apache_software_foundation — apache_inlong Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,  the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong’s 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2]  https://github.com/apache/inlong/pull/9707 2024-05-08 not yet calculated CVE-2024-26579
security@apache.org
security@apache.org apache_software_foundation — apache_ofbiz Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. 2024-05-08 not yet calculated CVE-2024-32113
security@apache.org
security@apache.org
security@apache.org
security@apache.org bentley — view Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18960. 2024-05-07 not yet calculated CVE-2022-43651
zdi-disclosures@trendmicro.com bentley — view Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18981. 2024-05-07 not yet calculated CVE-2022-43652
zdi-disclosures@trendmicro.com bentley — view Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084. 2024-05-07 not yet calculated CVE-2022-43653
zdi-disclosures@trendmicro.com bentley — view Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18491. 2024-05-07 not yet calculated CVE-2022-43655
zdi-disclosures@trendmicro.com bentley — view Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18492. 2024-05-07 not yet calculated CVE-2022-43656
zdi-disclosures@trendmicro.com bmc — track-it! BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetData endpoint. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-14527. 2024-05-07 not yet calculated CVE-2021-35001
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com bmc — track-it! BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-14122. 2024-05-07 not yet calculated CVE-2021-35002
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com d-link — dap-2622 D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20076. 2024-05-07 not yet calculated CVE-2023-35748
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com d-link — dap-2622 D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077. 2024-05-07 not yet calculated CVE-2023-35749
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com d-link — dap-2622 D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20085. 2024-05-07 not yet calculated CVE-2023-35757
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com d-link — dap-2622 D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104. 2024-05-07 not yet calculated CVE-2023-37325
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14355. 2024-05-07 not yet calculated CVE-2021-34954
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14356. 2024-05-07 not yet calculated CVE-2021-34955
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14357. 2024-05-07 not yet calculated CVE-2021-34956
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358. 2024-05-07 not yet calculated CVE-2021-34957
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359. 2024-05-07 not yet calculated CVE-2021-34958
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14360. 2024-05-07 not yet calculated CVE-2021-34959
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362. 2024-05-07 not yet calculated CVE-2021-34960
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14363. 2024-05-07 not yet calculated CVE-2021-34961
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14364. 2024-05-07 not yet calculated CVE-2021-34962
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365. 2024-05-07 not yet calculated CVE-2021-34963
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14366. 2024-05-07 not yet calculated CVE-2021-34964
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14361. 2024-05-07 not yet calculated CVE-2021-34965
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367. 2024-05-07 not yet calculated CVE-2021-34966
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14368. 2024-05-07 not yet calculated CVE-2021-34967
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_editor Foxit PDF Editor transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14370. 2024-05-07 not yet calculated CVE-2021-34968
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Square annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14272. 2024-05-07 not yet calculated CVE-2021-34948
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14273. 2024-05-07 not yet calculated CVE-2021-34949
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14396. 2024-05-07 not yet calculated CVE-2021-34950
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14395. 2024-05-07 not yet calculated CVE-2021-34951
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14729. 2024-05-07 not yet calculated CVE-2021-34952
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14658. 2024-05-07 not yet calculated CVE-2021-34953
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14622. 2024-05-07 not yet calculated CVE-2021-34969
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the print method. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14849. 2024-05-07 not yet calculated CVE-2021-34970
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812. 2024-05-07 not yet calculated CVE-2021-34971
