Vulnerability Summary for the Week of August 5, 2024

Vulnerability Summary for the Week of August 5, 2024 | CISA

by nlqip
August 12, 2024

10web–Slider by 10Web Responsive Image Slider
The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-08-08 8.8 CVE-2024-7150 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
Alien Technology–ALR-F800

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-07 9.8 CVE-2024-7580 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Alien Technology–ALR-F800
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-07 7.3 CVE-2024-7578 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
AMD–3rd Gen AMD EPYC Processors
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest’s memory or UMC seed resulting in loss of confidentiality and integrity. 2024-08-05 7.9 CVE-2024-21980 psirt@amd.com
Apache Software Foundation–Apache CloudStack
CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin. An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure. Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. Additionally, all account-user API and secret keys should be regenerated. 2024-08-07 8.8 CVE-2024-42062 security@apache.org
security@apache.org
security@apache.org
Apache Software Foundation–Apache OFBiz
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don’t explicitly check user’s permissions because they rely on the configuration of their endpoints). 2024-08-05 8.1 CVE-2024-38856 security@apache.org
security@apache.org
security@apache.org
security@apache.org
Arm Ltd–Bifrost GPU Kernel Driver
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0. 2024-08-05 7.8 CVE-2024-2937 arm-security@arm.com
Arm Ltd–Bifrost GPU Kernel Driver
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0. 2024-08-05 7.8 CVE-2024-4607 arm-security@arm.com
asterisk–asterisk
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue. 2024-08-08 7.4 CVE-2024-42365 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
Calibre–Calibre
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. 2024-08-06 9.8 CVE-2024-6782 info@starlabs.sg
info@starlabs.sg
Calibre–Calibre
Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. 2024-08-06 7.5 CVE-2024-6781 info@starlabs.sg
info@starlabs.sg
Canonical Ltd.–wpa_supplicant
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. 2024-08-07 8.8 CVE-2024-5290 security@ubuntu.com
security@ubuntu.com
Cisco–Cisco Small Business IP Phones
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level. 2024-08-07 9.8 CVE-2024-20450 ykramarz@cisco.com
Cisco–Cisco Small Business IP Phones
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level. 2024-08-07 9.8 CVE-2024-20454 ykramarz@cisco.com
Cisco–Cisco Small Business IP Phones
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device. 2024-08-07 7.5 CVE-2024-20451 ykramarz@cisco.com
codename065–MultiPurpose
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the ‘wpeden_post_meta’ post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-08-08 8.8 CVE-2024-7486 security@wordfence.com
security@wordfence.com
codename065–News Flash
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-08-08 7.2 CVE-2024-7560 security@wordfence.com
security@wordfence.com
crmperks–CRM Perks Forms WordPress Form Builder
The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the ‘handle_uploaded_files’ function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-08-06 7.2 CVE-2024-7484 security@wordfence.com
security@wordfence.com
security@wordfence.com
Delta Electronics–DIAScreen
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. 2024-08-06 7.8 CVE-2024-7502 ics-cert@hq.dhs.gov
ForIP Tecnologia–Administrao PABX
A vulnerability was found in ForIP Tecnologia AdministraÃ§Ã£o PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-05 7.3 CVE-2024-7461 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Google–Chrome

Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-08-06 8.8 CVE-2024-6988 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome

Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-08-06 8.8 CVE-2024-6989 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome

Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-08-06 8.8 CVE-2024-6991 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-08-06 8.8 CVE-2024-6994 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome

Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-08-06 8.8 CVE-2024-6997 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome

Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-08-06 8.8 CVE-2024-6998 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome

Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2024-08-06 8.8 CVE-2024-7000 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome
Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) 2024-08-06 8.8 CVE-2024-7532 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome
Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-08-06 8.8 CVE-2024-7533 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-08-06 8.8 CVE-2024-7534 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome
Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-08-06 8.8 CVE-2024-7535 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome
Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-08-06 8.8 CVE-2024-7536 chrome-cve-admin@google.com
chrome-cve-admin@google.com
Google–Chrome
Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-08-06 8.8 CVE-2024-7550 chrome-cve-admin@google.com
chrome-cve-admin@google.com
gopiplus–Horizontal scrolling announcements
The Horizontal scrolling announcements plugin for WordPress is vulnerable to SQL Injection via the plugin’s ‘hsas-shortcode’ shortcode in versions up to, and including, 2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-08-06 8.8 CVE-2023-5000 security@wordfence.com
security@wordfence.com
security@wordfence.com
Halo Service Solutions–HaloITSM
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. 2024-08-06 9.8 CVE-2024-6202 vulnerability@ncsc.ch
Halo Service Solutions–HaloITSM
HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting (XSS) vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. 2024-08-06 8 CVE-2024-6200 vulnerability@ncsc.ch
Halo Service Solutions–HaloITSM
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim’s account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. 2024-08-06 8.3 CVE-2024-6203 vulnerability@ncsc.ch
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. 2024-08-06 9.8 CVE-2024-42394 security-alert@hpe.com
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. 2024-08-06 9.8 CVE-2024-42395 security-alert@hpe.com
Hewlett Packard Enterprise (HPE)–Hpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. 2024-08-06 9.8 CVE-2024-42393 security-alert@hpe.com
Hitachi–Hitachi Tuning Manager
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. 2024-08-06 8.6 CVE-2024-5828 hirt@hitachi.co.jp
Huawei–HarmonyOS
Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2024-08-08 9.3 CVE-2024-42037 psirt@huawei.com
Huawei–HarmonyOS
Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality. 2024-08-08 8.4 CVE-2024-42035 psirt@huawei.com
Huawei–HarmonyOS
Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. 2024-08-08 8.8 CVE-2024-42038 psirt@huawei.com
itsourcecode–Airline Reservation System
A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been classified as critical. Affected is the function login/login2 of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273624. 2024-08-06 7.3 CVE-2024-7498 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
itsourcecode–Bike Delivery System
A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Affected is an unknown function of the file contact_us_action.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273648. 2024-08-06 7.3 CVE-2024-7505 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Janobe — School Attendance Monitoring System

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following ‘Attendance’ and ‘YearLevel’ in ‘/report/attendance_print.php’ parameter. 2024-08-06 7.5 CVE-2024-33973 cve-coordination@incibe.es
Janobe–Janobe PayPal
