n/a through 3.4.4. 2024-02-12 5.9 CVE-2023-51370
audit@patchstack.com nodejs — undici
Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body. 2024-02-16 6.5 CVE-2024-24750
security-advisories@github.com
security-advisories@github.com open-xchange_gmbh — ox_app_suite
User ID references at mentions in document comments were not correctly sanitized. Script code could be injected to a user’s session when working with a malicious document. Please deploy the provided updates and patch releases. User-defined content like comments and mentions are now filtered to avoid potentially malicious content. No publicly available exploits are known. 2024-02-12 6.1 CVE-2023-41703
security@open-xchange.com
security@open-xchange.com open-xchange_gmbh — ox_app_suite
Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. 2024-02-12 6.5 CVE-2023-41705
security@open-xchange.com
security@open-xchange.com open-xchange_gmbh — ox_app_suite
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known. 2024-02-12 6.5 CVE-2023-41706
security@open-xchange.com
security@open-xchange.com open-xchange_gmbh — ox_app_suite
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known. 2024-02-12 6.5 CVE-2023-41707
security@open-xchange.com
security@open-xchange.com open-xchange_gmbh — ox_app_suite
References to the “app loader” functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now more strictly controlled to avoid relative references. No publicly available exploits are known. 2024-02-12 5.4 CVE-2023-41708
security@open-xchange.com
security@open-xchange.com oracle_corporation — application_object_library
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). 2024-02-17 6.5 CVE-2024-20929
secalert_us@oracle.com oracle_corporation — application_object_library
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login – SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 2024-02-17 5.3 CVE-2024-20915
secalert_us@oracle.com oracle_corporation — bi_publisher_(formerly_xml_publisher)
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 5.4 CVE-2024-20980
secalert_us@oracle.com oracle_corporation — business_intelligence_enterprise_edition
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 5.4 CVE-2024-20913
secalert_us@oracle.com oracle_corporation — common_applications
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 5.4 CVE-2024-20947
secalert_us@oracle.com oracle_corporation — crm_technical_foundation
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). 2024-02-17 4.3 CVE-2024-20939
secalert_us@oracle.com oracle_corporation — customer_interaction_history
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 6.1 CVE-2024-20949
secalert_us@oracle.com oracle_corporation — customer_interaction_history
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 6.1 CVE-2024-20951
secalert_us@oracle.com oracle_corporation — database_-_enterprise_edition
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). 2024-02-17 6.5 CVE-2024-20903
secalert_us@oracle.com oracle_corporation — installed_base
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 6.1 CVE-2024-20933
secalert_us@oracle.com oracle_corporation — installed_base
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 6.1 CVE-2024-20935
secalert_us@oracle.com oracle_corporation — installed_base
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 6.1 CVE-2024-20941
secalert_us@oracle.com oracle_corporation — installed_base
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 5.4 CVE-2024-20958
secalert_us@oracle.com oracle_corporation — java_se_jdk_and_jre
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). 2024-02-17 5.9 CVE-2024-20919
secalert_us@oracle.com oracle_corporation — java_se_jdk_and_jre
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). 2024-02-17 5.9 CVE-2024-20921
secalert_us@oracle.com oracle_corporation — java_se_jdk_and_jre
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). 2024-02-17 4.7 CVE-2024-20945
secalert_us@oracle.com oracle_corporation — jd_edwards_enterpriseone_tools
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). 2024-02-17 4.3 CVE-2024-20937
secalert_us@oracle.com oracle_corporation — knowledge_management
Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 5.4 CVE-2024-20943
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 6.5 CVE-2024-20960
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 6.5 CVE-2024-20962
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 5.3 CVE-2024-20964
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 4.9 CVE-2024-20966
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 4.4 CVE-2024-20968
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 4.9 CVE-2024-20970