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14975. 2024-05-07 not yet calculated CVE-2021-34972
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14968. 2024-05-07 not yet calculated CVE-2021-34973
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15167. 2024-05-07 not yet calculated CVE-2021-34974
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218. 2024-05-07 not yet calculated CVE-2021-34975
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com foxit — pdf_reader Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14659. 2024-05-07 not yet calculated CVE-2021-34976
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com go_standard_library — net A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. 2024-05-08 not yet calculated CVE-2024-24788
security@golang.org
security@golang.org
security@golang.org
security@golang.org go_toolchain — cmd/go On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a “#cgo LDFLAGS” directive. 2024-05-08 not yet calculated CVE-2024-24787
security@golang.org
security@golang.org
security@golang.org
security@golang.org google — android In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0022
security@android.com
security@android.com google — android In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0024
security@android.com
security@android.com google — android In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0025
security@android.com
security@android.com google — android In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0026
security@android.com
security@android.com google — android In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0027
security@android.com
security@android.com google — android In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0042
security@android.com google — android In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-0043
security@android.com
security@android.com google — android In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23704
security@android.com
security@android.com google — android In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23705
security@android.com
security@android.com google — android In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23706
security@android.com
security@android.com google — android In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23707
security@android.com
security@android.com google — android In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23708
security@android.com
security@android.com google — android In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23709
security@android.com
security@android.com google — android In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23710
security@android.com
security@android.com google — android In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23712
security@android.com
security@android.com google — android In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-05-07 not yet calculated CVE-2024-23713
security@android.com
security@android.com google — chrome Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-05-07 not yet calculated CVE-2024-4558
chrome-cve-admin@google.com
chrome-cve-admin@google.com google — chrome Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-05-07 not yet calculated CVE-2024-4559
chrome-cve-admin@google.com
chrome-cve-admin@google.com heateor — heateor_social_login_wordpress Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. 2024-05-08 not yet calculated CVE-2024-32674
vultures@jpcert.or.jp
vultures@jpcert.or.jp hp_inc. — hp_application_enabling_software_driver A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability. 2024-05-06 not yet calculated CVE-2024-1695
hp-security-alert@hp.com integrated_control_technology — tsec Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption. 2024-05-06 not yet calculated CVE-2024-29941
56c94bcb-ac34-4d7f-b660-d297a6b7ff82 knowbe4 — phish_alert_button_(pab)_for_outlook A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application’s failure to securely verify the authenticity and integrity of the update server. The application periodically checks for updates by querying a specific URL. However, this process does not enforce strict SSL/TLS verification, nor does it validate the digital signature of the received update files. An attacker with the capability to perform DNS spoofing can exploit this weakness. By manipulating DNS responses, the attacker can redirect the application’s update requests to a malicious server under their control. Once the application queries the spoofed update URL, the malicious server can respond with a crafted update package. Since the application fails to properly verify the authenticity of the update file, it will accept and execute the package, leading to arbitrary code execution on the host machine. Impact: Successful exploitation of this vulnerability allows an attacker to execute code with elevated privileges, potentially leading to data theft, installation of further malware, or other malicious activities on the host system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4, which addresses this vulnerability by implementing proper SSL/TLS checks of the update server. It is also recommended to ensure DNS settings are secure to prevent DNS spoofing attacks. Workarounds: Use secure corporate networks or VPN services to secure network communications, which can help mitigate the risk of DNS spoofing. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor. 2024-05-07 not yet calculated CVE-2024-29209
