Vulnerability Summary for the Week of July 1, 2024 | CISA


2code — himer
  The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks 2024-07-03 5.4 CVE-2024-2234
contact@wpscan.com 2code — himer
  The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack 2024-07-03 4.3 CVE-2024-2040
contact@wpscan.com 2code — himer
  The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group 2024-07-03 4.3 CVE-2024-2233
contact@wpscan.com 2code — himer
  The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don’t have access to via a CSRF attack 2024-07-03 4.3 CVE-2024-2235
contact@wpscan.com 2code — wpqa_builder
  The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks 2024-07-03 5.4 CVE-2024-2375
contact@wpscan.com aimeos–ai-admin-jsonadm
  aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue. 2024-07-02 5.5 CVE-2024-39322
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com aimeos–ai-controller-frontend
  aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn’t reset the payment status of a user’s basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue. 2024-07-02 5.3 CVE-2024-39325
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com apollo13themes — rife_elementor_extensions_&_templates
  The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag’ attribute within the plugin’s Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 5.4 CVE-2024-5504
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com Automattic–Newspack Ads
  Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1. 2024-07-04 6.5 CVE-2024-37474
audit@patchstack.com Automattic–Newspack Campaigns
  Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1. 2024-07-04 6.5 CVE-2024-37476
audit@patchstack.com Axelerant–Testimonials Widget
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4. 2024-07-06 6.5 CVE-2024-37553
audit@patchstack.com biplob018–Image Hover Effects – Caption Hover with Carousel
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in biplob018 Image Hover Effects – Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects – Caption Hover with Carousel: from n/a through 3.0.2. 2024-07-06 6.5 CVE-2024-37546
audit@patchstack.com boot_store_project — boot_store
  The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme’s Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 5.4 CVE-2024-5938
security@wordfence.com
security@wordfence.com cedcommerce — one_click_order_re-order
  The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ced_ocor_save_general_setting’ function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the plugin settings, including adding stored cross-site scripting. 2024-07-04 5.4 CVE-2024-5641
security@wordfence.com
security@wordfence.com
security@wordfence.com CHANGING–Mobile One Time Password
  CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system. 2024-07-01 4.9 CVE-2024-3122
twcert@cert.org.tw
twcert@cert.org.tw Checkmk GmbH–Checkmk
  Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements 2024-07-03 6.5 CVE-2024-6052
security@checkmk.com Checkmk GmbH–Checkmk
  Improper neutralization of input in Checkmk before versions 2.3.0p8, 2.2.0p28, 2.1.0p45, and 2.0.0 (EOL) allows attackers to craft malicious links that can facilitate phishing attacks. 2024-07-02 4.3 CVE-2024-38857
security@checkmk.com cisco — nx-os
  A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. 2024-07-01 6.7 CVE-2024-20399
ykramarz@cisco.com CodeAstrology Team–UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode)
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6. 2024-07-06 6.5 CVE-2024-37554
audit@patchstack.com coderberg — residencecms
  A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload. 2024-07-02 5.4 CVE-2024-39143
cve@mitre.org davidlingren — media_library_assistant
  The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-07-02 6.1 CVE-2024-5544
security@wordfence.com
security@wordfence.com Delinea–Centrify PAS
  Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch. 2024-07-02 5 CVE-2024-5866
vulnerability@kaspersky.com dell — powerscale_onefs
  Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation. 2024-07-02 6.7 CVE-2024-32854
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. 2024-07-02 6.7 CVE-2024-37126
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges. 2024-07-02 6.7 CVE-2024-37132
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. 2024-07-02 6.7 CVE-2024-37133
security_alert@emc.com dell — powerscale_onefs
  Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. 2024-07-02 6.7 CVE-2024-37134
security_alert@emc.com Dell–CPG BIOS
  Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges 2024-07-02 5.1 CVE-2024-0158
security_alert@emc.com Delower–WP To Do
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0. 2024-07-06 6.5 CVE-2024-37539
audit@patchstack.com discourse–discourse
  Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available. 2024-07-03 6.4 CVE-2024-37157
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com discourse–discourse
  Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum. 2024-07-03 4.2 CVE-2024-35234
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com discourse–discourse
  Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available. 2024-07-03 4.9 CVE-2024-36113
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com dotcamp — ultimate_blocks
  The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag parameter in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 5.4 CVE-2024-3513