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 4.9 CVE-2024-20972
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 4.9 CVE-2024-20974
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 4.9 CVE-2024-20976
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 4.9 CVE-2024-20978
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 4.9 CVE-2024-20982
secalert_us@oracle.com oracle_corporation — mysql_server
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 2024-02-17 4.4 CVE-2024-20984
secalert_us@oracle.com oracle_corporation — sun_zfs_storage_appliance_kit_(ak)_software
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). 2024-02-17 4.3 CVE-2023-21833
secalert_us@oracle.com oracle_corporation — web_applications_desktop_integrator
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 6.1 CVE-2024-20907
secalert_us@oracle.com oracle_corporation — weblogic_server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). 2024-02-17 6.1 CVE-2024-20986
secalert_us@oracle.com otwthemes — buttons_shortcode_and_widget Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16. 2024-02-12 5.4 CVE-2024-24930
audit@patchstack.com palo_alto_networks — pan-os
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator. 2024-02-14 6.8 CVE-2024-0007
psirt@paloaltonetworks.com palo_alto_networks — pan-os
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. 2024-02-14 6.6 CVE-2024-0008
psirt@paloaltonetworks.com palo_alto_networks — pan-os
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. 2024-02-14 6.3 CVE-2024-0009
psirt@paloaltonetworks.com palo_alto_networks — pan-os
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. 2024-02-14 4.3 CVE-2024-0010
psirt@paloaltonetworks.com palo_alto_networks — pan-os
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. 2024-02-14 4.3 CVE-2024-0011
psirt@paloaltonetworks.com photoboxone — smtp_mail
Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail. This issue affects SMTP Mail: from n/a through 1.3.20. 2024-02-13 4.3 CVE-2024-25914
audit@patchstack.com pluginus — woot Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6. 2024-02-10 5.4 CVE-2023-51480
audit@patchstack.com pquic — pquic In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation. 2024-02-09 6.5 CVE-2024-25679
cve@mitre.org
cve@mitre.org
cve@mitre.org prasidhdamalla — honeypot_for_wp_comment Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS. This issue affects Honeypot for WP Comment: from n/a through 2.2.3. 2024-02-12 6.1 CVE-2024-24933
audit@patchstack.com python — python nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template. 2024-02-09 6.5 CVE-2024-21624
security-advisories@github.com
security-advisories@github.com qnap_systems_inc — qts
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later 2024-02-13 5.8 CVE-2023-47218
security@qnapsecurity.com.tw
security@qnapsecurity.com.tw qnap_systems_inc — qts
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.2665 build 20240131 and later QTS 4.3.4.2675 build 20240131 and later QTS 4.3.3.2644 build 20240131 and later QTS 4.2.6 build 20240131 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later 2024-02-13 5.8 CVE-2023-50358
security@qnapsecurity.com.tw
security@qnapsecurity.com.tw
security@qnapsecurity.com.tw red_hat — 389-ds-base
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. 2024-02-12 5.5 CVE-2024-1062
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com red_hat — openshift
A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF. 2024-02-16 5.4 CVE-2024-1342
secalert@redhat.com
secalert@redhat.com ryan_duff_peter_westwood — wp_contact_form
Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form. This issue affects WP Contact Form: from n/a through 1.6. 2024-02-12 4.3 CVE-2024-24929
audit@patchstack.com sametime — sametime
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. 2024-02-10 4 CVE-2023-45696
psirt@hcl.com sametime — sametime
Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. 2024-02-10 4.8 CVE-2023-45698
psirt@hcl.com sap_se — sap_bam_(bank_account_management)
SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application. 2024-02-13 6.3 CVE-2024-24739
cna@sap.com
cna@sap.com sap_se — sap_companion
SAP Companion – version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application. 2024-02-13 5.4 CVE-2024-22129
cna@sap.com
cna@sap.com sap_se — sap_crm_(webclient_ui)
SAP CRM WebClient UI – version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability. 2024-02-13 4.1 CVE-2024-24742
cna@sap.com
cna@sap.com sap_se — sap_fiori_app_(my_overtime_requests)
