Bulletins: Vulnerability Summary for the Week of September 23, 2024

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-274
Source: Bulletins
Title: Vulnerability Summary for the Week of September 23, 2024

Feedly Summary:
High Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info
Patch Info

Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE 
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
2024-09-25
10
CVE-2024-43693
ics-cert@hq.dhs.gov 

Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE 
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
2024-09-25
10
CVE-2024-45066
ics-cert@hq.dhs.gov 

webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform 
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like ‘give_title’ and ‘card_address’. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2.
2024-09-28
10
CVE-2024-8353
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

Scriptcase–Scriptcase 
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input.
2024-09-25
10
CVE-2024-8940
cve-coordination@incibe.es 

n/a–n/a 
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
2024-09-25
9.8
CVE-2023-26686
cve@mitre.orgcve@mitre.org 

n/a–n/a 
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request.
2024-09-25
9.8
CVE-2023-26689
cve@mitre.org 

purestorage — purity\/\/fa 
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
2024-09-23
9.8
CVE-2024-0001
psirt@purestorage.com 

purestorage — purity\/\/fa 
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
2024-09-23
9.8
CVE-2024-0002
psirt@purestorage.com 

NVIDIA–Container Toolkit 
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
2024-09-26
9
CVE-2024-0132
psirt@nvidia.com 

n/a–n/a 
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.
2024-09-23
9.8
CVE-2024-34331
cve@mitre.orgcve@mitre.org 

Hewlett Packard Enterprise (HPE)–Aruba OS 
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
2024-09-25
9.8
CVE-2024-42505
security-alert@hpe.com 

Hewlett Packard Enterprise (HPE)–Aruba OS 
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
2024-09-25
9.8
CVE-2024-42506
security-alert@hpe.com 

Hewlett Packard Enterprise (HPE)–Aruba OS 
Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
2024-09-25
9.8
CVE-2024-42507
security-alert@hpe.com 

n/a–n/a 
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
2024-09-25
9.8
CVE-2024-42797
cve@mitre.org 

Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE 
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.
2024-09-25
9.8
CVE-2024-43423
ics-cert@hq.dhs.gov 

Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE 
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
2024-09-25
9.8
CVE-2024-43692
ics-cert@hq.dhs.gov 

n/a–n/a 
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.
2024-09-27
9.6
CVE-2024-46367
cve@mitre.org 

n/a–n/a 
sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
2024-09-25
9.1
CVE-2024-46488
cve@mitre.org 

n/a–n/a 
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.
2024-09-25
9.8
CVE-2024-46612
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
2024-09-26
9.1
CVE-2024-46627
cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.
2024-09-25
9.8
CVE-2024-46957
cve@mitre.orgcve@mitre.org 

dataease–dataease 
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1.
2024-09-23
9.8
CVE-2024-46997
security-advisories@github.com 

lobehub–lobe-chat 
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.
2024-09-23
9
CVE-2024-47066
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

goauthentik–authentik 
authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsable IP address, e.g. `a`. This results in a possibility of logging into any account with a known login or email address. The vulnerability requires the authentik instance to trust X-Forwarded-For header provided by the attacker, thus it is not reproducible from external hosts on a properly configured environment. The issue occurs due to the password stage having a policy bound to it, which skips the password stage if the Identification stage is setup to also contain a password stage. Due to the invalid X-Forwarded-For header, which does not get validated to be an IP Address early enough, the exception happens later and the policy fails. The default blueprint doesn’t correctly set `failure_result` to `True` on the policy binding meaning that due to this exception the policy returns false and the password stage is skipped. Versions 2024.8.3 and 2024.6.5 fix this issue.
2024-09-27
9
CVE-2024-47070
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

OpenPrinting–cups-filters 
CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.
2024-09-26
9
CVE-2024-47177
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

WatchGuard–Authentication Gateway 
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.
2024-09-25
9.1
CVE-2024-6592
5d1c2695-1a31-4499-88ae-e847036fd7e3 

WatchGuard–Authentication Gateway 
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2.
2024-09-25
9.1
CVE-2024-6593
5d1c2695-1a31-4499-88ae-e847036fd7e3 

OMNTEC–Proteus Tank Monitoring 
OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication.
2024-09-27
9.8
CVE-2024-6981
ics-cert@hq.dhs.gov 

Google–Chrome 
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
2024-09-23
9.3
CVE-2024-7024
chrome-cve-admin@google.com 

ashishajani–WordPress Simple HTML Sitemap 
The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2024-09-25
9.1
CVE-2024-7385
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

artbees–Jupiter X Core 
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the ‘validate’ function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.
2024-09-26
9.8
CVE-2024-7772
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