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘q’, ‘arrival’, ‘departure’ and ‘accomodation’ parameters in ‘/index.php’. 2024-08-06 7.1 CVE-2024-33979 cve-coordination@incibe.es
Janobe–Janobe PayPal
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘start’ parameter in ‘/admin/mod_reports/printreport.php’. 2024-08-06 7.1 CVE-2024-33980 cve-coordination@incibe.es
Janobe–Janobe PayPal
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘start’ parameter in ‘/admin/mod_reports/index.php’. 2024-08-06 7.1 CVE-2024-33981 cve-coordination@incibe.es
Janobe–School Attendance Monitoring System
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘StudentID’ parameter in ‘/AttendanceMonitoring/student/controller.php’. 2024-08-06 7.1 CVE-2024-33982 cve-coordination@incibe.es
Janobe–School Attendance Monitoring System
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘Attendance’, ‘attenddate’ and ‘YearLevel’ parameters in ‘/AttendanceMonitoring/report/attendance_print.php’. 2024-08-06 7.1 CVE-2024-33983 cve-coordination@incibe.es
Janobe–School Attendance Monitoring System
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘Attendance’, ‘attenddate’ and ‘YearLevel’ parameters in ‘/AttendanceMonitoring/report/index.php’. 2024-08-06 7.1 CVE-2024-33984 cve-coordination@incibe.es
Janobe–School Attendance Monitoring System
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘View’ parameter in ‘/course/index.php’. 2024-08-06 7.1 CVE-2024-33985 cve-coordination@incibe.es
Janobe–School Attendance Monitoring System
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘View’ parameter in ‘/department/index.php’. 2024-08-06 7.1 CVE-2024-33986 cve-coordination@incibe.es
Janobe–School Attendance Monitoring System
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘Attendance’, ‘attenddate’, ‘YearLevel’, ‘eventdate’, ‘events’, ‘Users’ and ‘YearLevel’ parameters in ‘/report/index.php’. 2024-08-06 7.1 CVE-2024-33987 cve-coordination@incibe.es
Janobe–School Attendance Monitoring System
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the ‘Attendance’, ‘attenddate’ and ‘YearLevel’ parameters in ‘/report/attendance_print.php’. 2024-08-06 7.1 CVE-2024-33988 cve-coordination@incibe.es
Janobe–School Event Management System
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the ‘eventdate’ and ‘events’ parameters in ‘port/event_print.php’. 2024-08-06 7.1 CVE-2024-33989 cve-coordination@incibe.es
Janobe–School Event Management System
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the ‘id’ and ‘view’ parameters in ‘/user/index.php’. 2024-08-06 7.1 CVE-2024-33990 cve-coordination@incibe.es
Janobe–School Event Management System
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the ‘view’ parameter in ‘/eventwinner/index.php’. 2024-08-06 7.1 CVE-2024-33991 cve-coordination@incibe.es
Janobe–School Event Management System
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the ‘view’ parameter in ‘/student/index.php’. 2024-08-06 7.1 CVE-2024-33992 cve-coordination@incibe.es
Janobe–School Event Management System
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the ‘view’ parameter in /candidate/index.php’. 2024-08-06 7.1 CVE-2024-33993 cve-coordination@incibe.es
Janobe–School Event Management System
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the ‘view’ parameter in ‘/event/index.php’. 2024-08-06 7.1 CVE-2024-33994 cve-coordination@incibe.es
JetBrains–TeamCity
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions 2024-08-06 7.5 CVE-2024-43114 cve@jetbrains.com
JFrog–Artifactory
JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning. 2024-08-05 9.3 CVE-2024-6915 reefs@jfrog.com
Journyx–Journyx (jtime)

