Kartwheel News

Cyber stories

Vulnerability Summary for the Week of October 7, 2024 | CISA


ABB–RobotWare 6
  An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below.  This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 2024-10-10 5.1 CVE-2024-6157 cybersecurity@ch.abb.com
  adamskaat–Read more By Adam
  The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons. 2024-10-12 4.3 CVE-2024-9187 security@wordfence.com
security@wordfence.com
  adobe — animate
  Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-47419 psirt@adobe.com
  adobe — animate
  Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-47420 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 6.5 CVE-2024-45118 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs and have a low impact on both confidentiality and integrity. Exploitation of this issue does not require user interaction and scope is changed. 2024-10-10 6.4 CVE-2024-45119 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. 2024-10-10 6.1 CVE-2024-45123 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction. 2024-10-10 6.5 CVE-2024-45132 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. 2024-10-10 6.5 CVE-2024-45148 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 5.3 CVE-2024-45124 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction. 2024-10-10 5.4 CVE-2024-45128 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction. 2024-10-10 5.4 CVE-2024-45131 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45121 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45122 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45125 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-10-10 4.8 CVE-2024-45127 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45129 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45130 psirt@adobe.com
  adobe — commerce
  Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. 2024-10-10 4.3 CVE-2024-45149 psirt@adobe.com
  Adobe–Adobe Experience Manager
  Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. 2024-10-07 5.4 CVE-2024-45153 psirt@adobe.com
  Adobe–Lightroom Desktop
  Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-45145 psirt@adobe.com
  Adobe–Substance3D – Painter
  Substance3D – Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-20787 psirt@adobe.com
  afragen–Embed PDF Viewer
  The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ and ‘width’ parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-09 6.4 CVE-2024-9451 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  algoritmika–Download Plugins and Themes in ZIP from Dashboard
  The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9232 security@wordfence.com
security@wordfence.com
security@wordfence.com
  algoritmika–Maximum Products per User for WooCommerce
  The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-10 6.1 CVE-2024-9205 security@wordfence.com
security@wordfence.com
security@wordfence.com
  amandato–PowerPress Podcasting plugin by Blubrry
  The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘skipto’ shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-11 6.4 CVE-2024-9543 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  amirhelzer–WooCommerce Multilingual & Multicurrency with WPML
  The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-08 6.1 CVE-2024-8629 security@wordfence.com
security@wordfence.com
security@wordfence.com
  ampache–ampache
  ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. This vulnerability can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user. When the user submits the request, their playlist will be deleted. Any User with active sessions who are tricked into submitting a malicious request are impacted, as their playlists or other objects could be deleted without their consent. 2024-10-09 5.3 CVE-2024-47828 security-advisories@github.com
  angeljudesuarez — placement_management_system
  itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. 2024-10-07 6.1 CVE-2024-46300 cve@mitre.org
cve@mitre.org
  ays-pro–Survey Maker
  The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-10-08 4.4 CVE-2024-8488 security@wordfence.com
security@wordfence.com
  azexo–Mynx Page Builder
  The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-12 6.4 CVE-2024-9656 security@wordfence.com
security@wordfence.com
  bfintal–Stackable Page Builder Gutenberg Blocks
  The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don’t perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users. 2024-10-12 5.3 CVE-2024-8760 security@wordfence.com
security@wordfence.com
  bitpressadmin–Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
  The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to leverage a PHP filter chain attack and read the contents of arbitrary files on the server, which can contain sensitive information. 2024-10-11 4.9 CVE-2024-9507 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  BlackBerry–QNX Software Development Platform (SDP)
  NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process. 2024-10-08 6.2 CVE-2024-35215 secure@blackberry.com
  blockmeister–BlockMeister Block Pattern Builder
  The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9616 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  boonebgorges–BuddyPress Docs
  The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-08 6.1 CVE-2024-9207 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  brechtvds–WP Ultimate Post Grid
  The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-11 6.4 CVE-2024-9051 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  brevo — newsletter,_smtp,_email_marketing_and_subscribe
  The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-10 4.3 CVE-2024-8477 security@wordfence.com
security@wordfence.com
  butterflymedia–ImagePress Image Gallery
  The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-10-12 4.4 CVE-2024-9776 security@wordfence.com
security@wordfence.com
security@wordfence.com
  butterflymedia–ImagePress Image Gallery
  The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the ‘imagepress_admin_page’ function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-12 4.3 CVE-2024-9778 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  butterflymedia–ImagePress Image Gallery
  The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘ip_delete_post’ and ‘ip_update_post_title’ functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts and update post titles. 2024-10-12 4.3 CVE-2024-9824 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  bytecodealliance–wasmtime
  Wasmtime is an open source runtime for WebAssembly. Wasmtime’s implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it’s possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern “C”` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google’s OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x – patched in 21.0.2 * 22.0.x – patched in 22.0.1 * 23.0.x – patched in 23.0.3 * 24.0.x – patched in 24.0.1 * 25.0.x – patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions. 2024-10-09 5.5 CVE-2024-47763 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  Cacti–cacti
  Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.7 CVE-2024-43364 security-advisories@github.com
  Cacti–cacti
  Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.7 CVE-2024-43365 security-advisories@github.com
  cmsmasters–CMSMasters Content Composer
  The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-09 6.4 CVE-2024-7963 security@wordfence.com
security@wordfence.com
  code-projects–Blood Bank System
  A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 6.3 CVE-2024-9817 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  code-projects–Blood Bank System
  A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-12 6.3 CVE-2024-9894 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  code-projects–Blood Bank System
  A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. 2024-10-10 4.7 CVE-2024-9804 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Codezips–Online Shopping Portal
  A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 6.3 CVE-2024-9794 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Codezips–Tourist Management System
  A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 4.7 CVE-2024-9815 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Codezips–Tourist Management System
  A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 4.7 CVE-2024-9816 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Contemporary Control System–BASrouter BACnet BASRT-B
  A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 5.3 CVE-2024-9787 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  CreativeMindsSolutions–CM Tooltip Glossary
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.9. 2024-10-11 6.5 CVE-2024-48041 audit@patchstack.com
  cssjockey–WP Builder
  The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9457 security@wordfence.com
security@wordfence.com
  curatorio–Curator.io: Show all your social media posts in a beautiful feed.