security@wordfence.com
security@wordfence.com dotcamp — ultimate_blocks
  The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 5.4 CVE-2024-4268
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com envoyproxy–envoy
  Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be immediately apparent if it was configured. Memory allocated for holding attribute values is freed after configuration was parsed. During request processing Envoy will attempt to copy content of de-allocated memory into request cookie header. This can lead to arbitrary content of Envoy’s memory to be sent to the upstream service or abnormal process termination. This vulnerability is fixed in Envoy versions v1.30.4, v1.29.7, v1.28.5, and v1.27.7. As a workaround, do not use cookie attributes in route action hash policy. 2024-07-01 6.5 CVE-2024-39305
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com ethyca–fides
  Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. A vulnerability present starting in version 2.19.0 and prior to version 2.39.2rc0 allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL. This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. The vulnerability has been patched in Fides version 2.39.2rc0. No known workarounds are available. 2024-07-03 5.3 CVE-2024-31223
security-advisories@github.com
security-advisories@github.com flowiseai — flowise
  Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `api/v1/chatflows/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available. 2024-07-01 6.1 CVE-2024-36422
security-advisories@github.com
security-advisories@github.com FlowiseAI–Flowise
  Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/public-chatflows/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available. 2024-07-01 6.1 CVE-2024-36423
security-advisories@github.com
security-advisories@github.com FlowiseAI–Flowise
  Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows-streaming/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available. 2024-07-01 6.1 CVE-2024-37145
security-advisories@github.com
security-advisories@github.com FlowiseAI–Flowise
  Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available. 2024-07-01 6.1 CVE-2024-37146
security-advisories@github.com
security-advisories@github.com geoserver — geoserver
  GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer’s Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules’ status message. These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens. Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process. The precise scope of the issue depends on which container image is used and how it is configured. The `about status` API endpoint which powers the Server Status page is only available to administrators.Depending on the operating environment, administrators might have legitimate access to credentials in other ways, but this issue defeats more sophisticated controls (like break-glass access to secrets or role accounts).By default, GeoServer only allows same-origin authenticated API access. This limits the scope for a third-party attacker to use an administrator’s credentials to gain access to credentials. The researchers who found the vulnerability were unable to determine any other conditions under which the GeoServer REST API may be available more broadly. Users should update container images to use GeoServer 2.24.4 or 2.25.1 to get the bug fix. As a workaround, leave environment variables and Java system properties hidden by default. Those who provide the option to re-enable it should communicate the impact and risks so that users can make an informed choice. 2024-07-01 4.9 CVE-2024-34696
security-advisories@github.com HCL Software–Nomad server on Domino
  HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability. 2024-07-05 5.3 CVE-2024-23588
psirt@hcl.com Hitachi–Hitachi Ops Center Common Services
  Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00. 2024-07-02 5.1 CVE-2024-2819
hirt@hitachi.co.jp hitout — carsale
  A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270166 is the identifier assigned to this vulnerability. 2024-07-02 6.5 CVE-2024-6438
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com ICONICS–GENESIS64
  Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’) vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system. 2024-07-04 6.7 CVE-2024-1574
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp ICONICS–GENESIS64
  Improper Authentication vulnerability in the mobile monitoring feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting. * “Automatic log in” option is enabled in the security setting. * The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account. * The IcoAnyGlass IIS Application Pool account is included in GENESIS64TM and MC Works64 Security and has permission to log in. 2024-07-04 5.9 CVE-2024-1573
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp itsourcecode–Farm Management System
  A vulnerability was found in itsourcecode Farm Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quarantine.php?id=3. The manipulation of the argument pigno/breed/reason leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270241 was assigned to this vulnerability. NOTE: Original submission mentioned parameter pigno only but the VulDB data analysis team determined two additional parameters to be affected as well. 2024-07-02 6.3 CVE-2024-6453