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. 2024-08-07 8.8 CVE-2024-6890 bbf0bd87-ece2-41be-b873-96928ee8fab9
Journyx–Journyx (jtime)

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. 2024-08-08 8.8 CVE-2024-6891 bbf0bd87-ece2-41be-b873-96928ee8fab9
Journyx–Journyx (jtime)

The “soap_cgi.pyc” API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. 2024-08-08 7.5 CVE-2024-6893 bbf0bd87-ece2-41be-b873-96928ee8fab9
jupyterhub–jupyterhub
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the `admin:users` scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that `admin:users` is already an extremely privileged scope only granted to trusted users. In effect, `admin:users` is equivalent to `admin=True`, which is not intended. Note that the change here only prevents escalation to the built-in JupyterHub admin role that has unrestricted permissions. It does not prevent users with e.g. `groups` permissions from granting themselves or other users permissions via group membership, which is intentional. Versions 4.1.6 and 5.1.0 fix this issue. 2024-08-08 7.2 CVE-2024-41942 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
kaizencoders–Traffic Manager
The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page’ parameter in the ‘UserWebStat’ AJAX function in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-08-06 7.2 CVE-2024-7485 security@wordfence.com
security@wordfence.com
security@wordfence.com
KAON Group–AR2140
Firmware in KAON AR2140 routers prior to version 4.2.16 is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router. 2024-08-08 7.2 CVE-2024-3659 cvd@cert.pl
cvd@cert.pl
mailcow–mailcow-dockerized
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of the user’s browser. This could lead to unauthorized actions, data theft, or further exploitation of the affected system. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-08-05 7.6 CVE-2024-41959 security-advisories@github.com
security-advisories@github.com
mainwp–MainWP Child Reports
The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. 2024-08-08 8.8 CVE-2024-7492 security@wordfence.com
security@wordfence.com
security@wordfence.com
matrix-org–matrix-react-sdk
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user’s account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-08-06 7.7 CVE-2024-42347 security-advisories@github.com
security-advisories@github.com
Microsoft–Dynamics CRM Service Portal Web Resource
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. 2024-08-06 8.2 CVE-2024-38166 secure@microsoft.com
Microsoft–Microsoft Copilot Studio
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network. 2024-08-06 8.5 CVE-2024-38206 secure@microsoft.com
Microsoft–Windows 10 Version 1809
Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful. Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE. This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs. Details A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability. Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center. Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems. Recommended Actions The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available. Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors. Audit File System – Windows 10 | Microsoft Learn Apply a basic audit policy on a file or folder – Windows 10 | Microsoft Learn Audit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations. Audit: Audit the use of Backup and Restore privilege (Windows 10) – Windows 10 | Microsoft Learn Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only. Access Control overview | Microsoft Learn Discretionary Access Control Lists (DACL) Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability. Audit Sensitive Privilege Use – Windows 10 | Microsoft Learn 2024-08-08 7.3 CVE-2024-38202 secure@microsoft.com
MongoDB Inc–MongoDB Server
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue 2024-08-07 7.3 CVE-2024-7553 cna@mongodb.com
cna@mongodb.com
cna@mongodb.com
Mozilla–Firefox for iOS
Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. 2024-08-06 9.8 CVE-2024-43111 security@mozilla.org
security@mozilla.org
Mozilla–Firefox
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. 2024-08-06 9.8 CVE-2024-7521 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
Mozilla–Firefox
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. 2024-08-06 9.1 CVE-2024-7522 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
Mozilla–Firefox
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. 2024-08-06 9.1 CVE-2024-7525 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
Mozilla–Firefox
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. 2024-08-06 9.8 CVE-2024-7528 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
Mozilla–Firefox
Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129. 2024-08-06 9.8 CVE-2024-7530 security@mozilla.org
security@mozilla.org
Mozilla–Firefox
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. 2024-08-06 8.8 CVE-2024-7519 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
Mozilla–Firefox
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. 2024-08-06 8.8 CVE-2024-7520 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
Mozilla–Firefox
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. 2024-08-06 8.8 CVE-2024-7527 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
Mozilla–Firefox
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. 2024-08-06 8.1 CVE-2024-7529 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
Mozilla–Firefox
ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. 2024-08-06 7.5 CVE-2024-7526 security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
security@mozilla.org
N/A — N/A

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 were discovered to contain a shell injection vulnerability via the interface check_config. 2024-08-06 9.8 CVE-2024-39228 cve@mitre.org
cve@mitre.org
N/A — N/A

A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the “username” parameter. 2024-08-07 9.8 CVE-2024-41237 cve@mitre.org
cve@mitre.org
N/A — N/A

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. 2024-08-06 9.8 CVE-2024-41616 cve@mitre.org
cve@mitre.org
N/A — N/A

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. 2024-08-07 9.8 CVE-2024-42005 cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. 2024-08-07 7.8 CVE-2024-41308 cve@mitre.org
N/A — N/A

An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. 2024-08-07 7.8 CVE-2024-41309 cve@mitre.org
N/A — N/A

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. 2024-08-07 7.5 CVE-2024-41990 cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. 2024-08-07 7.5 CVE-2024-41991 cve@mitre.org
cve@mitre.org
cve@mitre.org
N/A — N/A

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. 2024-08-07 7.8 CVE-2024-43199 cve@mitre.org
cve@mitre.org
cve@mitre.org
n/a–DataGear

A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of special elements used in an expression language statement. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273697 was assigned to this vulnerability. 2024-08-06 8.8 CVE-2024-7552 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
N/A–N/A

SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. 2024-08-07 9.8 CVE-2024-34479 cve@mitre.org
N/A–N/A

SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. 2024-08-07 9.8 CVE-2024-34480 cve@mitre.org
N/A–N/A

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. 2024-08-06 9.8 CVE-2024-39225 cve@mitre.org
cve@mitre.org
N/A–N/A

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data. 2024-08-06 9.8 CVE-2024-39226 cve@mitre.org
cve@mitre.org
N/A–N/A