The SAP Fiori app (My Overtime Request) – version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability. 2024-02-13 4.3 CVE-2024-25643
cna@sap.com
cna@sap.com sap_se — sap_master_data_governance_material
SAP Master Data Governance for Material Data – versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability. 2024-02-13 4.3 CVE-2024-24741
cna@sap.com
cna@sap.com sap_se — sap_netweaver_application_server_abap_(sap_kernel)
SAP NetWeaver Application Server (ABAP) – versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. 2024-02-13 5.3 CVE-2024-24740
cna@sap.com
cna@sap.com sap_se — sap_netweaver_business_client_for_html
SAP NWBC for HTML – versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation. 2024-02-13 4.7 CVE-2024-22128
cna@sap.com
cna@sap.com sentry — sentry Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-09 5.3 CVE-2024-24829
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com siemens — openpcs_7_v9.1
A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain unorganized RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. 2024-02-13 6.5 CVE-2023-48363
productcert@siemens.com siemens — openpcs_7_v9.1
A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server. 2024-02-13 6.5 CVE-2023-48364
productcert@siemens.com siemens — tecnomatix_plant_simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2024-02-13 5.5 CVE-2024-23799
productcert@siemens.com siemens — tecnomatix_plant_simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2024-02-13 5.5 CVE-2024-23800
productcert@siemens.com siemens — tecnomatix_plant_simulation A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. 2024-02-13 5.5 CVE-2024-23801
productcert@siemens.com silabs.com — gsdk
A memory leak in the Silicon Labs’ Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. 2024-02-15 6.5 CVE-2024-0240
product-security@silabs.com
product-security@silabs.com squid-cache — squid
Squid is an open-source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 2024-02-14 5.3 CVE-2024-25617
security-advisories@github.com
security-advisories@github.com svix — svix
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification, no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. 2024-02-13 6.8 CVE-2024-21491
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io swadeshswain — before_after_image_slider Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2. 2024-02-12 5.4 CVE-2024-24931
audit@patchstack.com task_manager_in_php_with_source_code_project — task_manager_in_php_with_source_code A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. 2024-02-14 6.1 CVE-2024-25218
cve@mitre.org task_manager_in_php_with_source_code_project — task_manager_in_php_with_source_code A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. 2024-02-14 6.1 CVE-2024-25219
cve@mitre.org task_manager_in_php_with_source_code_project — task_manager_in_php_with_source_code A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php. 2024-02-14 6.1 CVE-2024-25221
cve@mitre.org tenable — security_center
An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. 2024-02-14 5.9 CVE-2024-1471
vulnreport@tenable.com treasure-data — digdag
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data’s digdag workload automation system is susceptible to a path traversal vulnerability if it’s configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-14 5.3 CVE-2024-25125
security-advisories@github.com
security-advisories@github.com trellix — trellix_central_management_(cm)
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard. 2024-02-13 4.6 CVE-2023-6072
trellixpsirt@trellix.com typo3 — typo3
TYPO3 is an open-source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. 2024-02-13 4.3 CVE-2024-25118
security-advisories@github.com
security-advisories@github.com typo3 — typo3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS[‘SYS’][‘encryptionKey’]` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability. 2024-02-13 4.9 CVE-2024-25119
security-advisories@github.com
security-advisories@github.com typo3 — typo3
TYPO3 is an open-source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users’ permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. 2024-02-13 4.3 CVE-2024-25120
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com virusblokada — vba32_antivirus
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver. 2024-02-13 6.3 CVE-2024-23439
help@fluidattacks.com
help@fluidattacks.com virusblokada — vba32_antivirus
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer. 2024-02-13 6.3 CVE-2024-23440
help@fluidattacks.com
help@fluidattacks.com web-soudan — mw_wp_form Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6. 2024-02-10 5.4 CVE-2024-24804