Helix–Helix Core 
In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode “best fit" argument injection was identified.
2024-09-25
9.4
CVE-2024-8067
security@puppet.com 

theeventscalendar–The Events Calendar 
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the ‘order’ parameter of the ‘tribe_has_next_event’ function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only sites that have manually added tribe_has_next_event() will be vulnerable to this SQL injection.
2024-09-25
9.8
CVE-2024-8275
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

OPW Fuel Managements Systems–SiteSentinel 
OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges.
2024-09-27
9.8
CVE-2024-8310
ics-cert@hq.dhs.gov 

hahncgdev–WP Easy Gallery WordPress Gallery Plugin 
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘edit_imageId’ and ‘edit_imageDelete’ parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2024-09-25
9.9
CVE-2024-8436
security@wordfence.comsecurity@wordfence.com 

xjb–REST API TO MiniProgram 
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the ‘openid’ user controlled key that determines what user will be updated. This makes it possible for unauthenticated attackers to update arbitrary user’s accounts, including their email to a @weixin.com email, which can the be leveraged to reset the password of the user’s account, including administrators.
2024-09-25
9.8
CVE-2024-8485
security@wordfence.comsecurity@wordfence.com 

prisna–Prisna GWT Google Website Translator 
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the ‘prisna_import’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2024-09-25
9.1
CVE-2024-8514
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

mmrs151–Daily Prayer Time 
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the ‘max_word’ attribute of the ‘quran_verse’ shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2024-09-25
9.9
CVE-2024-8621
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

pluginus — wordpress_meta_data_and_taxonomies_filter 
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the ‘meta_key’ attribute of the ‘mdf_select_title’ shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2024-09-24
9.9
CVE-2024-8624
security@wordfence.comsecurity@wordfence.com 

Alisonic–Sibylla 
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.
2024-09-27
9.4
CVE-2024-8630
ics-cert@hq.dhs.gov 

exthemes — wooevents 
The WooEvents – Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
2024-09-24
9.1
CVE-2024-8671
security@wordfence.comsecurity@wordfence.com 

wpcharitable — charitable 
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user’s identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts.
2024-09-24
9.8
CVE-2024-8791
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

pgadmin.org–pgAdmin 4 
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.
2024-09-23
9.9
CVE-2024-9014
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 

mayurik — modern_loan_management_system 
A vulnerability was found in SourceCodester Modern Loan Management System 1.0. It has been classified as critical. Affected is an unknown function of the file search_member.php. The manipulation of the argument searchMember leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-09-23
9.8
CVE-2024-9090
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

code-projects — student_record_system 
A vulnerability was found in code-projects Student Record System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument regno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-09-23
9.8
CVE-2024-9091
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

code-projects — blood_bank_system 
A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the argument bloodname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-23
9.8
CVE-2024-9094
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

Olgu Computer Systems–e-Belediye 
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.This issue affects e-Belediye: before 2.0.642.
2024-09-25
9.8
CVE-2024-9142
iletisim@usom.gov.tr 

FlowiseAI–FlowiseChatEmbed 
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. 2024-09-25 9.6 CVE-2024-9148 vulnreport@tenable.com  Google--Chrome  Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-09-23 8.8 CVE-2021-38023 chrome-cve-admin@google.com  IBM--Aspera Console  IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. 2024-09-25 8 CVE-2021-38963 psirt@us.ibm.com  n/a--n/a  Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on. 2024-09-25 8.8 CVE-2023-26687 cve@mitre.org  n/a--n/a  File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu. 2024-09-25 8.8 CVE-2023-26690 cve@mitre.orgcve@mitre.org  Synology--Synology Drive Client  Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. 2024-09-26 8.2 CVE-2023-52946 security@synology.com  purestorage -- purity\/\/fa  A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. 2024-09-23 8.8 CVE-2024-0005 psirt@purestorage.com  Cisco--IOS  A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. 2024-09-25 8.6 CVE-2024-20433 ykramarz@cisco.com  Cisco--Cisco IOS XE Software  A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device. 2024-09-25 8.6 CVE-2024-20436 ykramarz@cisco.com  Cisco--Cisco IOS XE Software  A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. 2024-09-25 8.1 CVE-2024-20437 ykramarz@cisco.com  Cisco--Cisco IOS XE Software  A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability. 2024-09-25 8.6 CVE-2024-20455 ykramarz@cisco.com  Cisco--Cisco IOS XE Software  A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet. 2024-09-25 8.6 CVE-2024-20464 ykramarz@cisco.com  Cisco--Cisco IOS XE Software  A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers if they are running Cisco IOS XE Software Release 17.12.1 or 17.12.1a. 2024-09-25 8.6 CVE-2024-20467 ykramarz@cisco.com  Cisco--Cisco IOS XE Software  A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover. 2024-09-25 8.6 CVE-2024-20480 ykramarz@cisco.com  Proxmox--pve-manager  Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. When handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the 'download' or 'data'->‘download’ objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user. Two endpoints were identified which can control the object returned by a request handler sufficiently that the ‘download’ object is defined and user controlled. This results in arbitrary file read. The privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery.
2024-09-25
8.2
CVE-2024-21545
report@snyk.ioreport@snyk.io 