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent. 2024-08-07 7.5 CVE-2024-41989 cve@mitre.org
cve@mitre.org
cve@mitre.org
n/a–n/a
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. 2024-08-06 9.6 CVE-2024-28739 cve@mitre.org
n/a–n/a
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024. 2024-08-06 9.1 CVE-2024-33897 cve@mitre.org
cve@mitre.org
cve@mitre.org
n/a–n/a
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config. 2024-08-06 9.8 CVE-2024-39227 cve@mitre.org
cve@mitre.org
n/a–n/a
SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php 2024-08-05 9.8 CVE-2024-40498 cve@mitre.org
n/a–n/a
Insecure Permissions vulnerability in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote attacker to execute arbitrary code via modification of the X-Forwarded-For header component. 2024-08-05 9.8 CVE-2024-40530 cve@mitre.org
n/a–n/a
An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version. 2024-08-06 9.1 CVE-2024-41270 cve@mitre.org
n/a–n/a
An issue in UAB Lexita PanteraCRM CMS v.401.152 and Patera CRM CMS v.402.072 allows a remote attacker to escalate privileges via the user profile management function. 2024-08-05 8.8 CVE-2024-40531 cve@mitre.org
n/a–n/a
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. 2024-08-06 8.8 CVE-2024-41226 cve@mitre.org
cve@mitre.org
n/a–n/a
dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. 2024-08-05 8.8 CVE-2024-41376 cve@mitre.org
n/a–n/a
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system’s hard disk. 2024-08-08 7.5 CVE-2023-33206 cve@mitre.org
cve@mitre.org
n/a–n/a
PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later, 2024-08-06 7.5 CVE-2024-30170 cve@mitre.org
cve@mitre.org
n/a–n/a
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information. 2024-08-05 7.5 CVE-2024-42010 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
n/a–n/a
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. 2024-08-06 7 CVE-2024-42219 cve@mitre.org
cve@mitre.org
n/a–PostgreSQL
Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. 2024-08-08 8.8 CVE-2024-7348 f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
nuxt–icon
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`. The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure. The `new URL` constructor is used to parse the final path. This constructor can be passed a relative scheme or path in order to change the host the request is sent to. This constructor is also very tolerant of poorly formatted URLs. As a result we can pass a path prefixed with the string `http:`. This has the effect of changing the scheme to HTTP. We can then subsequently pass a new host, for example `http:127.0.0.1:8080`. This would allow us to send requests to a local server. This issue has been addressed in release version 1.4.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-08-05 8.6 CVE-2024-42352 security-advisories@github.com
nuxt–nuxt
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this vulnerability. In certain configurations an attacker could leak the devtools authentication token and then abuse other RPC functions to achieve RCE. The `getTextAssetContent` function does not check for path traversals, this could allow an attacker to read arbitrary files over the RPC WebSocket. The WebSocket server does not check the origin of the request leading to cross-site-websocket-hijacking. This may be intentional to allow certain configurations to work correctly. Nuxt Devtools authentication tokens are placed within the home directory of the current user. The malicious webpage can connect to the Devtools WebSocket, perform a directory traversal brute force to find the authentication token, then use the *authenticated* `writeStaticAssets` function to create a new Component, Nitro Handler or `app.vue` file which will run automatically as the file is changed. This vulnerability has been addressed in release version 1.3.9. All users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-08-05 8.8 CVE-2024-23657 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nuxt–nuxt
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands. Users who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page. Since web pages can send requests to arbitrary addresses, a malicious web page can repeatedly try to exploit this vulnerability, which then triggers the exploit when the test server starts. 2024-08-05 8.8 CVE-2024-34344 security-advisories@github.com
NVIDIA–GPU Display Driver, vGPU Software, Cloud Gaming
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. 2024-08-08 7.8 CVE-2024-0107 psirt@nvidia.com
NVIDIA–Mellanox OS
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service. 2024-08-08 7.5 CVE-2024-0101 psirt@nvidia.com
NVIDIA–NVIDIA Jetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson TX1, Jetson Nano series
NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges. 2024-08-08 8.7 CVE-2024-0108 psirt@nvidia.com
Open WebUI–Open WebUI