  The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘feed_id’ attribute in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-10 6.4 CVE-2024-9057 security@wordfence.com
security@wordfence.com
  D-Link–DIR-619L B1
  A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used. 2024-10-13 5.5 CVE-2024-9908 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  dale668–Marketing and SEO Booster
  The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9066 security@wordfence.com
security@wordfence.com
  devitemsllc–ShopLentor WooCommerce Builder for Elementor & Gutenberg +12 Modules All in One Solution (formerly WooLentor)
  The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the ‘render’ function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. 2024-10-11 4.3 CVE-2024-9538 security@wordfence.com
security@wordfence.com
  directus–directus
  Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-08 4.2 CVE-2024-47822 security-advisories@github.com
  discourse–discourse
  Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users’ browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure. 2024-10-07 6.5 CVE-2024-47772 security-advisories@github.com
security-advisories@github.com
  discourse–discourse
  Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.3 CVE-2024-45297 security-advisories@github.com
  dvankooten–Social Sharing (by Danny)
  The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘dvk_social_sharing’ shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-12 6.4 CVE-2024-9704 security@wordfence.com
security@wordfence.com
  essamamdani–Advanced Blocks Pro
  The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9074 security@wordfence.com
security@wordfence.com
  EventPrime Events–EventPrime
  URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5. 2024-10-10 4.7 CVE-2024-47648 audit@patchstack.com
  fatcatapps–Forms for Mailchimp by Optin Cat Grow Your MailChimp List
  The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-10-12 4.4 CVE-2024-7489 security@wordfence.com
security@wordfence.com
security@wordfence.com
  Fortra–Robot Schedule Enterprise
  Fortra’s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled. 2024-10-09 5.5 CVE-2024-8264 df4dee71-de3a-4139-9588-11b62fe6c0ff
df4dee71-de3a-4139-9588-11b62fe6c0ff
  fullservices–FULL Cliente
  The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9211 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  gdprextensionscom–GDPR-Extensions-com Consent Manager
  The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9072 security@wordfence.com
security@wordfence.com
  GitLab–GitLab
  An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API. 2024-10-11 4.3 CVE-2024-5005 cve@gitlab.com
cve@gitlab.com
  GitLab–GitLab
  An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. 2024-10-10 4.9 CVE-2024-9623 cve@gitlab.com
  google — android
  In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701. 2024-10-07 4.4 CVE-2024-20091 security@mediatek.com
  google — android
  In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699. 2024-10-07 4.4 CVE-2024-20093 security@mediatek.com
  google — android
  In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636. 2024-10-07 4.4 CVE-2024-20095 security@mediatek.com
  google — android
  In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635. 2024-10-07 4.4 CVE-2024-20096 security@mediatek.com
  google — android
  In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630. 2024-10-07 4.4 CVE-2024-20097 security@mediatek.com
  google — android
  In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601. 2024-10-07 4.9 CVE-2024-20102 security@mediatek.com
  gregross–Auto iFrame
  The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag’ parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-09 6.4 CVE-2024-9449 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  h2o–h2o
  h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue. 2024-10-11 5.9 CVE-2024-45397 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  hcltech — connections
  HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. 2024-10-09 5.7 CVE-2024-30118 psirt@hcl.com
  HuangDou–UTCMS
  A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-13 6.3 CVE-2024-9917 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  HuangDou–UTCMS
  A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-13 4.7 CVE-2024-9918 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  idiom — easy_social_share_buttons
  The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-10 6.1 CVE-2024-8729 security@wordfence.com
security@wordfence.com
  jetbrains — teamcity
  In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API 2024-10-08 6.5 CVE-2024-47161 cve@jetbrains.com
  jetbrains — teamcity
  In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings 2024-10-08 5.4 CVE-2024-47950 cve@jetbrains.com
  jetbrains — teamcity
  In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings 2024-10-08 5.4 CVE-2024-47951 cve@jetbrains.com
  JetBrains–YouTrack
  In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API 2024-10-10 5.4 CVE-2024-48902 cve@jetbrains.com
  Juniper Networks–Junos OS
  An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos OS Evolved on PTX Series, allows an attacker sending malformed DHCP packets to cause ingress packet processing to stop, leading to a Denial of Service (DoS).  Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only occurs if DHCP snooping is enabled. See configuration below. This issue can be detected using following commands. Their output will display the interface status going down: user@device>show interfaces <if–x/x/x> user@device>show log messages | match <if–x/x/x> user@device>show log messages ==> will display the “[Error] Wedge-Detect : Host Loopback Wedge Detected: PFE: no,” logs. This issue affects: Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C line cards, and MX304: * All versions before 21.2R3-S7, * from 21.4 before 21.4R3-S6, * from 22.2 before 22.2R3-S3, * all versions of 22.3, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved on PTX Series: * from 19.3R1-EVO before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S5-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S1-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO. Junos OS Evolved releases prior to 19.3R1-EVO are unaffected by this vulnerability 2024-10-11 6.5 CVE-2024-39526 sirt@juniper.net
  Juniper Networks–Junos OS