Alpine–Halo9 
Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prh_l2_sar_data_ind function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22945
2024-09-28
8.8
CVE-2024-23923
cve@asrg.io 

Sony–XAV-AX5500 
Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. . Was ZDI-CAN-22994.
2024-09-23
8.8
CVE-2024-23934
cve@asrg.iocve@asrg.io 

Alpine–Halo9 
Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the DecodeUTF7 function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23249
2024-09-28
8
CVE-2024-23935
cve@asrg.io 

Silicon Labs–Gecko OS 
Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23184
2024-09-28
8.8
CVE-2024-23938
cve@asrg.iocve@asrg.io 

Autel–MaxiCharger AC Elite Business C50 
Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLB_HostHeartBeat handler of the DLB protocol implementation. When parsing an AES key, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23241
2024-09-28
8.8
CVE-2024-23957
cve@asrg.io 

Autel–MaxiCharger AC Elite Business C50 
Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the AppChargingControl BLE command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23194
2024-09-28
8
CVE-2024-23959
cve@asrg.io 

Autel–MaxiCharger AC Elite Business C50 
Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of base64-encoded data within WebSocket messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23230
2024-09-28
8
CVE-2024-23967
cve@asrg.io 

Advantech–ADAM-5630 
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.
2024-09-27
8
CVE-2024-28948
ics-cert@hq.dhs.gov 

HCL Software–Nomad server on Domino 
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.
2024-09-25
8.6
CVE-2024-30128
psirt@hcl.com 

n/a–n/a 
An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen
2024-09-27
8.8
CVE-2024-33368
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask
2024-09-27
8.8
CVE-2024-33369
cve@mitre.orgcve@mitre.org 

n/a–n/a 
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
2024-09-23
8.8
CVE-2024-37779
cve@mitre.orgcve@mitre.org 

Advantech–ADAM 5550 
Advantech ADAM 5550’s web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn’t correctly neutralize malicious code when parsing HTTP requests to generate page output.
2024-09-27
8.8
CVE-2024-38308
ics-cert@hq.dhs.gov 

Advantech–ADAM-5630 
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user.
2024-09-27
8
CVE-2024-39275
ics-cert@hq.dhs.gov 

Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 
In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed.
2024-09-27
8.3
CVE-2024-39431
security@unisoc.com 

Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 
In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed.
2024-09-27
8.3
CVE-2024-39432
security@unisoc.com 

n/a–n/a 
In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled code may thus be executed.
2024-09-26
8.4
CVE-2024-41605
cve@mitre.org 

Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE 
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.
2024-09-25
8.8
CVE-2024-41725
ics-cert@hq.dhs.gov 

Planet Fitness–Planet Fitness Workouts 
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information.
2024-09-23
8.8
CVE-2024-43201
9119a7d8-5eab-497f-8521-727c672e37259119a7d8-5eab-497f-8521-727c672e3725 

n/a–n/a 
Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the ssid parameter in the request.
2024-09-25
8
CVE-2024-44678
cve@mitre.orgcve@mitre.org 

Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE 
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
2024-09-25
8.8
CVE-2024-45373
ics-cert@hq.dhs.gov 

n/a–n/a 
A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users’ passwords and compromise their accounts.
2024-09-26
8.8
CVE-2024-45979
cve@mitre.org 

n/a–n/a 
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users’ passwords and compromise their accounts.
2024-09-26
8.8
CVE-2024-45980
cve@mitre.org 

n/a–n/a 
A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
2024-09-26
8.8
CVE-2024-45981
cve@mitre.org 

n/a–n/a 
A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users’ passwords and compromise their accounts.
2024-09-26
8.8
CVE-2024-45982
cve@mitre.org 

n/a–n/a 
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user’s permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges.
2024-09-27
8.1
CVE-2024-46097
cve@mitre.org 

n/a–n/a 
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.
2024-09-26
8
CVE-2024-46328
cve@mitre.org 

n/a–n/a 
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.
2024-09-26
8
CVE-2024-46329
cve@mitre.org 

n/a–n/a 
A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.
2024-09-27
8.8
CVE-2024-46366
cve@mitre.org 

n/a–n/a 
An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). The file extension of an uncompressed file is not checked.
2024-09-27
8.8
CVE-2024-46441
cve@mitre.org 

n/a–n/a 
VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user’s privileges.
2024-09-25
8
CVE-2024-46461
cve@mitre.org 

n/a–n/a 
CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter ’email’ in the Login Page.
2024-09-27
8.6
CVE-2024-46472
cve@mitre.orgcve@mitre.org 

n/a–n/a 
A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.
2024-09-25
8.8
CVE-2024-46489
cve@mitre.org 

n/a–n/a 
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
2024-09-26
8
CVE-2024-46628
cve@mitre.org 