support@hackerone.com knowbe4 — phish_alert_button_(pab)_for_outlook A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application’s configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges. The issue stems from improper permission settings on the application’s configuration file, which is stored in a common directory accessible to all users. This file includes critical parameters, such as the update server URL. By default, the application does not enforce adequate access controls on this file, allowing non-privileged users to modify it without administrative consent. An attacker with regular user access can alter the update server URL specified in the configuration file to point to a malicious server. When the application performs its next update check, it will contact the attacker-controlled server. If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. This can result in unauthorized access to sensitive data, installation of additional malware, and a full takeover of the affected system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: KnowBe4 has released a patch that corrects the permission settings on the configuration file to prevent unauthorized modifications. Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4. Workarounds: Manually set the correct permissions on the configuration file to restrict write access to administrators only. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor. 2024-05-07 not yet calculated CVE-2024-29210
support@hackerone.com linux — kernel Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977. 2024-05-07 not yet calculated CVE-2021-34981
zdi-disclosures@trendmicro.com maxon — cinema_4d Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21438. 2024-05-07 not yet calculated CVE-2023-40490
zdi-disclosures@trendmicro.com mediatek,_inc. — mt2737,_mt6739,_mt6761,_mt6765,_mt6768,_mt6771,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6877,_mt6879,_mt6880,_mt6883,_mt6885,_mt6886,_mt6889,_mt6890,_mt6893,_mt6895,_mt6897,_mt6980,_mt6983,_mt6985,_mt6989,_mt6990,_mt8167,_mt8167s,_mt8168,_mt8173,_mt8175,_mt8185,_mt8188,_mt8195,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8390,_mt8395,_mt8755,_mt8765,_mt8766,_mt8768,_mt8775,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791,_mt8791t,_mt8797,_mt8798 In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514. 2024-05-06 not yet calculated CVE-2023-32871
security@mediatek.com mediatek,_inc. — mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390 In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749. 2024-05-06 not yet calculated CVE-2024-20059
security@mediatek.com mediatek,_inc. — mt6580,_mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8188,_mt8370,_mt8390 In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754. 2024-05-06 not yet calculated CVE-2024-20060
security@mediatek.com mediatek,_inc. — mt6580,_mt6761,_mt6762,_mt6768,_mt6781,_mt6789,_mt6833,_mt6853,_mt6853t,_mt6855,_mt6873,_mt6875,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6891,_mt6893,_mt6895,_mt6983,_mt6985,_mt6989,_mt8678,_mt8755,_mt8775,_mt8792,_mt8796 In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. 2024-05-06 not yet calculated CVE-2024-20064
security@mediatek.com mediatek,_inc. — mt6739,_mt6761,_mt6765,_mt6768,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6880,_mt6885,_mt6886,_mt6890,_mt6893,_mt6895,_mt6897,_mt6983,_mt6985,_mt6989,_mt8666,_mt8667,_mt8673,_mt8676,_mt8678 In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185. 2024-05-06 not yet calculated CVE-2024-20056
security@mediatek.com mediatek,_inc. — mt6761,_mt6765,_mt6768,_mt6779,_mt6781,_mt6785,_mt6789,_mt6833,_mt6835,_mt6853,_mt6855,_mt6873,_mt6877,_mt6879,_mt6883,_mt6885,_mt6886,_mt6889,_mt6893,_mt6895,_mt6897,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796 In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881. 2024-05-06 not yet calculated CVE-2024-20057
security@mediatek.com mediatek,_inc. — mt6761,_mt6765,_mt6768,_mt6833,_mt6853,_mt6855,_mt6893,_mt6895,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796 In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227. 2024-05-06 not yet calculated CVE-2023-32873
security@mediatek.com mediatek,_inc. — mt6765,_mt6768,_mt6785,_mt6833,_mt6853,_mt6855,_mt6893,_mt6983,_mt8321,_mt8385,_mt8755,_mt8765,_mt8766,_mt8768,_mt8771,_mt8781,_mt8786,_mt8788,_mt8789,_mt8791t,_mt8792,_mt8795t,_mt8796,_mt8797,_mt8798 In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204. 2024-05-06 not yet calculated CVE-2024-20058