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com JetBrains–TeamCity
  In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings 2024-07-01 5 CVE-2024-39879
cve@jetbrains.com JetBrains–TeamCity
  In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection 2024-07-01 4.1 CVE-2024-39878
cve@jetbrains.com Johnson Controls–American Dynamics Illustra Essentials Gen 4
  Under certain circumstances the Linux users credentials may be recovered by an authenticated user. 2024-07-02 6.8 CVE-2024-32756
productsecurity@jci.com
productsecurity@jci.com Johnson Controls–American Dynamics Illustra Essentials Gen 4
  Under certain circumstances unnecessary user details are provided within system logs 2024-07-02 6.8 CVE-2024-32757
productsecurity@jci.com
productsecurity@jci.com Johnson Controls–American Dynamics Illustra Essentials Gen 4
  Under certain circumstances the web interface users credentials may be recovered by an authenticated user. 2024-07-02 6.8 CVE-2024-32932
productsecurity@jci.com
productsecurity@jci.com jungo — windriver
  Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error. 2024-07-02 5.5 CVE-2023-51777
cve@mitre.org
cve@mitre.org
cve@mitre.org jungo — windriver
  Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). 2024-07-02 5.5 CVE-2023-51778
cve@mitre.org
cve@mitre.org
cve@mitre.org jungo — windriver
  Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error. 2024-07-02 5.5 CVE-2024-22102
cve@mitre.org
cve@mitre.org
cve@mitre.org jungo — windriver
  Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). 2024-07-02 5.5 CVE-2024-22103
cve@mitre.org
cve@mitre.org
cve@mitre.org jungo — windriver
  Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). 2024-07-02 5.5 CVE-2024-22104
cve@mitre.org
cve@mitre.org
cve@mitre.org jungo — windriver
  Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error. 2024-07-02 5.5 CVE-2024-22105
cve@mitre.org
cve@mitre.org
cve@mitre.org jungo — windriver
  Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error. 2024-07-02 5.5 CVE-2024-25087
cve@mitre.org
cve@mitre.org
cve@mitre.org kiloview — p1_firmware
  A ‘Cross-site Scripting’ (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities. 2024-07-02 5.4 CVE-2023-41922
cert@ncsc.nl Kiloview–P1/P2
  The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses. 2024-07-02 5.3 CVE-2023-41927
cert@ncsc.nl Kiloview–P1/P2
  The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses. 2024-07-02 5.3 CVE-2023-41928
cert@ncsc.nl KisaragiEffective–toy-blog
  toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workarounds are available. 2024-07-01 6.5 CVE-2024-39313
security-advisories@github.com
security-advisories@github.com KisaragiEffective–toy-blog
  toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass `–read-bearer-token-from-stdin` to the launch arguments and feed the token from the standard input in version 0.4.14 or later. Earlier versions do not have this workaround. 2024-07-01 4.7 CVE-2024-39314
security-advisories@github.com
security-advisories@github.com leap13 — premium_addons_for_elementor
  The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Countdown widget in all versions up to, and including, 4.10.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-03 5.4 CVE-2024-6340
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com leap13 — premium_addons_for_elementor
  The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources. 2024-07-04 4.3 CVE-2024-6434
security@wordfence.com
security@wordfence.com
security@wordfence.com linlinjava–litemall
  A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235. 2024-07-02 6.3 CVE-2024-6452
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com Livemesh–Livemesh Addons for Elementor
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.7. 2024-07-06 6.5 CVE-2024-37547
audit@patchstack.com livemeshelementor — addons_for_elementor
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-04 5.4 CVE-2024-2926
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com livemeshelementor — addons_for_elementor
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-04 5.4 CVE-2024-3638
security@wordfence.com
security@wordfence.com
security@wordfence.com livemeshelementor — addons_for_elementor
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-04 5.4 CVE-2024-3639
security@wordfence.com
security@wordfence.com matrix-org–matrix-appservice-irc
  matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they’re replying to when determining whether or not to include a truncated version of the original event in the IRC message. Since this value is controlled by external entities, a malicious Matrix homeserver joined to a room in which a matrix-appservice-irc bridge instance (before version 2.0.1) is present can fabricate the timestamp with the intent of tricking the bridge into leaking room messages the homeserver should not have access to. matrix-appservice-irc 2.0.1 drops the reliance on `origin_server_ts` when determining whether or not an event should be visible to a user, instead tracking the event timestamps internally. As a workaround, it’s possible to limit the amount of information leaked by setting a reply template that doesn’t contain the original message. 2024-07-05 4.3 CVE-2024-39691
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com mattermost — mattermost
  Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9.5.5 fail to prevent specifying a RemoteId when creating a new user which allows an attacker to specify both a remoteId and the user ID, resulting in creating a user with a user-defined user ID. This can cause some broken functionality in User Management such administrative actions against the user not working. 2024-07-03 6.5 CVE-2024-6428
responsibledisclosure@mattermost.com mattermost — mattermost
  Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious remote A to change the profile images of users that belong to another remote server C that is connected to the server A. 2024-07-03 5.3 CVE-2024-36257
responsibledisclosure@mattermost.com mattermost — mattermost
  Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail to prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and the post ID, resulting in creating a post with a user-defined post ID. This can cause some broken functionality in the channel or thread with user-defined posts 2024-07-03 5.4 CVE-2024-39361
responsibledisclosure@mattermost.com mattermost — mattermost
  Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels. 2024-07-03 5.3 CVE-2024-39807
responsibledisclosure@mattermost.com mattermost — mattermost
  Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison. 2024-07-03 5.9 CVE-2024-39830
responsibledisclosure@mattermost.com mongodb — mongodb
  A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3. 2024-07-01 6.5 CVE-2024-6375
cna@mongodb.com MongoDB Inc–libbson
  The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1 2024-07-03 5.3 CVE-2024-6383
cna@mongodb.com MongoDB Inc–libbson
  The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2 2024-07-02 4 CVE-2024-6381
cna@mongodb.com MongoDB Inc–MongoDB Rust Driver
  Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2 2024-07-02 6.4 CVE-2024-6382
cna@mongodb.com n/a–n/a
  FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. 2024-07-01 6.6 CVE-2024-32228
cve@mitre.org n/a–n/a
  Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. 2024-07-01 6.3 CVE-2024-38990
cve@mitre.org n/a–n/a
  adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. 2024-07-01 6.5 CVE-2024-38997
cve@mitre.org n/a–n/a
  adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. 2024-07-01 6.5 CVE-2024-39000
cve@mitre.org n/a–n/a
  adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. 2024-07-01 6.5 CVE-2024-39853
cve@mitre.org n/a–n/a
  MachForm up to version 19 is affected by an authenticated stored cross-site scripting. 2024-07-01 5.4 CVE-2024-37764
cve@mitre.org n/a–n/a
  In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.) 2024-07-02 5.3 CVE-2024-39891
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org n/a–ORIPA
  A vulnerability was found in ORIPA up to 1.72. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/oripa/persistence/doc/loader/LoaderXML.java. The manipulation leads to deserialization. The attack can be launched remotely. Upgrading to version 1.80 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-270169 was assigned to this vulnerability. 2024-07-02 6.3 CVE-2024-6441
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com n/a–ShopXO
  A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270367. NOTE: The original disclosure confuses CSRF with SSRF. 2024-07-05 5.5 CVE-2024-6524
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com N/A–VMware Cloud Director Availability
  VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks. 2024-07-04 6.4 CVE-2024-22277
security@vmware.com NationalSecurityAgency–skills-service
  SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint `/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to a cross-site request forgery (CSRF) vulnerability. Due to the endpoint being CSRFable e.g POST request, supports a content type that can be exploited (multipart file upload), makes a state change and has no CSRF mitigations in place (samesite flag, CSRF token). It is possible to perform a CSRF attack against a logged in admin account, allowing an attacker that can target a logged in admin of Skills Service to modify the videos, captions, and text of the skill. Version 2.12.6 contains a patch for this issue. 2024-07-02 4.4 CVE-2024-39326
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com pomerium–pomerium
  Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at `/.pomerium`) unintentionally included serialized OAuth2 access and ID tokens from the logged-in user’s session. These tokens are not intended to be exposed to end users. This issue may be more severe in the presence of a cross-site scripting vulnerability in an upstream application proxied through Pomerium. If an attacker could insert a malicious script onto a web page proxied through Pomerium, that script could access these tokens by making a request to the `/.pomerium` endpoint. Upstream applications that authenticate only the ID token may be vulnerable to user impersonation using a token obtained in this manner. Note that an OAuth2 access token or ID token by itself is not sufficient to hijack a user’s Pomerium session. Upstream applications should not be vulnerable to user impersonation via these tokens provided the application verifies the Pomerium JWT for each request, the connection between Pomerium and the application is secured by mTLS, or the connection between Pomerium and the application is otherwise secured at the network layer. The issue is patched in Pomerium v0.26.1. No known workarounds are available. 2024-07-02 5.7 CVE-2024-39315