OpenPrinting–libcupsfilters 
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
2024-09-26
8.6
CVE-2024-47076
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

meshtastic–firmware 
Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly via an internet connection or proxied through a connected phone (i.e., via bluetooth). Prior to version 2.5.1, multiple weaknesses in the MQTT implementation allow for authentication and authorization bypasses resulting in unauthorized control of MQTT-connected nodes. Version 2.5.1 contains a patch.
2024-09-25
8.1
CVE-2024-47078
security-advisories@github.com 

agnaistic–agnai 
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability.
2024-09-26
8.8
CVE-2024-47169
security-advisories@github.com 

OpenPrinting–libppd 
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
2024-09-26
8.6
CVE-2024-47175
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

OpenPrinting–cups-browsed 
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.
2024-09-26
8.3
CVE-2024-47176
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

DIYgod–RSSHub 
RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub’s `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made the repository no longer vulnerable. The `docker-test-cont.yml` workflow gets triggered when the `PR – Docker build test` workflow completes successfully. It then collects some information about the Pull Request that triggered the triggering workflow and set some labels depending on the PR body and sender. If the PR also contains a `routes` markdown block, it will set the `TEST_CONTINUE` environment variable to `true`. The workflow then downloads and extracts an artifact uploaded by the triggering workflow which is expected to contain a single `rsshub.tar.zst` file. However, prior to commit 64e00e7, it did not validate and the contents were extracted in the root of the workspace overriding any existing files. Since the contents of the artifact were not validated, it is possible for a malicious actor to send a Pull Request which uploads, not just the `rsshub.tar.zst` compressed docker image, but also a malicious `package.json` file with a script to run arbitrary code in the context of the privileged workflow. As of commit 64e00e7, this scenario has been addressed and the RSSHub repository is no longer vulnerable.
2024-09-26
8.8
CVE-2024-47179
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

badges–shields 
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. All users who self-host an instance are vulnerable. This problem was fixed in server-2024-09-25. Those who follow the tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub, `docker pull shieldsio/shields:next` to update to the latest version. As a workaround, blocking access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` (e.g: via a firewall or reverse proxy in front of your instance) would prevent the exploitable endpoints from being accessed.
2024-09-26
8.8
CVE-2024-47180
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

Google–Chrome 
Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
2024-09-23
8.8
CVE-2024-7018
chrome-cve-admin@google.com 

Google–Chrome 
Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
2024-09-23
8.8
CVE-2024-7022
chrome-cve-admin@google.com 

Google–Chrome 
Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
2024-09-23
8
CVE-2024-7023
chrome-cve-admin@google.com 

themewinter–Event Manager, Events Calendar, Tickets, Registrations Eventin 
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.
2024-09-27
8.8
CVE-2024-7149
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

TeamViewer–Remote Full Client 
Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.
2024-09-25
8.8
CVE-2024-7479
psirt@teamviewer.com 

TeamViewer–Remote Full Client 
Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.
2024-09-25
8.8
CVE-2024-7481
psirt@teamviewer.com 

artbees–Jupiter X Core 
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.
2024-09-26
8.1
CVE-2024-7781
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

wclovers–WCFM Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. This makes it possible for authenticated attackers, with subscriber/customer-level access and above, to change the email address of administrator user accounts which allows them to reset the password and access the administrator account.
2024-09-25
8.8
CVE-2024-8290
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

ba-booking — ba_book_everything 
The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_account_update() function. This makes it possible for unauthenticated attackers to update a user’s account details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to reset a user’s password and gain access to their account.
2024-09-24
8.8
CVE-2024-8795
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

rajeshsingh520–Product Enquiry for WooCommerce, WooCommerce product catalog 
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
2024-09-27
8.8
CVE-2024-8922
security@wordfence.comsecurity@wordfence.com 

Google–Chrome 
Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
2024-09-25
8.8
CVE-2024-9120
chrome-cve-admin@google.comchrome-cve-admin@google.com 

Google–Chrome 
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
2024-09-25
8.8
CVE-2024-9121
chrome-cve-admin@google.comchrome-cve-admin@google.com 