security@mediatek.com mediatek,_inc. — mt6768,_mt6781,_mt6785,_mt6833,_mt6853,_mt6873,_mt6877,_mt6885,_mt6893,_mt8168,_mt8183,_mt8188,_mt8188t,_mt8195,_mt8195z,_mt8321,_mt8362a,_mt8365,_mt8385,_mt8666,_mt8666a,_mt8666b,_mt8667,_mt8673,_mt8675,_mt8675,_mt8676,_mt8678,_mt8765,_mt8766,_mt8766z,_mt8768,_mt8768a,_mt8768b,_mt8768t,_mt8768z,_mt8781,_mt8781,_mt8786,_mt8788,_mt8788t,_mt8788,_mt8788x,_mt8788z,_mt8792,_mt8795t,_mt8796,_mt8798 In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249. 2024-05-06 not yet calculated CVE-2024-20021
security@mediatek.com mintplex-labs — mintplex-labs/anything-llm A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend. 2024-05-07 not yet calculated CVE-2024-2913
security@huntr.dev netgear — cax30s NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227. 2024-05-07 not yet calculated CVE-2022-43654
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com netgear — multiple_routers NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709. 2024-05-07 not yet calculated CVE-2021-34982
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com netgear — multiple_routers NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708. 2024-05-07 not yet calculated CVE-2021-34983
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com netgear — r7800 NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055. 2024-05-07 not yet calculated CVE-2021-34947
zdi-disclosures@trendmicro.com
zdi-disclosures@trendmicro.com node.js — node The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. 2024-05-07 not yet calculated CVE-2024-27982
support@hackerone.com openbsd — kernel OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14540. 2024-05-07 not yet calculated CVE-2021-34999
zdi-disclosures@trendmicro.com openbsd — kernel OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16112. 2024-05-07 not yet calculated CVE-2021-35000
zdi-disclosures@trendmicro.com the_gnu_c_library — glibc nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon’s (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. 2024-05-06 not yet calculated CVE-2024-33599
3ff69d7a-14f2-4f67-a097-88dee7810d18 the_gnu_c_library — glibc nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon’s (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. 2024-05-06 not yet calculated CVE-2024-33600
3ff69d7a-14f2-4f67-a097-88dee7810d18 the_gnu_c_library — glibc nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon’s (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. 2024-05-06 not yet calculated CVE-2024-33601
3ff69d7a-14f2-4f67-a097-88dee7810d18 the_gnu_c_library — glibc nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon’s (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. 2024-05-06 not yet calculated CVE-2024-33602
3ff69d7a-14f2-4f67-a097-88dee7810d18 triangle_microworks — scada_data_gateway Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227. 2024-05-07 not yet calculated CVE-2022-0369
zdi-disclosures@trendmicro.com ubiquiti_inc — unifi_connect_application An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier) UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. 2024-05-07 not yet calculated CVE-2024-29207
support@hackerone.com ubiquiti_inc — unifi_connect_ev_station An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Access G2 Reader Pro (Version 1.2.172 and earlier) UniFi Access Reader Pro (Version 2.7.238 and earlier) UniFi Access Intercom (Version 1.0.66 and earlier) UniFi Access Intercom Viewer (Version 1.0.5 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Access G2 Reader Pro Version 1.3.37 or later. Update UniFi Access Reader Pro Version 2.8.19 or later. Update UniFi Access Intercom Version 1.1.32 or later. Update UniFi Access Intercom Viewer Version 1.1.6 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. 2024-05-07 not yet calculated CVE-2024-29206
support@hackerone.com ubiquiti_inc — update_unifi_connect_ev_station An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV Station (Version 1.1.18 and earlier) UniFi Connect EV Station Pro (Version 1.1.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.6.225 and earlier) Mitigation: Update UniFi Connect Application to Version 3.10.7 or later. Update UniFi Connect EV Station to Version 1.2.15 or later. Update UniFi Connect EV Station Pro to Version 1.2.15 or later. Update UniFi Connect Display to Version 1.11.348 or later. Update UniFi Connect Display Cast to Version 1.8.255 or later. 2024-05-07 not yet calculated CVE-2024-29208
support@hackerone.com unknown — crelly_slider The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-05-06 not yet calculated CVE-2024-3752
contact@wpscan.com unknown — easyevent The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2024-05-07 not yet calculated CVE-2024-3628
contact@wpscan.com unknown — fancy_product_designer The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-05-06 not yet calculated CVE-2024-0904
contact@wpscan.com unknown — mf_gig_calendar The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack 2024-05-06 not yet calculated CVE-2024-3756
contact@wpscan.com unknown — mf_gig_calendar
  The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-05-06 not yet calculated CVE-2024-3755
contact@wpscan.com N/A — N/A