Attacker controlled files can be uploaded to arbitrary locations on the web server’s filesystem by abusing a path traversal vulnerability. 2024-08-07 8.8 CVE-2024-6707 bbf0bd87-ece2-41be-b873-96928ee8fab9
Pimax–Pimax Play
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker. 2024-08-05 8.8 CVE-2024-41889 vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
Qualcomm, Inc.–Snapdragon
Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. 2024-08-05 8.4 CVE-2024-21481 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU. 2024-08-05 8.4 CVE-2024-23381 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption while processing graphics kernel driver request to create DMA fence. 2024-08-05 8.4 CVE-2024-23382 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption when kernel driver attempts to trigger hardware fences. 2024-08-05 8.4 CVE-2024-23383 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. 2024-08-05 8.4 CVE-2024-23384 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption while processing IOCTL call to set metainfo. 2024-08-05 8.4 CVE-2024-33021 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption while allocating memory in HGSL driver. 2024-08-05 8.4 CVE-2024-33022 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. 2024-08-05 8.4 CVE-2024-33023 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. 2024-08-05 8.4 CVE-2024-33027 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. 2024-08-05 8.4 CVE-2024-33028 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time. 2024-08-05 8.4 CVE-2024-33034 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS during music playback of ALAC content. 2024-08-05 7.5 CVE-2024-21479 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA. 2024-08-05 7.5 CVE-2024-23352 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. 2024-08-05 7.5 CVE-2024-23353 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption when keymaster operation imports a shared key. 2024-08-05 7.8 CVE-2024-23355 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Memory corruption during session sign renewal request calls in HLOS. 2024-08-05 7.8 CVE-2024-23356 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing fragments of MBSSID IE from beacon frame. 2024-08-05 7.5 CVE-2024-33010 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. 2024-08-05 7.5 CVE-2024-33011 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. 2024-08-05 7.5 CVE-2024-33012 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. 2024-08-05 7.5 CVE-2024-33013 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing ESP IE from beacon/probe response frame. 2024-08-05 7.5 CVE-2024-33014 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. 2024-08-05 7.5 CVE-2024-33015 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. 2024-08-05 7.5 CVE-2024-33018 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing the received TID-to-link mapping action frame. 2024-08-05 7.5 CVE-2024-33019 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while processing TID-to-link mapping IE elements. 2024-08-05 7.5 CVE-2024-33020 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. 2024-08-05 7.5 CVE-2024-33024 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. 2024-08-05 7.5 CVE-2024-33025 product-security@qualcomm.com
Qualcomm, Inc.–Snapdragon
Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. 2024-08-05 7.5 CVE-2024-33026 product-security@qualcomm.com
Raisecom–MSG1200

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273560. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-05 9.8 CVE-2024-7467 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Raisecom–MSG1200

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been classified as critical. This affects the function sslvpn_config_mod of the file /vpn/list_service_manage.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273561 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-05 9.8 CVE-2024-7468 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Raisecom-MSG1200

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273562 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-05 9.8 CVE-2024-7469 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Raisecom-MSG1200

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-05 9.8 CVE-2024-7470 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Red Hat–Red Hat Enterprise Linux 8
A flaw was found in libnbd. The client did not always correctly verify the NBD server’s certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic. 2024-08-05 7.4 CVE-2024-7383 secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
reputeinfosystems–Appointment Booking Calendar Plugin and Scheduling Plugin BookingPress
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user’s identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user’s email. This is only exploitable when the ‘Auto login user after successful booking’ setting is enabled. 2024-08-08 9.8 CVE-2024-7350 security@wordfence.com
security@wordfence.com
security@wordfence.com
Ricoh Company, Ltd.–JavaTM Platform
Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor. 2024-08-06 7.5 CVE-2024-41995 vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
Samsung Mobile — Samsung Notes

Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. 2024-08-07 7.8 CVE-2024-34622 mobile.security@samsung.com
Samsung Mobile — Samsung Notes

Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. 2024-08-07 7.8 CVE-2024-34623 mobile.security@samsung.com
Samsung Mobile–Samsung Mobile Devices
Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. 2024-08-07 8.4 CVE-2024-34620 mobile.security@samsung.com
Samsung Mobile–Samsung Mobile Devices
Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. 2024-08-07 7.3 CVE-2024-34612 mobile.security@samsung.com
Samsung Mobile–Samsung Mobile Devices
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. 2024-08-07 7.3 CVE-2024-34614 mobile.security@samsung.com
Samsung Mobile–Samsung Mobile Devices
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. 2024-08-07 7.5 CVE-2024-34619 mobile.security@samsung.com
shahriar0822–The Next
The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpeden_post_meta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-08-08 8.8 CVE-2024-7561 security@wordfence.com
security@wordfence.com
shopware–shopware
Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. Prior to versions 6.6.5.1 and 6.5.8.13, it accepts as parameter a string the feature flag name to silence, but this parameter is not escaped properly and allows execution of code. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. 2024-08-08 8.3 CVE-2024-42355 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
shopware–shopware
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a helper with a callable function. The function can be called also from Twig and as the second parameter allows any callable, it’s possible to call from Twig any statically callable PHP function/method. It’s not possible as customer to provide any Twig code, the attacker would require access to Administration to exploit it using Mail templates or using App Scripts. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. 2024-08-08 8.3 CVE-2024-42356 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
shopware–shopware
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin. 2024-08-08 7.3 CVE-2024-42357 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
Tenda–A301

A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-07 9.8 CVE-2024-7581 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tenda–i22
A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-07 9.8 CVE-2024-7582 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tenda–i22

A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-07 9.8 CVE-2024-7583 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tenda–i22
A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-07 8.8 CVE-2024-7584 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
Tenda–i22
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-07 8.8 CVE-2024-7585 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
The Document Foundation–LibreOffice
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5. 2024-08-05 7.8 CVE-2024-6472 security@documentfoundation.org
thimpress–LearnPress WordPress LMS Plugin
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-08-08 8.8 CVE-2024-7548 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
TOTOLINK–CP450
A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-05 8.8 CVE-2024-7465 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
TOTOLINK–CP900
A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-05 8.8 CVE-2024-7463 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
TOTOLINK–N350RT
A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-08-05 8.8 CVE-2024-7462 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
unitecms–Blox Page Builder
The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘handleUploadFile’ function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-08-06 8.8 CVE-2024-6315 security@wordfence.com
security@wordfence.com
Unknown–Himer
The lacks CSRF checks allowing a user to invite any user to any group (including private groups) 2024-08-05 8.1 CVE-2024-2232 contact@wpscan.com
Unknown–Product

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks 2024-08-06 8.8 CVE-2024-6720 contact@wpscan.com
Vonets–VAR1200-H
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. These accounts cannot be disabled. 2024-08-08 7.5 CVE-2024-41161 ics-cert@hq.dhs.gov
vrcx-team–VRCX
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In addition to the patch, VRCX maintainers worked with the VRC team and blocked the older version of VRCX on the VRC’s API side. Users who use the older version of VRCX must update their installation to continue using VRCX. 2024-08-08 9 CVE-2024-42366 security-advisories@github.com
security-advisories@github.com
Webnus–Modern Events Calendar
The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the ‘mec_fes_form’ AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. 2024-08-07 8.5 CVE-2024-6522 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wpbakery–WPBakery Visual Composer
The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the ‘layout_name’ parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-08-06 8.8 CVE-2024-5709 security@wordfence.com
security@wordfence.com
Zscaler–Client Connector

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. 2024-08-06 9.8 CVE-2024-23483 cve@zscaler.com
Zscaler–Client Connector

Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled. 2024-08-06 7.5 CVE-2024-23456 cve@zscaler.com
Zscaler–Client Connector

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190. 2024-08-06 7.8 CVE-2024-23458 cve@zscaler.com
Zscaler–Client Connector

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2. 2024-08-06 7.8 CVE-2024-23460 cve@zscaler.com
ZTE–ZXV10 XT802
There is a permission and access control vulnerability of ZTE’s ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. 2024-08-08 7.1 CVE-2024-22069 psirt@zte.com.cn

Source link
lol

10web–Slider by 10Web Responsive Image Slider The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

Vulnerability Summary for the Week of August 5, 2024 | CISA

Leave a Reply Cancel reply

Recent Posts

Recent Comments