Google–Chrome 
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
2024-09-25
8.8
CVE-2024-9122
chrome-cve-admin@google.comchrome-cve-admin@google.com 

google — chrome 
Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)
2024-09-23
7.8
CVE-2018-20072
chrome-cve-admin@google.com 

smub–Easy Digital Downloads eCommerce Payments and Subscriptions made easy 
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘upload[file]’ parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
2024-09-24
7.2
CVE-2022-2439
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

nitinmaurya12–WordPress Visitors 
The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the nm_vistior page.
2024-09-26
7.2
CVE-2022-4541
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

Synology–Synology Drive Client 
Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors.
2024-09-26
7.8
CVE-2022-49038
security@synology.com 

n/a–n/a 
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.
2024-09-25
7.2
CVE-2023-26691
cve@mitre.orgcve@mitre.org 

purestorage — purity\/\/fa 
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
2024-09-23
7.2
CVE-2024-0003
psirt@purestorage.com 

purestorage — purity\/\/fa 
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
2024-09-23
7.2
CVE-2024-0004
psirt@purestorage.com 

Cisco–Cisco Digital Network Architecture Center (DNA Center) 
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials.
2024-09-25
7.5
CVE-2024-20350
ykramarz@cisco.com 

n/a–n/a 
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.
2024-09-25
7.5
CVE-2024-22893
cve@mitre.org 

Xen–Xen 
Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. In the logic establishing these mappings, error handling was flawed, resulting in such mappings to potentially remain in place when they should have been removed again. Respective guests would then gain access to memory regions which they aren’t supposed to have access to.
2024-09-25
7.5
CVE-2024-31145
security@xen.org 

Xen–Xen 
When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to – – PCI Base Address Registers (BARs) of multiple devices mapping to the same page (4k on x86), – – INTx lines.
2024-09-25
7.5
CVE-2024-31146
security@xen.org 

Dell–SmartFabric OS10 Software 
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service.
2024-09-26
7.5
CVE-2024-37125
security_alert@emc.com 

Dell–SmartFabric OS10 Software 
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.
2024-09-26
7.1
CVE-2024-39577
security_alert@emc.com 

n/a–n/a 
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.
2024-09-23
7.2
CVE-2024-39842
cve@mitre.orgcve@mitre.org 

Apache Software Foundation–Apache Linkis Spark EngineConn 
In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang’s RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.
2024-09-25
7.5
CVE-2024-39928
security@apache.org 

n/a–n/a 
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request.
2024-09-23
7.2
CVE-2024-40442
cve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function.
2024-09-26
7.3
CVE-2024-40506
cve@mitre.org 

n/a–n/a 
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function.
2024-09-26
7.3
CVE-2024-40507
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function.
2024-09-26
7.3
CVE-2024-40508
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function.
2024-09-27
7.3
CVE-2024-40509
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function.
2024-09-27
7.3
CVE-2024-40511
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function.
2024-09-27
7.3
CVE-2024-40512
cve@mitre.org 

n/a–n/a 
A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files.
2024-09-23
7.6
CVE-2024-41228
cve@mitre.org 

n/a–n/a 
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module.
2024-09-25
7.5
CVE-2024-41708
cve@mitre.orgcve@mitre.org 

IBM–Cloud Pak for Multicloud Management 
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
2024-09-26
7.2
CVE-2024-43191
psirt@us.ibm.com 

Themepoints–Testimonials 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themepoints Testimonials allows Reflected XSS.This issue affects Testimonials: from n/a through 3.0.8.
2024-09-25
7.1
CVE-2024-43959
audit@patchstack.com 

Firsh–Justified Image Grid 
Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid allows Server Side Request Forgery.This issue affects Justified Image Grid: from n/a through 4.6.1.
2024-09-23
7.5
CVE-2024-43989
audit@patchstack.com 

n/a–n/a 
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file.
2024-09-25
7.5
CVE-2024-44825
cve@mitre.orgcve@mitre.org 

n/a–n/a 
An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request.
2024-09-26
7.5
CVE-2024-44860
cve@mitre.orgcve@mitre.org 

ckeditor–ckeditor5 
CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin.
2024-09-25
7.2
CVE-2024-45613
security-advisories@github.comsecurity-advisories@github.com 

n/a–n/a 
An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel.
2024-09-25
7.3
CVE-2024-45750
cve@mitre.orgcve@mitre.org 