  A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the SRX5K, SRX4600 and MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes local FPC to eventually run out of memory and crash.   Below CLI command can be used to check the memory usage over a period of time: ??user@host> show chassis fpc                 Temp CPU Utilization (%)   CPU Utilization (%) Memory   Utilization (%)   Slot State     (C)  Total  Interrupt     1min   5min   15min DRAM (MB) Heap     Buffer   0 Online       43     41         2                           2048       49         14   1 Online       43     41         2                           2048       49         14   2 Online       43     41         2                           2048       49         14 This issue affects Junos OS on SRX5K, SRX4600 and MX Series:  * All versions before 21.2R3-S7,  * from 21.4 before 21.4R3-S6,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R2. 2024-10-11 6.5 CVE-2024-47493 sirt@juniper.net
sirt@juniper.net
  Juniper Networks–Junos OS
  An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Denial-of-Service (DoS). If in a multicast scenario a sequence of specific PIM packets is received, this will cause a flowd crash and restart, which leads to momentary service interruption. This issue affects Junos OS on SRX 4600 and SRX 5000 Series: * All versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.3 versions before 22.3R3-S4, * 22.4 versions before 22.4R3-S4, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2,  * 24.2 versions before 24.2R1-S1, 24.2R2. 2024-10-11 6.5 CVE-2024-47503 sirt@juniper.net
  Juniper Networks–Junos OS
  An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of protected files on the file system. Through the execution of crafted CLI commands, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS on SRX Series:  * All versions before 21.4R3-S8,  * 22.2 before 22.2R3-S5,  * 22.3 before 22.3R3-S4,  * 22.4 before 22.4R3-S4,  * 23.2 before 23.2R2-S2,  * 23.4 before 23.4R2. 2024-10-11 5.5 CVE-2024-39527 sirt@juniper.net
  Juniper Networks–Junos OS
  A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the AgentD process during telemetry polling, to move the AgentD process into a state where AgentD attempts to reap an already destroyed sensor. This reaping attempt then leads to memory corruption causing the FPC to crash which is a Denial of Service (DoS). The FPC will recover automatically without user intervention after the crash. This issue affects Junos OS:  * All versions before 21.4R3-S9 * From 22.2 before 22.2R3-S5, * From 22.3 before 22.3R3-S4, * From 22.4 before 22.4R3-S3, * From 23.2 before 23.2R2-S2, * From 23.4 before 23.4R2. This issue does not affect Junos OS Evolved. 2024-10-11 5.9 CVE-2024-47494 sirt@juniper.net
  Juniper Networks–Junos OS
  A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific command is executed, the pfe crashes. This will cause traffic forwarding to be interrupted until the system self-recovers. Repeated execution will create a sustained DoS condition. This issue only affects MX Series devices with Line cards MPC1-MPC9. This issue affects: Junos OS on MX Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2. 2024-10-11 5.5 CVE-2024-47496 sirt@juniper.net
  Juniper Networks–Junos OS
  A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In a VPLS or Junos Fusion scenario, the execution of specific show commands will cause all FPCs hosting VPLS sessions or connecting to satellites to crash and restart. This issue affects Junos on MX304, MX with MPC10/11/LC9600 and EX9200 with EX9200-15C:  * All version before 21.2R3-S1, * 21.3 versions before 21.3R3,  * 21.4 versions before 21.4R2. 2024-10-11 5.5 CVE-2024-47501 sirt@juniper.net
  Juniper Networks–Junos OS
  A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a large amount of traffic is processed by ATP Cloud inspection, a deadlock can occur which will result in a PFE crash and restart. Whether the crash occurs, depends on system internal timing that is outside the attackers control. This issue affects Junos OS on SRX Series: * All versions before 21.3R3-S1, * 21.4 versions before 21.4R3, * 22.1 versions before 22.1R2, * 22.2 versions before 22.2R1-S2, 22.2R2. 2024-10-11 5.9 CVE-2024-47506 sirt@juniper.net
  Juniper Networks–Junos OS
  An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices. When a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this. This issue affects: Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.4 versions before 22.4R3;  Junos OS Evolved:  * All versions before 21.4R3-S7-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 versions before 22.4R3-EVO. 2024-10-11 5.8 CVE-2024-47507 sirt@juniper.net
  Juniper Networks–Junos OS Evolved
  An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices. This issue affects: Juniper Networks Junos OS Evolved with dual-REs: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R2-S1-EVO. This issue does not affect Juniper Networks Junos OS. 2024-10-11 6.7 CVE-2024-47495 sirt@juniper.net
  Juniper Networks–Junos OS Evolved
  An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plane overload situations which will severely impact the ability of the device to processes legitimate traffic. This issue affects Junos OS Evolved on QFX5000 Series: * All versions before 21.4R3-S8-EVO, * 22.2-EVO versions before 22.2R3-S5-EVO, * 22.4-EVO versions before 22.4R3-EVO, * 23.2-EVO versions before 23.2R2-EVO. 2024-10-11 6.5 CVE-2024-47498 sirt@juniper.net
  Juniper Networks–Junos OS Evolved
  An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * 22.1 versions before 22.1R3-S6-EVO, * 22.2 versions before 22.2R3-EVO,  * 22.3 versions before 22.3R3-EVO, * 22.4 versions before 22.4R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47508 and CVE-2024-47509. 2024-10-11 6.5 CVE-2024-47505 sirt@juniper.net
  Juniper Networks–Junos OS Evolved
  An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.3 versions before 21.3R3-EVO; * 21.4 versions before 22.1R2-EVO, * 22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509. 2024-10-11 6.5 CVE-2024-47508 sirt@juniper.net
  Juniper Networks–Junos OS Evolved
  An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.4R2-EVO, * 22.1 versions before 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47508. 2024-10-11 6.5 CVE-2024-47509 sirt@juniper.net
  Juniper Networks–Junos OS Evolved