 

Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field. 2024-05-06 not yet calculated CVE-2023-33548
cve@mitre.org N/A — N/A

 

Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. 2024-05-07 not yet calculated CVE-2023-46012
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. 2024-05-07 not yet calculated CVE-2024-25507
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. 2024-05-07 not yet calculated CVE-2024-25508
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. 2024-05-07 not yet calculated CVE-2024-25509
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. 2024-05-07 not yet calculated CVE-2024-25510
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. 2024-05-07 not yet calculated CVE-2024-25511
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. 2024-05-07 not yet calculated CVE-2024-25512
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. 2024-05-07 not yet calculated CVE-2024-25513
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. 2024-05-07 not yet calculated CVE-2024-25514
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. 2024-05-08 not yet calculated CVE-2024-25515
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. 2024-05-08 not yet calculated CVE-2024-25517
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. 2024-05-08 not yet calculated CVE-2024-25518
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. 2024-05-08 not yet calculated CVE-2024-25519
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. 2024-05-08 not yet calculated CVE-2024-25520
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. 2024-05-08 not yet calculated CVE-2024-25521
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. 2024-05-08 not yet calculated CVE-2024-25522
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. 2024-05-08 not yet calculated CVE-2024-25523
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. 2024-05-08 not yet calculated CVE-2024-25524
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. 2024-05-08 not yet calculated CVE-2024-25525
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. 2024-05-08 not yet calculated CVE-2024-25526
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. 2024-05-08 not yet calculated CVE-2024-25527
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. 2024-05-08 not yet calculated CVE-2024-25528
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. 2024-05-08 not yet calculated CVE-2024-25529
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. 2024-05-08 not yet calculated CVE-2024-25530
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. 2024-05-08 not yet calculated CVE-2024-25531
cve@mitre.org N/A — N/A

 

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. 2024-05-08 not yet calculated CVE-2024-25532
cve@mitre.org N/A — N/A

 

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. 2024-05-08 not yet calculated CVE-2024-25533
cve@mitre.org N/A — N/A

 

Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 2024-05-06 not yet calculated CVE-2024-26312
cve@mitre.org
cve@mitre.org N/A — N/A

 

Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. 2024-05-06 not yet calculated CVE-2024-28725
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of a time-of-check time-of-use vulnerability, an authenticated attacker is able to replace the verified firmware image with malicious firmware during the update process. 2024-05-07 not yet calculated CVE-2024-29149
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Because of improper privilege management, an authenticated attacker is able to create symlinks to sensitive and protected data in locations that are used for debugging files. Given that the process of gathering debug logs is carried out with root privileges, any file referenced in the symlink is consequently written to the debug archive, thereby granting accessibility to the attacker. 2024-05-07 not yet calculated CVE-2024-29150
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. 2024-05-06 not yet calculated CVE-2024-30973
cve@mitre.org N/A — N/A

 

A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. 2024-05-08 not yet calculated CVE-2024-31961
cve@mitre.org N/A — N/A

 

SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component. 2024-05-07 not yet calculated CVE-2024-32369
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component. 2024-05-07 not yet calculated CVE-2024-32370
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. 2024-05-07 not yet calculated CVE-2024-32371
cve@mitre.org
cve@mitre.org N/A — N/A

 

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. 2024-05-06 not yet calculated CVE-2024-33110
cve@mitre.org N/A — N/A

 

D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. 2024-05-06 not yet calculated CVE-2024-33111
cve@mitre.org N/A — N/A

 

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. 2024-05-06 not yet calculated CVE-2024-33112
cve@mitre.org N/A — N/A

 

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. 2024-05-06 not yet calculated CVE-2024-33113
cve@mitre.org N/A — N/A

 

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. 2024-05-06 not yet calculated CVE-2024-33117
cve@mitre.org N/A — N/A

 

LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. 2024-05-06 not yet calculated CVE-2024-33118
cve@mitre.org N/A — N/A

 

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file. 2024-05-07 not yet calculated CVE-2024-33120
cve@mitre.org
cve@mitre.org N/A — N/A

 