Facebook–Facebook Thrift 
A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.
2024-09-27
7.5
CVE-2024-45773
cve-assign@fb.com 

n/a–n/a 
VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object.
2024-09-26
7.4
CVE-2024-46330
cve@mitre.org 

n/a–n/a 
ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL.
2024-09-27
7.2
CVE-2024-46331
cve@mitre.org 

n/a–n/a 
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information.
2024-09-27
7.5
CVE-2024-46471
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.
2024-09-25
7.6
CVE-2024-46607
cve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords
2024-09-25
7.5
CVE-2024-46609
cve@mitre.orgcve@mitre.org 

n/a–n/a 
A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box.
2024-09-23
7.6
CVE-2024-46639
cve@mitre.orgcve@mitre.org 

rocket.chat — rocket.chat 
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.
2024-09-25
7.5
CVE-2024-46935
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.
2024-09-25
7.5
CVE-2024-46936
cve@mitre.orgcve@mitre.org 

dataease — dataease 
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerability has been fixed in v2.10.1.
2024-09-23
7.5
CVE-2024-46985
security-advisories@github.com 

National Tax Agency–The installer of e-Tax software(common program) 
Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.
2024-09-26
7.8
CVE-2024-47045
vultures@jpcert.or.jpvultures@jpcert.or.jp 

WatchGuard–Single Sign-On Client 
Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands. This issue affects Single Sign-On Client: through 12.7.
2024-09-25
7.5
CVE-2024-6594
5d1c2695-1a31-4499-88ae-e847036fd7e3 

theeventscalendar–The Events Calendar 
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-27
7.2
CVE-2024-6931
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

Progress Software–Telerik UI for WPF 
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
2024-09-25
7.8
CVE-2024-7575
security@progress.com 

Progress Software–Telerik UI for WPF 
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
2024-09-25
7.8
CVE-2024-7576
security@progress.com 

HashiCorp–Vault 
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
2024-09-26
7.5
CVE-2024-7594
security@hashicorp.com 

itpathsolutions–Contact Form to Any API 
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
7.2
CVE-2024-7617
security@wordfence.comsecurity@wordfence.com 

Progress Software–Telerik UI for WinForms 
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
2024-09-25
7.8
CVE-2024-7679
security@progress.com 

modalweb–Advanced File Manager 
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the ‘class_fma_connector.php’ file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site’s server which may make remote code execution possible.
2024-09-26
7.5
CVE-2024-8126
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

CODESYS–CODESYS Control for BeagleBone SL 
An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.
2024-09-25
7.5
CVE-2024-8175
info@cert.vde.cominfo@cert.vde.com 

Progress Software–Telerik UI for WPF 
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
2024-09-25
7.8
CVE-2024-8316
security@progress.com 

Uncanny Owl–Uncanny Groups for LearnDash 
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.
2024-09-25
7.2
CVE-2024-8349
security@wordfence.comsecurity@wordfence.com 

PaperCut–PaperCut NG, PaperCut MF 
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split from CVE-2024-3037.
2024-09-26
7.8
CVE-2024-8404
eb41dac7-0af8-4f84-9f6d-0272772514f4 

minimus–Special Text Boxes 
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter(‘comment_text’, ‘do_shortcode’); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
2024-09-25
7.3
CVE-2024-8481
security@wordfence.comsecurity@wordfence.com 

xjb–REST API TO MiniProgram 
The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the ‘order’ parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2024-09-25
7.5
CVE-2024-8484
security@wordfence.comsecurity@wordfence.com 

Franklin Fueling Systems–TS-550 EVO 
Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.
2024-09-25
7.5
CVE-2024-8497
ics-cert@hq.dhs.gov 

pluginus — wordpress_meta_data_and_taxonomies_filter 
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
2024-09-24
7.3
CVE-2024-8623
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

modalweb–Advanced File Manager 
The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the ‘fma_locale’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.
2024-09-26
7.2
CVE-2024-8704
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

haibasoft–Thanh Ton Qut M QR Code T ng MoMo, ViettelPay, VNPay v 40 ngn hng Vit Nam 
The Thanh Toán Quét Mã QR Code T? ??ng – MoMo, ViettelPay, VNPay và 40 ngân hàng Vi?t Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wp_kses_allowed_html function, which allows the ‘onclick’ attribute for certain HTML elements without sufficient restriction or context validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
7.2
CVE-2024-8914
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

Scriptcase–Scriptcase 
Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the "subpage" parameter), which allows unauthenticated remote users to bypass SecurityManager’s intended restrictions and list and/or read a parent directory via a "/…" or directly into a path used in the POST parameter "field_file" by a web application.
2024-09-25
7.5
CVE-2024-8941
cve-coordination@incibe.es 

Grafana–Alloy 
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.
2024-09-25
7.3
CVE-2024-8975
security@grafana.comsecurity@grafana.comsecurity@grafana.comsecurity@grafana.com 