security-advisories@github.com
security-advisories@github.com posimyth — the_plus_addons_for_elementor
  The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Countdown’ widget in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied ‘text_days’ attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-03 5.4 CVE-2024-4482
security@wordfence.com
security@wordfence.com
security@wordfence.com qualcomm — 315_5g_iot_modem_firmware
  Transient DOS while loading the TA ELF file. 2024-07-01 5.5 CVE-2024-21462
product-security@qualcomm.com qualcomm — fastconnect_6900_firmware
  Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space. 2024-07-01 6.5 CVE-2024-21460
product-security@qualcomm.com Qualcomm, Inc.–Snapdragon
  Information Disclosure while parsing beacon frame in STA. 2024-07-01 6.5 CVE-2024-21456
product-security@qualcomm.com rack–rack
  Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS). The fix for CVE-2024-26146 was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5. Users of versions on the 3.1 branch should upgrade to version 3.1.5 to receive the fix. 2024-07-02 6.5 CVE-2024-39316
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com radiustheme — the_post_grid
  The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 5.4 CVE-2024-1427
security@wordfence.com
security@wordfence.com
security@wordfence.com rankmath — seo
  The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-07-02 5.4 CVE-2024-4627
contact@wpscan.com Red Hat–Red Hat Enterprise Linux 6
  A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host. 2024-07-05 6 CVE-2024-6505
secalert@redhat.com
secalert@redhat.com Robert Macchi–WP Scraper
  Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7. 2024-07-06 4.9 CVE-2024-37208
audit@patchstack.com samsung — android
  Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. 2024-07-02 6.8 CVE-2024-34587
mobile.security@samsung.com samsung — android
  Improper input validation?in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. 2024-07-02 6.5 CVE-2024-34588
mobile.security@samsung.com samsung — android
  Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. 2024-07-02 6.5 CVE-2024-34589
mobile.security@samsung.com samsung — android
  Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features. 2024-07-02 5.5 CVE-2024-20895
mobile.security@samsung.com samsung — android
  Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. 2024-07-02 5.5 CVE-2024-20896
mobile.security@samsung.com samsung — android
  Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. 2024-07-02 5.5 CVE-2024-20897
mobile.security@samsung.com samsung — android
  Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. 2024-07-02 5.5 CVE-2024-20898
mobile.security@samsung.com samsung — android
  Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. 2024-07-02 5.5 CVE-2024-20899
mobile.security@samsung.com samsung — android
  Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address. 2024-07-02 5.5 CVE-2024-34594
mobile.security@samsung.com samsung — android
  Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. 2024-07-02 4.3 CVE-2024-20889
mobile.security@samsung.com samsung — android
  Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability. 2024-07-02 4.3 CVE-2024-20894
mobile.security@samsung.com samsung — android
  Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. 2024-07-02 4.3 CVE-2024-34590
mobile.security@samsung.com samsung — android
  Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. 2024-07-02 4.3 CVE-2024-34591
mobile.security@samsung.com samsung — android
  Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability. 2024-07-02 4.3 CVE-2024-34592
mobile.security@samsung.com samsung — galaxystore
  Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. 2024-07-02 5.3 CVE-2024-34601
mobile.security@samsung.com shaonsina–Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)
  The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘read_more_text’ parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 6.4 CVE-2024-5260
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com SourceCodester–Medicine Tracker System
  A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=save_medicine. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270010 is the identifier assigned to this vulnerability. 2024-07-01 6.3 CVE-2024-6419
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com SourceCodester–Online Tours & Travels Management
  A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file sms_setting.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270279. 2024-07-03 6.3 CVE-2024-6471
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com spider-themes — eazydocs
  The EazyDocs WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2024-07-02 4.8 CVE-2024-3999
contact@wpscan.com Splunk–Splunk Enterprise
  In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. 2024-07-01 6.3 CVE-2024-36986
prodsec@splunk.com
prodsec@splunk.com Splunk–Splunk Enterprise
  In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service. 2024-07-01 6.5 CVE-2024-36990
prodsec@splunk.com
prodsec@splunk.com Splunk–Splunk Enterprise
  In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit. 2024-07-01 5.4 CVE-2024-36992
prodsec@splunk.com Splunk–Splunk Enterprise
  In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. 2024-07-01 5.4 CVE-2024-36993
prodsec@splunk.com
prodsec@splunk.com Splunk–Splunk Enterprise