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the ‘s’ parameter in the search() function. 2024-05-06 not yet calculated CVE-2024-33121
cve@mitre.org N/A — N/A

 

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function. 2024-05-07 not yet calculated CVE-2024-33122
cve@mitre.org N/A — N/A

 

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. 2024-05-07 not yet calculated CVE-2024-33124
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. 2024-05-07 not yet calculated CVE-2024-33139
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. 2024-05-07 not yet calculated CVE-2024-33144
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. 2024-05-07 not yet calculated CVE-2024-33146
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. 2024-05-07 not yet calculated CVE-2024-33147
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. 2024-05-07 not yet calculated CVE-2024-33148
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. 2024-05-07 not yet calculated CVE-2024-33149
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. 2024-05-07 not yet calculated CVE-2024-33153
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. 2024-05-07 not yet calculated CVE-2024-33155
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. 2024-05-07 not yet calculated CVE-2024-33161
cve@mitre.org N/A — N/A

 

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. 2024-05-07 not yet calculated CVE-2024-33164
cve@mitre.org N/A — N/A

 

An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. 2024-05-06 not yet calculated CVE-2024-33294
cve@mitre.org N/A — N/A

 

An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration 2024-05-08 not yet calculated CVE-2024-33382
cve@mitre.org N/A — N/A

 

A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. 2024-05-06 not yet calculated CVE-2024-33403
cve@mitre.org N/A — N/A

 

A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. 2024-05-06 not yet calculated CVE-2024-33404
cve@mitre.org N/A — N/A

 

SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. 2024-05-06 not yet calculated CVE-2024-33405
cve@mitre.org N/A — N/A

 

SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. 2024-05-06 not yet calculated CVE-2024-33406
cve@mitre.org N/A — N/A

 

SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. 2024-05-06 not yet calculated CVE-2024-33407
cve@mitre.org N/A — N/A

 

A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. 2024-05-06 not yet calculated CVE-2024-33408
cve@mitre.org N/A — N/A

 

SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. 2024-05-06 not yet calculated CVE-2024-33409
cve@mitre.org N/A — N/A

 

SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. 2024-05-06 not yet calculated CVE-2024-33410
cve@mitre.org N/A — N/A

 

A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. 2024-05-06 not yet calculated CVE-2024-33411
cve@mitre.org N/A — N/A

 

An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering. 2024-05-07 not yet calculated CVE-2024-33434
cve@mitre.org
cve@mitre.org N/A — N/A

 

Cross-site scripting (XSS) vulnerability in the search function in MvnRepository MS Basic 2.1.18.3 and earlier. 2024-05-07 not yet calculated CVE-2024-33748
cve@mitre.org
cve@mitre.org N/A — N/A

 

DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. 2024-05-06 not yet calculated CVE-2024-33749
cve@mitre.org N/A — N/A

 

An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. 2024-05-06 not yet calculated CVE-2024-33752
cve@mitre.org N/A — N/A

 

Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization. 2024-05-06 not yet calculated CVE-2024-33753
cve@mitre.org N/A — N/A

 

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. 2024-05-07 not yet calculated CVE-2024-33780
cve@mitre.org N/A — N/A

 

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. 2024-05-07 not yet calculated CVE-2024-33781
cve@mitre.org N/A — N/A

 

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. 2024-05-07 not yet calculated CVE-2024-33782
cve@mitre.org N/A — N/A

 

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message. 2024-05-07 not yet calculated CVE-2024-33783
cve@mitre.org N/A — N/A

 

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. 2024-05-06 not yet calculated CVE-2024-33788
cve@mitre.org N/A — N/A

 

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. 2024-05-06 not yet calculated CVE-2024-33829
cve@mitre.org N/A — N/A

 