Grafana–Agent Flow 
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2
2024-09-25
7.3
CVE-2024-8996
security@grafana.comsecurity@grafana.comsecurity@grafana.com 

freeimage_project–freeimage 
A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.
2024-09-27
7.5
CVE-2024-9029
patrick@puiterwijk.orgpatrick@puiterwijk.org 

rems — profile_registration_without_reload\/refresh 
A vulnerability classified as critical has been found in SourceCodester Profile Registration without Reload Refresh 1.0. This affects an unknown part of the file del.php of the component GET Parameter Handler. The manipulation of the argument list leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-09-23
7.2
CVE-2024-9093
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

Google–Chrome 
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
2024-09-25
7.1
CVE-2024-9123
chrome-cve-admin@google.comchrome-cve-admin@google.com 

webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform 
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with GiveWP Manager-level access and above, to append additional SQL queries into already existing queries within the Legacy View mode, that can be used to extract sensitive information from the database.
2024-09-27
7.2
CVE-2024-9130
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

Clibo Manager–Clibo Manager 
Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross-Site Scripting (stored XSS ) by uploading a malicious .svg image in the section: Profile > Profile picture.
2024-09-26
7.6
CVE-2024-9198
cve-coordination@incibe.es 

SourceCodester–Advocate Office Management System 
A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /control/login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
7.3
CVE-2024-9295
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Advocate Office Management System 
A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /control/forgot_pass.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
7.3
CVE-2024-9296
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

Intelbras–InControl 
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
2024-09-29
7.8
CVE-2024-9325
cna@vuldb.comcna@vuldb.comcna@vuldb.com 

PHPGurukul–Online Shopping Portal 
A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-29
7.3
CVE-2024-9326
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

Back to top

Medium Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info
Patch Info

Synology–Synology Drive Client 
Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors.
2024-09-26
6.5
CVE-2022-49037
security@synology.com 

Synology–Synology Drive Client 
Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.
2024-09-26
6.7
CVE-2022-49039
security@synology.com 

Cisco–IOS 
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device.
2024-09-25
6.5
CVE-2024-20414
ykramarz@cisco.com 

Cisco–Cisco Catalyst SD-WAN Manager 
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.
2024-09-25
6.4
CVE-2024-20475
ykramarz@cisco.com 

Cisco–Cisco SD-WAN vEdge Cloud 
A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system.
2024-09-25
6.1
CVE-2024-20496
ykramarz@cisco.com 

Sony–XAV-AX5500 
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updates. The issue results from the lack of proper validation of software update packages. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-22939
2024-09-23
6.8
CVE-2024-23922
cve@asrg.iocve@asrg.io 

Alpine–Halo9 
Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdCreatSHA256Hash function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23105
2024-09-28
6.8
CVE-2024-23924
cve@asrg.io 

Sony–XAV-AX5500 
Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238
2024-09-23
6.8
CVE-2024-23933
cve@asrg.iocve@asrg.io 

Autel–MaxiCharger AC Elite Business C50 
Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196
2024-09-28
6.5
CVE-2024-23958
cve@asrg.io 

Alpine–Halo9 
Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdUpdFSpeDecomp function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23306
2024-09-28
6.8
CVE-2024-23961
cve@asrg.io 

Sony–XAV-AX5500 
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23185
2024-09-23
6.8
CVE-2024-23972
cve@asrg.iocve@asrg.io 

n/a–n/a 
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
2024-09-27
6.1
CVE-2024-25411
cve@mitre.orgcve@mitre.orgcve@mitre.org 

HCL Software–HCL Traveler for Microsoft Outlook 
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.
2024-09-26
6.7
CVE-2024-30134
psirt@hcl.com 

n/a–n/a 
Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of the software. Combined with the encrypted password that can be obtained from "WebAPI.cfg.xml" in CVE-2024-39341, the decryption is trivial and can lead to privilege escalation on the Windows host.
2024-09-23
6.6
CVE-2024-39342
cve@mitre.orgcve@mitre.orgcve@mitre.org 

Advantech–ADAM-5630 
Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands.
2024-09-27
6.3
CVE-2024-39364
ics-cert@hq.dhs.gov 

Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000 
In drm service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
2024-09-27
6.2
CVE-2024-39433
security@unisoc.com 

Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000 
In drm service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
2024-09-27
6.2
CVE-2024-39434
security@unisoc.com 

Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 
In Logmanager service, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed.
2024-09-27
6.5
CVE-2024-39435
security@unisoc.com 

n/a–n/a 
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.
2024-09-23
6.7
CVE-2024-39843
cve@mitre.orgcve@mitre.org 

n/a–n/a 
An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter.
2024-09-23
6.6
CVE-2024-40441
cve@mitre.orgcve@mitre.orgcve@mitre.org 

goTenna–Pro ATAK Plugin 
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulnerability can be exploited if the device is being used in a unencrypted environment or if the cryptography has already been compromised.
2024-09-26
6.5
CVE-2024-41722
ics-cert@hq.dhs.gov 