  In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. 2024-07-01 5.4 CVE-2024-36994
prodsec@splunk.com
prodsec@splunk.com Splunk–Splunk Enterprise
  In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items. 2024-07-01 5.4 CVE-2024-36995
prodsec@splunk.com
prodsec@splunk.com Splunk–Splunk Enterprise
  In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme. 2024-07-01 5.3 CVE-2024-36996
prodsec@splunk.com Splunk–Splunk Enterprise
  In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint. 2024-07-01 4.3 CVE-2024-36987
prodsec@splunk.com StaxWP–Elementor Addons, Widgets and Enhancements Stax
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through 1.4.4.1. 2024-07-06 6.5 CVE-2024-37541
audit@patchstack.com stylemixthemes — cost_calculator_builder
  The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 4.8 CVE-2024-6011
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com stylemixthemes — cost_calculator_builder
  The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ’embed-create-page’ and ’embed-insert-pages’ functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary posts and append arbitrary content to existing posts. 2024-07-02 4.3 CVE-2024-6012
security@wordfence.com
security@wordfence.com
security@wordfence.com stylemixthemes — motors_-_car_dealer,_classifieds_&_listing
  The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages. 2024-07-02 5.3 CVE-2024-5545
security@wordfence.com
security@wordfence.com supsystic — easy_google_maps
  The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 5.4 CVE-2024-5219
security@wordfence.com
security@wordfence.com
security@wordfence.com syedbalkhi — wp_lightbox_2
  The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-03 5.4 CVE-2024-6263
security@wordfence.com
security@wordfence.com
security@wordfence.com thimpress — learnpress
  The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the ‘register’ function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user registration to create a new account with the default role. 2024-07-02 5.3 CVE-2024-6088
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com thimpress — learnpress
  The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the ‘check_validate_fields’ function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. 2024-07-02 5.3 CVE-2024-6099
security@wordfence.com
security@wordfence.com
security@wordfence.com Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618
  In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed 2024-07-01 5.1 CVE-2024-39429
security@unisoc.com Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618
  In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed 2024-07-01 5.1 CVE-2024-39430
security@unisoc.com Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2024-07-01 6.8 CVE-2024-39428
security@unisoc.com Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed 2024-07-01 5.1 CVE-2024-39427
security@unisoc.com voidcoders — void_contact_form_7_widget_for_elementor_page_builder
  The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cf7_redirect_page’ attribute within the plugin’s Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 5.4 CVE-2024-5419
security@wordfence.com
security@wordfence.com
security@wordfence.com WeblateOrg–weblate
  Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn’t correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects. 2024-07-01 4.4 CVE-2024-39303
security-advisories@github.com
security-advisories@github.com WpDevArt–Responsive Image Gallery, Gallery Album
  Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. 2024-07-06 5.4 CVE-2024-37542
audit@patchstack.com wpexpertplugins — post_meta_data_manager
  The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-02 5.4 CVE-2024-6264
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com XjSv–Basil
  The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `post_title` parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. Because the of the default WordPress validation, it is not possible to insert the payload directly but if the Cooked plugin is installed, it is possible to create a recipe post type (cp_recipe) and inject the payload in the title field. Version 2.0.5 contains a patch for the issue. 2024-07-01 5.4 CVE-2024-39310
security-advisories@github.com
security-advisories@github.com yeken — snippet_shortcodes
  The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-07-03 4.3 CVE-2024-4543
security@wordfence.com
security@wordfence.com zephyrproject-rtos–Zephyr
  A malicious BLE device can send a specific order of packet sequence to cause a DoS attack on the victim BLE device 2024-07-03 6.5 CVE-2024-3332
vulnerabilities@zephyrproject.org zitadel–zitadel
  ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent (browser). Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information (e.g. when created though the session service) were incorrectly listed exposing potentially other user’s sessions. Versions 2.55.1, 2.54.5, and 2.53.8 contain a fix for the issue. There is no workaround since a patch is already available. 2024-07-03 5.7 CVE-2024-39683
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com



Source link
lol

2code — himer  The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks 2024-07-03 5.4 CVE-2024-2234contact@wpscan.com 2code — himer  The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which…

Leave a Reply

Your email address will not be published. Required fields are marked *