audit@patchstack.com wolfssl — sp_math_all_rsa
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: –enable-all CFLAGS=”-DWOLFSSL_STATIC_RSA” The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with “–enable-all”, is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However, the server’s private key is not exposed. 2024-02-09 5.9 CVE-2023-6935
facts@wolfssl.com
facts@wolfssl.com wolfssl — sp_math_all_rsa
wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. 2024-02-15 5.3 CVE-2023-6937
facts@wolfssl.com
facts@wolfssl.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS. This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. 2024-02-12 6.1 CVE-2024-24927
audit@patchstack.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS. This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7. 2024-02-10 5.4 CVE-2023-51404
audit@patchstack.com wordpress — wordpress The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. 2024-02-10 5.3 CVE-2024-0596
security@wordfence.com
security@wordfence.com wordpress — wordpress The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. 2024-02-09 5.3 CVE-2024-1122
security@wordfence.com
security@wordfence.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10. 2024-02-10 5.4 CVE-2024-23517
audit@patchstack.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS. This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. 2024-02-10 5.4 CVE-2024-24712
audit@patchstack.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS. This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5. 2024-02-10 5.4 CVE-2024-24713
audit@patchstack.com wordpress — wordpress
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-13 6.4 CVE-2024-1159
security@wordfence.com
security@wordfence.com wordpress — wordpress
The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public. 2024-02-15 5.3 CVE-2024-0708
security@wordfence.com
security@wordfence.com wordpress — wordpress
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-13 5.4 CVE-2024-1157
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-13 5.4 CVE-2024-1160
security@wordfence.com
security@wordfence.com wordpress — wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress. This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. 2024-02-12 5.4 CVE-2024-24887
audit@patchstack.com wp-hosting — pay_with_vipps_and_mobilepay_for_woocommerce Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13. 2024-02-10 5.4 CVE-2023-51485
audit@patchstack.com wpoperation — ultra_companion Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPoperation Ultra Companion – Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion – Companion plugin for WPoperation Themes: from n/a through 1.1.9. 2024-02-10 5.4 CVE-2024-24803
audit@patchstack.com wpsimpletools — basic_log_viewer
Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer. This issue affects Basic Log Viewer: from n/a through 1.0.4. 2024-02-12 4.3 CVE-2024-24935
audit@patchstack.com yannick_lefebvre — link_library
Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library. This issue affects Link Library: from n/a through 7.5.13. 2024-02-12 4.3 CVE-2024-24875
audit@patchstack.com zabbix — zabbix The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. 2024-02-09 5.4 CVE-2024-22119
security@zabbix.com zalify — easy_email Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version. 2024-02-09 6.1 CVE-2023-39683
cve@mitre.org
cve@mitre.org
cve@mitre.org zixn — vk_poster_group Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Djo VK Poster Group allows Reflected XSS. This issue affects VK Poster Group: from n/a through 2.0.3. 2024-02-12 6.1 CVE-2024-24932
audit@patchstack.com zoom_video_communications,_inc — zoom_clients
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. 2024-02-14 5.4 CVE-2024-24690
security@zoom.us zoom_video_communications_inc — zoom_clients
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. 2024-02-14 6.5 CVE-2024-24699
security@zoom.us zoom_video_communications_inc — zoom_clients
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. 2024-02-14 4.9 CVE-2024-24698
security@zoom.us zoom_video_communications_inc — zoom_desktop_client_for_windows_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. 2024-02-14 6.8 CVE-2024-24695
security@zoom.us zoom_video_communications_inc — zoom_desktop_client_for_windows_zoom_vdi_client_for_windows_and_zoom_meeting_sdk_for_windows
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. 2024-02-14 6.8 CVE-2024-24696
security@zoom.us

Vulnerability Summary for the Week of February 12, 2024 | CISA

Leave a Reply Cancel reply

Recent Posts

Recent Comments