  An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and broadcast address of the subnet assigned to an interface. This is unintended and unexpected behavior and can allow an attacker to bypass certain compensating controls, such as stateless firewall filters. This issue affects Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * 22.2-EVO before 22.2R3-S4-EVO,  * 22.3-EVO before 22.3R3-S4-EVO,  * 22.4-EVO before 22.4R3-S3-EVO,  * 23.2-EVO before 23.2R2-S1-EVO,  * 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO. 2024-10-11 5.4 CVE-2024-39534 sirt@juniper.net
  Juniper Networks–Junos OS Evolved
  An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentiality of the system. Junos OS Evolved:  * All versions before 20.4R3-S9-EVO,  * 21.2-EVO before 21.2R3-S7-EVO,  * 21.4-EVO before 21.4R3-S5-EVO,  * 22.1-EVO before 22.1R3-S5-EVO,  * 22.2-EVO before 22.2R3-S3-EVO,  * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO,  * 22.4-EVO before 22.4R3-EVO,  * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. 2024-10-11 5 CVE-2024-39544 sirt@juniper.net
  Juniper Networks–Junos OS Evolved
  An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service (DoS) to downstream devices. Receipt of specific transit protocol packets is incorrectly processed by the Routing Engine (RE), filling up the DDoS protection queue which is shared between routing protocols. This influx of transit protocol packets causes DDoS protection violations, resulting in protocol flaps which can affect connectivity to networking devices. This issue affects both IPv4 and IPv6. This issue does not require any specific routing protocol to be configured or enabled. The following commands can be used to monitor the DDoS protection queue:        labuser@re0> show evo-pfemand host pkt-stats ??  labuser@re0> show host-path ddos all-policers This issue affects Junos OS Evolved:  * All versions before 21.4R3-S8-EVO,  * from 22.2 before 22.2R3-S4-EVO,  * from 22.3 before 22.3R3-S4-EVO,  * from 22.4 before 22.4R3-S3-EVO,  * from 23.2 before 23.2R2-EVO,  * from 23.4 before 23.4R1-S1-EVO, 23.4R2-EVO,  * from 24.2 before 24.2R2-EVO. 2024-10-11 5.8 CVE-2024-47489 sirt@juniper.net
  kevinb–PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes
  The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9436 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  lara-zeus–dynamic-dashboard
  Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a paragraph widget is rendered. Users are advised to upgrade to the appropriate fix versions detailed in the advisory metadata. There are no known workarounds for this vulnerability. 2024-10-07 6.1 CVE-2024-47817 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  Lenovo–Dolby Vision Provisioning software
  A potential information disclosure vulnerability was reported in Lenovo’s packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. 2024-10-11 5.5 CVE-2024-5474 psirt@lenovo.com
  leogermani–Tainacan
  The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9221 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  limesurvey — limesurvey
  Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. 2024-10-07 6.1 CVE-2024-28709 cve@mitre.org
cve@mitre.org
  limesurvey — limesurvey
  Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget’s message component. 2024-10-07 6.1 CVE-2024-28710 cve@mitre.org
cve@mitre.org
  matbao–WP Helper Premium
  The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘whp_smtp_send_mail_test’ function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient. 2024-10-10 5.3 CVE-2024-9065 security@wordfence.com
security@wordfence.com
  MediaTek, Inc.–MT6761, MT6765, MT6768, MT6779, MT6785, MT6853, MT6873, MT6885, MT8385, MT8666, MT8667, MT8766, MT8768, MT8781, MT8788, MT8789
  In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703. 2024-10-07 6.7 CVE-2024-20090 security@mediatek.com
  MediaTek, Inc.–MT6768, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8188, MT8532, MT8675, MT8766, MT8768, MT8781, MT8786, MT8788
  In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626. 2024-10-07 6.7 CVE-2024-20098 security@mediatek.com
  MediaTek, Inc.–MT6768, MT6833, MT6853, MT6877, MT6893, MT8532
  In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625. 2024-10-07 6.7 CVE-2024-20099 security@mediatek.com
  meshtastic–firmware
  Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 6.4 CVE-2024-47079 security-advisories@github.com
  michaelzangl–Embed videos and respect privacy
  The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘v’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9346 security@wordfence.com
security@wordfence.com
security@wordfence.com
  Microsoft–Azure Service Fabric for Linux
  Azure Service Fabric for Linux Remote Code Execution Vulnerability 2024-10-08 6.6 CVE-2024-43480 secure@microsoft.com
  Microsoft–Microsoft Defender for Endpoint for Linux
  Microsoft Defender for Endpoint for Linux Spoofing Vulnerability 2024-10-08 5.5 CVE-2024-43614 secure@microsoft.com
  Microsoft–Microsoft Office LTSC 2024
  Microsoft Office Spoofing Vulnerability 2024-10-08 6.5 CVE-2024-43609 secure@microsoft.com
  Microsoft–Microsoft Outlook for Android
  Outlook for Android Elevation of Privilege Vulnerability 2024-10-08 5.7 CVE-2024-43604 secure@microsoft.com
  Microsoft–Microsoft Visual Studio 2022 version 17.11
  Visual Studio Collector Service Denial of Service Vulnerability 2024-10-08 5.5 CVE-2024-43603 secure@microsoft.com
  Microsoft–Power BI Report Server – May 2024
  Power BI Report Server Spoofing Vulnerability 2024-10-08 6.5 CVE-2024-43481 secure@microsoft.com
  Microsoft–Power BI Report Server – May 2024