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. 2024-05-06 not yet calculated CVE-2024-33830
cve@mitre.org N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint. 2024-05-07 not yet calculated CVE-2024-33856
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery. 2024-05-07 not yet calculated CVE-2024-33857
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory. 2024-05-07 not yet calculated CVE-2024-33858
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn’t being escaped in the “Interesting Field” Web UI, leading to XSS. 2024-05-07 not yet calculated CVE-2024-33859
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. 2024-05-07 not yet calculated CVE-2024-33860
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release. 2024-05-06 not yet calculated CVE-2024-34092
cve@mitre.org
cve@mitre.org N/A — N/A

 

libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. 2024-05-08 not yet calculated CVE-2024-34244
cve@mitre.org N/A — N/A

 

wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function “main” in wasm3/platforms/app/main.c. 2024-05-06 not yet calculated CVE-2024-34246
cve@mitre.org N/A — N/A

 

wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function “DeallocateSlot” in wasm3/source/m3_compile.c. 2024-05-06 not yet calculated CVE-2024-34249
cve@mitre.org N/A — N/A

 

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the “wasm_loader_check_br” function in core/iwasm/interpreter/wasm_loader.c. 2024-05-06 not yet calculated CVE-2024-34250
cve@mitre.org N/A — N/A

 

An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the “block_type_get_arity” function in core/iwasm/interpreter/wasm.h. 2024-05-06 not yet calculated CVE-2024-34251
cve@mitre.org N/A — N/A

 

wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function “PreserveRegisterIfOccupied” in wasm3/source/m3_compile.c. 2024-05-06 not yet calculated CVE-2024-34252
cve@mitre.org N/A — N/A

 

jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function. 2024-05-08 not yet calculated CVE-2024-34255
cve@mitre.org N/A — N/A

 

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. 2024-05-08 not yet calculated CVE-2024-34257
cve@mitre.org N/A — N/A

 

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. 2024-05-07 not yet calculated CVE-2024-34314
cve@mitre.org N/A — N/A

 

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. 2024-05-07 not yet calculated CVE-2024-34315
cve@mitre.org N/A — N/A

 

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. 2024-05-07 not yet calculated CVE-2024-34397
cve@mitre.org
cve@mitre.org N/A — N/A

 

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. 2024-05-06 not yet calculated CVE-2024-34470
cve@mitre.org N/A — N/A

 

An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading. 2024-05-06 not yet calculated CVE-2024-34471
cve@mitre.org N/A — N/A

 

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. 2024-05-06 not yet calculated CVE-2024-34472
cve@mitre.org N/A — N/A

 

The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privileges. 2024-05-07 not yet calculated CVE-2024-34517
cve@mitre.org
cve@mitre.org
cve@mitre.org N/A — N/A

 

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2024-05-07 not yet calculated CVE-2024-34523
cve@mitre.org
cve@mitre.org N/A — N/A

 

In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. 2024-05-06 not yet calculated CVE-2024-34524
cve@mitre.org
cve@mitre.org N/A — N/A

 

FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. 2024-05-06 not yet calculated CVE-2024-34525
cve@mitre.org N/A — N/A

 

spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. 2024-05-06 not yet calculated CVE-2024-34527
cve@mitre.org
cve@mitre.org N/A — N/A

 

WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. 2024-05-06 not yet calculated CVE-2024-34528
cve@mitre.org
cve@mitre.org N/A — N/A

 

Nebari through 2024.4.1 prints the temporary Keycloak root password. 2024-05-06 not yet calculated CVE-2024-34529
cve@mitre.org
cve@mitre.org N/A — N/A

 

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get_result_from_query. 2024-05-06 not yet calculated CVE-2024-34532
cve@mitre.org N/A — N/A

 

A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. 2024-05-06 not yet calculated CVE-2024-34533
cve@mitre.org N/A — N/A

 

A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to models/ir_model.py:IrModel::chech_model. 2024-05-06 not yet calculated CVE-2024-34534
cve@mitre.org N/A — N/A

 

Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. 2024-05-06 not yet calculated CVE-2024-34538
cve@mitre.org N/A — N/A

 

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. 2024-05-07 not yet calculated CVE-2024-4030
cna@python.org
cna@python.org
cna@python.org
cna@python.org