  Power BI Report Server Spoofing Vulnerability 2024-10-08 6.9 CVE-2024-43612 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  BitLocker Security Feature Bypass Vulnerability 2024-10-08 6.4 CVE-2024-43513 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43523 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43524 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43525 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43526 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Graphics Component Information Disclosure Vulnerability 2024-10-08 6.5 CVE-2024-43534 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43536 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43537 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43538 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43540 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43542 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Remote Code Execution Vulnerability 2024-10-08 6.8 CVE-2024-43543 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Kerberos Information Disclosure Vulnerability 2024-10-08 6.5 CVE-2024-43547 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43555 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43557 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43558 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43559 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Mobile Broadband Driver Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43561 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Kernel Denial of Service Vulnerability 2024-10-08 5 CVE-2024-43520 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Windows Kernel-Mode Driver Information Disclosure Vulnerability 2024-10-08 5.5 CVE-2024-43554 secure@microsoft.com
  Microsoft–Windows 10 Version 1809
  Code Integrity Guard Security Feature Bypass Vulnerability 2024-10-08 5.5 CVE-2024-43585 secure@microsoft.com
  Microsoft–Windows 11 version 22H2
  Windows Resilient File System (ReFS) Information Disclosure Vulnerability 2024-10-08 5.5 CVE-2024-43500 secure@microsoft.com
  Microsoft–Windows 11 version 22H2
  Windows Graphics Component Information Disclosure Vulnerability 2024-10-08 5.5 CVE-2024-43508 secure@microsoft.com
  Microsoft–Windows 11 Version 24H2
  Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability 2024-10-08 6.7 CVE-2024-37976 secure@microsoft.com
  Microsoft–Windows 11 Version 24H2
  Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability 2024-10-08 6.7 CVE-2024-37982 secure@microsoft.com
  Microsoft–Windows 11 Version 24H2
  Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability 2024-10-08 6.7 CVE-2024-37983 secure@microsoft.com
  Microsoft–Windows 11 Version 24H2
  Windows Kernel Elevation of Privilege Vulnerability 2024-10-08 6.4 CVE-2024-43570 secure@microsoft.com
  Microsoft–Windows 11 Version 24H2
  Sudo for Windows Spoofing Vulnerability 2024-10-08 5.6 CVE-2024-43571 secure@microsoft.com
  Microsoft–Windows Server 2019
  Windows Kernel Elevation of Privilege Vulnerability 2024-10-08 6.7 CVE-2024-37979 secure@microsoft.com
  Microsoft–Windows Server 2019
  Windows Standards-Based Storage Management Service Denial of Service Vulnerability 2024-10-08 6.5 CVE-2024-43512 secure@microsoft.com
  Microsoft–Windows Server 2019
  Windows Remote Desktop Services Tampering Vulnerability 2024-10-08 4.8 CVE-2024-43456 secure@microsoft.com
  Microsoft–Windows Server 2022
  Windows Cryptographic Information Disclosure Vulnerability 2024-10-08 5.6 CVE-2024-43546 secure@microsoft.com
  Milestone Systems–XProtect VMS
  A possible buffer overflow in selected cameras’ drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions. 2024-10-08 6.7 CVE-2024-3506 cf45122d-9d50-442a-9b23-e05cde9943d8
  miraheze–ImportDump
  ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether. 2024-10-09 6 CVE-2024-47812 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  miraheze–ImportDump
  ImportDump is a mediawiki extension designed to automate user import requests. A user’s local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they’re the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it’s marked private. This issue has been addressed in commit `5c91dfc` and all users are advised to update. Users unable to update may disable the special page outside of their global wiki. See `miraheze/mw-config@e566499` for details on that. 2024-10-09 6.4 CVE-2024-47816 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  miraheze–IncidentReporting
  IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the `editincidents` right, some are available to those who can edit interface messages (typically administrators and interface admins), and one is available to those who can edit LocalSettings.php. These issues have been addressed in commit `43896a4` and all users are advised to upgrade. Users unable to upgrade should prevent access to the Special:IncidentReports page. 2024-10-09 6 CVE-2024-47815 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  n/a–07FLYCMS
  A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. 2024-10-11 4.7 CVE-2024-9855 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  n/a–07FLYCMS
  A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. 2024-10-12 4.7 CVE-2024-9903 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  n/a–07FLYCMS
  A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. 2024-10-13 4.7 CVE-2024-9904 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  n/a–ggit
  All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (–) to communicate the end of options. 2024-10-08 6.5 CVE-2024-21533 report@snyk.io
report@snyk.io
  n/a–LyLme_spage
  A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 4.7 CVE-2024-9788 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  n/a–LyLme_spage
  A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 4.7 CVE-2024-9789 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  n/a–LyLme_spage
  A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 4.7 CVE-2024-9790 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  n/a–n/a
  An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup. 2024-10-09 6.5 CVE-2023-45359 cve@mitre.org
cve@mitre.org
  n/a–n/a
  An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title, leading to incorrect web pages. 2024-10-09 6.1 CVE-2023-45361 cve@mitre.org
cve@mitre.org
  n/a–n/a
  3DSecure 2.0 allows form action hijacking via threeDsMethod.jsp?threeDSMethodData= or the threeDSMethodNotificationURL parameter. The destination web site for a form submission can be modified. 2024-10-09 6.1 CVE-2024-25285 cve@mitre.org
cve@mitre.org
  n/a–n/a
  A reflected cross-site scripting (XSS) vulnerability in Elaine’s Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php. 2024-10-07 6.1 CVE-2024-42831 cve@mitre.org
cve@mitre.org
cve@mitre.org
  n/a–n/a
  A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests. 2024-10-07 6.5 CVE-2024-45919 cve@mitre.org
  n/a–n/a
  OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. 2024-10-07 6.6 CVE-2024-45933 cve@mitre.org
cve@mitre.org
  n/a–n/a
  A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. 2024-10-09 6.1 CVE-2024-48933 cve@mitre.org
  n/a–n/a
  Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product’s repository, that have default APP_KEY values. 2024-10-11 6.6 CVE-2024-48987 cve@mitre.org
  n/a–n/a
  3DSecure 2.0 allows XSS in its 3DSMethod Authentication via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. 2024-10-09 5.4 CVE-2024-25282 cve@mitre.org
cve@mitre.org
  n/a–n/a
  3DSecure 2.0 allows reflected XSS in the 3DS Authorization Challenge via a modified params parameter in a /rest/online request with a /redirect?action=challenge&txn= substring. 2024-10-09 5.4 CVE-2024-25283 cve@mitre.org
cve@mitre.org
  n/a–n/a
  3DSecure 2.0 allows reflected XSS in the 3DS Authorization Method via the threeDsMethod.jsp threeDSMethodData parameter. 2024-10-09 5.4 CVE-2024-25284 cve@mitre.org
cve@mitre.org
  n/a–n/a
  D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src. 2024-10-07 5.7 CVE-2024-44674 cve@mitre.org
cve@mitre.org
  n/a–n/a
  TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. 2024-10-07 5.5 CVE-2024-46325 cve@mitre.org
  n/a–n/a
  An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory. 2024-10-08 4.9 CVE-2024-36814 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
  n/a–n/a
  PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature 2024-10-08 4.8 CVE-2024-46410 cve@mitre.org
cve@mitre.org
  n/a–VMware NSX, VMware Cloud Foundation
  VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. 2024-10-09 6.7 CVE-2024-38817 security@vmware.com
  n/a–VMware NSX, VMware Cloud Foundation
  VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. 2024-10-09 6.7 CVE-2024-38818 security@vmware.com
  n/a–VMware NSX, VMware Cloud Foundation
  VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. 2024-10-09 4.3 CVE-2024-38815 security@vmware.com
  namogo–Elementor Inline SVG
  The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-10 6.4 CVE-2024-9064 security@wordfence.com
security@wordfence.com
  omardabbas–Products, Order & Customers Export for WooCommerce
  The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-10 6.1 CVE-2024-9377 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Open Mainframe Project–Zowe
  The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running. 2024-10-10 5.3 CVE-2024-9802 zowe-security@lists.openmainframeproject.org
  OpenHarmony–OpenHarmony
  in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. 2024-10-08 5.5 CVE-2024-39806 scy@openharmony.io
  OpenHarmony–OpenHarmony
  in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. 2024-10-08 4.4 CVE-2024-39831 scy@openharmony.io
  PAX–POS terminals
  PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226. 2024-10-11 6.7 CVE-2023-42133 cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
  PHPOffice–PhpSpreadsheet
  PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It’s possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file’s type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability. 2024-10-07 6.3 CVE-2024-45291 security-advisories@github.com
  PHPOffice–PhpSpreadsheet
  PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `PhpOfficePhpSpreadsheetWriterHtml` does not sanitize “javascript:” URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.4 CVE-2024-45292 security-advisories@github.com
  pixelgrade–Category Icon
  The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-12 6.4 CVE-2024-8915 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  posimyththemes–The Plus Addons for Elementor Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce
  The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. 2024-10-11 4.3 CVE-2024-8913 security@wordfence.com
security@wordfence.com
  QODE–Bridge Core
  The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘formforall’ shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-08 6.4 CVE-2024-9292 security@wordfence.com
security@wordfence.com
  QODE–Bridge Core
  The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the ‘import_action’ and ‘install_plugin_per_demo’ functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change plugin settings, import demo data, and install limited plugins. 2024-10-12 6.5 CVE-2024-9860 security@wordfence.com
security@wordfence.com
  Qualcomm, Inc.–Snapdragon
  Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. 2024-10-07 6.7 CVE-2024-23370 product-security@qualcomm.com
  Qualcomm, Inc.–Snapdragon
  Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. 2024-10-07 6.7 CVE-2024-23374 product-security@qualcomm.com
  Qualcomm, Inc.–Snapdragon
  Memory corruption during the network scan request. 2024-10-07 6.7 CVE-2024-23375 product-security@qualcomm.com
  Qualcomm, Inc.–Snapdragon
  Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. 2024-10-07 6.7 CVE-2024-23376 product-security@qualcomm.com
  Qualcomm, Inc.–Snapdragon
  Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. 2024-10-07 6.7 CVE-2024-23378 product-security@qualcomm.com
  Qualcomm, Inc.–Snapdragon
  Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. 2024-10-07 6.7 CVE-2024-23379 product-security@qualcomm.com
  Qualcomm, Inc.–Snapdragon
  Information disclosure while sending implicit broadcast containing APP launch information. 2024-10-07 6.1 CVE-2024-38425 product-security@qualcomm.com
  quarka — qa_analytics
  The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin’s settings. 2024-10-10 5.3 CVE-2024-8513 security@wordfence.com
security@wordfence.com
  QuomodoSoft–ElementsReady Addons for Elementor
  URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. 2024-10-11 4.7 CVE-2024-47353 audit@patchstack.com
  rafasashi–Language Switcher
  The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9610 security@wordfence.com
security@wordfence.com
security@wordfence.com
  rainafarai–Notification for Telegram
  The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the ‘nftb_test_action’ function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings. 2024-10-10 4.3 CVE-2024-9685 security@wordfence.com
security@wordfence.com
security@wordfence.com
  Red Hat–OpenShift Developer Tools and Services
  A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah. 2024-10-09 4.4 CVE-2024-9675 secalert@redhat.com
secalert@redhat.com
  Red Hat–Red Hat 3scale API Management Platform 2
  A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed. 2024-10-09 5.3 CVE-2024-9671 secalert@redhat.com
secalert@redhat.com
  Red Hat–Red Hat Ansible Automation Platform 2
  A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases. 2024-10-08 5.3 CVE-2024-9620 secalert@redhat.com
secalert@redhat.com
  Red Hat–Red Hat build of Apache Camel for Quarkus
  A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log. 2024-10-08 5.3 CVE-2024-9621 secalert@redhat.com
secalert@redhat.com
  Red Hat–Red Hat JBoss Data Grid 7
  A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk. 2024-10-08 5.3 CVE-2024-9622 secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
  redis–redis
  Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 5.5 CVE-2024-31228 security-advisories@github.com
security-advisories@github.com
  redis–redis
  Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 4.4 CVE-2024-31227 security-advisories@github.com
security-advisories@github.com
  rescuethemes–Rescue Shortcodes
  The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rescue_tab’ shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-12 6.4 CVE-2024-9696 security@wordfence.com
security@wordfence.com
  robosoft–Photo Gallery, Images, Slider in Rbs Image Gallery
  The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles. 2024-10-08 4.3 CVE-2024-8431 security@wordfence.com
security@wordfence.com
security@wordfence.com
  Rocket.Chat–Mobile
  The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. 2024-10-07 6.7 CVE-2024-42027 support@hackerone.com
  saltcorn–saltcorn
  Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`. This issue has been addressed in release version 1.0.0-beta16 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-10-07 6.5 CVE-2024-47818 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  Samsung Mobile–Samsung Mobile Devices
  Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors. 2024-10-08 6.2 CVE-2024-34662 mobile.security@samsung.com
  Samsung Mobile–Samsung Mobile Devices
  Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. 2024-10-08 5.3 CVE-2024-34663 mobile.security@samsung.com
  Samsung Mobile–Samsung Mobile Devices
  Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment. 2024-10-08 4.1 CVE-2024-34664 mobile.security@samsung.com
  Samsung Mobile–SamsungVideoPlayer
  Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users. 2024-10-08 5.5 CVE-2024-34672 mobile.security@samsung.com
  Samsung Mobile–Sound Assistant
  Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information. 2024-10-08 4 CVE-2024-34670 mobile.security@samsung.com
  SAP_SE–SAP Commerce Backoffice
  SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. 2024-10-08 5.4 CVE-2024-45278 cna@sap.com
cna@sap.com
  SAP_SE–SAP HANA Client
  The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity. 2024-10-08 4.3 CVE-2024-45277 cna@sap.com
cna@sap.com
cna@sap.com
  SAP_SE–SAP NetWeaver Enterprise Portal (KMC)
  SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised. 2024-10-08 5.4 CVE-2024-47594 cna@sap.com
cna@sap.com
  SAP_SE–SAP S/4 HANA (Manage Bank Statements)
  Fields which are in ‘read only’ state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted. 2024-10-08 4.3 CVE-2024-45282 cna@sap.com
cna@sap.com
  Schneider Electric–Data Center Expert
  CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. 2024-10-11 5.9 CVE-2024-8530 cybersecurity@se.com
  scottpaterson–Easy PayPal Gift Certificate
  The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the ‘wpppgc_plugin_options’ function. This makes it possible for unauthenticated attackers to update the plugin’s settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-12 6.1 CVE-2024-9592 security@wordfence.com
security@wordfence.com
  siemens — sinec_security_monitor
  A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories. 2024-10-08 5.3 CVE-2024-47563 productcert@siemens.com
  siemens — sinec_security_monitor
  A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote attacker to compromise the integrity of the configuration of the affected application. 2024-10-08 4.3 CVE-2024-47565 productcert@siemens.com
  Siemens–ModelSim
  A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory. 2024-10-08 6.7 CVE-2024-47194 productcert@siemens.com
  Siemens–ModelSim
  A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory. 2024-10-08 6.7 CVE-2024-47195 productcert@siemens.com
  Siemens–ModelSim
  A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory. 2024-10-08 6.7 CVE-2024-47196 productcert@siemens.com
  Siemens–SIMATIC Drive Controller CPU 1504D TF
  The web server of affected devices do not properly authenticate user request to the ‘/ClientArea/RuntimeInfoData.mwsl’ endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load. 2024-10-08 5.3 CVE-2024-46887 productcert@siemens.com
  Siemens–SIMATIC Drive Controller CPU 1504D TF
  The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. 2024-10-08 4.7 CVE-2024-46886 productcert@siemens.com
  silabs.com–EFR32 BLE SDK
  A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recover the peripheral device. 2024-10-11 6.5 CVE-2024-6657 product-security@silabs.com
  sirv–Image Optimizer, Resizer and CDN Sirv
  The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-08 6.4 CVE-2024-8964 security@wordfence.com
security@wordfence.com
security@wordfence.com
  sldesignpl–Order Attachments for WooCommerce
  The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types. 2024-10-12 4.3 CVE-2024-9756 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  smp7, wp.insider–Simple Membership After Login Redirection
  URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6. 2024-10-10 4.7 CVE-2024-47354 audit@patchstack.com
  Solidigm–D5-P5316
  Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service. 2024-10-07 6.5 CVE-2024-47971 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
  Solidigm–D7-P5510
  Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. 2024-10-07 4.4 CVE-2024-47967 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
  Solidigm–D7-P5510
  Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource. 2024-10-07 4 CVE-2024-47972 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
  Solidigm–D7-P5510
  Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. 2024-10-07 4.4 CVE-2024-47974 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
  Solidigm–D7-P5520
  In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker. 2024-10-07 5.1 CVE-2024-47973 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
  Solidigm–DC P4510
  Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. 2024-10-07 6.2 CVE-2024-47969 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
  Solidigm–DC P4510
  Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. 2024-10-07 6.7 CVE-2024-47976 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
  Solidigm–DC P4510
  Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. 2024-10-07 4.4 CVE-2024-47968 f946a70c-00eb-42ce-8e9b-634d1f7b5a6f
  soplanning — soplanning
  SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. 2024-10-07 6.5 CVE-2024-9573 cve-coordination@incibe.es
  soplanning — soplanning
  SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. 2024-10-07 6.5 CVE-2024-9574 cve-coordination@incibe.es
  soplanning — soplanning
  Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session. 2024-10-07 5.4 CVE-2024-9571 cve-coordination@incibe.es
  soplanning — soplanning
  Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details. 2024-10-07 5.4 CVE-2024-9572 cve-coordination@incibe.es
  SourceCodester–Online Eyewear Shop
  A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=products/view_product. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 6.3 CVE-2024-9808 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Online Eyewear Shop
  A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=delete_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-10 6.3 CVE-2024-9809 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Online Eyewear Shop
  A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-10-13 6.3 CVE-2024-9905 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  StylemixThemes–uListing
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. 2024-10-07 5.3 CVE-2024-47344 audit@patchstack.com
  sujin2f–2D Tag Cloud
  The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-12 6.1 CVE-2024-9670 security@wordfence.com
security@wordfence.com
security@wordfence.com
  syracom — secure_login
  The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted. 2024-10-10 5.4 CVE-2024-48941 cve@mitre.org
  syracom — secure_login
  The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid. 2024-10-10 5.9 CVE-2024-48942 cve@mitre.org
  Tenda–AC1206
  A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-10 6.3 CVE-2024-9793 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  themehunk–Easy Mega Menu Plugin for WordPress ThemeHunk
  The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added. 2024-10-08 6.4 CVE-2024-8433 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  tobiasbg–TablePress Tables in WordPress made easy
  The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-12 6.4 CVE-2024-9595 security@wordfence.com
security@wordfence.com
  ttodua–Increase upload file size & Maximum Execution Time limit
  The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-11 6.1 CVE-2024-9611 security@wordfence.com
security@wordfence.com
security@wordfence.com
  Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. 2024-10-09 6.5 CVE-2024-39436 security@unisoc.com
  Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. 2024-10-09 6.5 CVE-2024-39437 security@unisoc.com
  Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. 2024-10-09 6.5 CVE-2024-39438 security@unisoc.com
  Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. 2024-10-09 6.2 CVE-2024-39439 security@unisoc.com
  Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed. 2024-10-09 6.2 CVE-2024-39440 security@unisoc.com
  Unknown–Custom Twitter Feeds
  Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts. 2024-10-08 4.8 CVE-2024-8983 contact@wpscan.com
  Unknown–Relevanssi
  In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor 2024-10-08 5.4 CVE-2024-9021 contact@wpscan.com
  Unknown–TI WooCommerce Wishlist
  The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-10-10 5.9 CVE-2024-9156 contact@wpscan.com
  Unknown–WP-Advanced-Search
  The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks 2024-10-10 5.9 CVE-2024-9796 contact@wpscan.com
  userplus–User registration & user profile UserPlus
  The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options. 2024-10-10 6.3 CVE-2024-9520 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  vittor1o–Linkz.ai Automatic link previews on hover
  The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘check_auth’ and ‘check_logout’ functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings. 2024-10-11 6.5 CVE-2024-9586 security@wordfence.com
security@wordfence.com
security@wordfence.com
  vittor1o–Linkz.ai Automatic link previews on hover
  The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ajax_linkz’ function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings. 2024-10-11 5.4 CVE-2024-9587 security@wordfence.com
security@wordfence.com
  webkul — krayin_crm
  Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. 2024-10-07 4.8 CVE-2024-45932 cve@mitre.org
cve@mitre.org
  webtechstreet–Elementor Addon Elements
  The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. 2024-10-12 4.3 CVE-2024-8902 security@wordfence.com
security@wordfence.com
  webtoffee–WordPress Comments Import & Export
  The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9 2024-10-11 6.5 CVE-2024-7514 security@wordfence.com
security@wordfence.com
  wp-buy–Limit Login Attempts (Spam Protection)
  The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. 2024-10-08 5.3 CVE-2022-4534 security@wordfence.com
security@wordfence.com
security@wordfence.com
  wproyal–Royal Elementor Addons and Templates
  The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-08 6.4 CVE-2024-8482 security@wordfence.com
security@wordfence.com
security@wordfence.com
  youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
  The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-10 6.4 CVE-2024-8987 security@wordfence.com
security@wordfence.com
security@wordfence.com
  youzify–Youzify BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
  The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘delete_attachment’ function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. 2024-10-10 4.3 CVE-2024-9067 security@wordfence.com
security@wordfence.com
  ZTE–ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series
  Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier. 2024-10-10 6 CVE-2024-22068 psirt@zte.com.cn
 



Source link
lol

ABB–RobotWare 6  An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below.  This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5-…

Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Recent Comments

No comments to show.