ElementsKit–ElementsKit Pro 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0.
2024-09-23
6.5
CVE-2024-43996
audit@patchstack.com 

wpWax–Product Carousel Slider & Grid Ultimate for WooCommerce 
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows PHP Local File Inclusion.This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.9.10.
2024-09-23
6.5
CVE-2024-44048
audit@patchstack.com 

n/a–n/a 
Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port.
2024-09-23
6.6
CVE-2024-44540
cve@mitre.org 

Xiaomi–Xiaomi Router AX9000 
Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.
2024-09-23
6.4
CVE-2024-45348
security@xiaomi.com 

goTenna–Pro ATAK Plugin 
The goTenna Pro ATAK Plugin does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.
2024-09-26
6.5
CVE-2024-45723
ics-cert@hq.dhs.gov 

n/a–n/a 
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725’s Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially crafted web page, the attacker can leverage the victim’s browser to make unauthorized requests to the vulnerable endpoint, effectively allowing the attacker to perform actions on behalf of the admin without their consent.
2024-09-26
6.3
CVE-2024-45983
cve@mitre.org 

n/a–n/a 
Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component.
2024-09-27
6.1
CVE-2024-46470
cve@mitre.orgcve@mitre.org 

n/a–n/a 
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate
2024-09-25
6.3
CVE-2024-46485
cve@mitre.org 

n/a–n/a 
A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user’s browser via a crafted payload or URL.
2024-09-25
6.1
CVE-2024-46655
cve@mitre.orgcve@mitre.org 

rocket.chat — rocket.chat 
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.
2024-09-25
6.1
CVE-2024-46934
cve@mitre.orgcve@mitre.org 

mattermost — mattermost_server 
Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend.
2024-09-26
6.5
CVE-2024-47003
responsibledisclosure@mattermost.com 

rollup–rollup 
Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 3.29.5 and 4.22.4 contain a patch for the vulnerability.
2024-09-23
6.1
CVE-2024-47068
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

oveleon–contao-cookiebar 
Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend’s HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability.
2024-09-23
6.1
CVE-2024-47069
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

layui–layui 
LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue.
2024-09-26
6.4
CVE-2024-47075
security-advisories@github.comsecurity-advisories@github.com 

goauthentik–authentik 
authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued for one application and use it to access another application that they aren’t allowed to access. Anyone who has more than one proxy provider application with different trust domains or different access control is affected. Versions 2024.8.3 and 2024.6.5 fix the issue.
2024-09-27
6.5
CVE-2024-47077
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

ampache–ampache 
Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue.
2024-09-27
6.1
CVE-2024-47184
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

filamentphp–filament 
Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue.
2024-09-27
6.1
CVE-2024-47186
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

iredmail — iredadmin 
iRedAdmin before 2.6 allows XSS, e.g., via order_name.
2024-09-23
6.1
CVE-2024-47227
cve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.orgcve@mitre.org 

Huawei–HarmonyOS 
Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2024-09-27
6.2
CVE-2024-47292
psirt@huawei.com 

Livemesh–Livemesh Addons for Elementor 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5.
2024-09-25
6.5
CVE-2024-47303
audit@patchstack.com 

javmah–Spreadsheet Integration Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. 
The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 3.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit post status, edit Google sheet integrations, and create Google sheet integrations.
2024-09-25
6.3
CVE-2024-6590
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

Microsoft–Windows 10 
A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.
2024-09-26
6.7
CVE-2024-6769
df4dee71-de3a-4139-9588-11b62fe6c0ff 

Unknown–AI ChatBot with ChatGPT and Content Generator by AYS 
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: ‘ays_chatgpt_disconnect’, ‘ays_chatgpt_connect’, and ‘ays_chatgpt_save_feedback’
2024-09-27
6.5
CVE-2024-7714
contact@wpscan.com 

cguntur–WP Category Dropdown 
The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-8103
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

princeahmed–Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress 
The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the ‘wp:radio-player’ Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-8267
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

PaperCut–PaperCut NG, PaperCut MF 
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712.
2024-09-26
6.1
CVE-2024-8405
eb41dac7-0af8-4f84-9f6d-0272772514f4 

themesflat–Themesflat Addons For Elementor 
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like ‘TF E Slider Widget’, ‘TF Video Widget’, ‘TF Team Widget’ and more in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on URL attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-8515
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

fatcatapps — pixel_cat 
The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-24
6.1
CVE-2024-8544
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

xpeedstudio–ElementsKit Elementor addons 
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-8546
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

grimmdude–Simple Popup Plugin 
The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-28
6.4
CVE-2024-8547
security@wordfence.comsecurity@wordfence.com 

simplecalendar–Simple Calendar Google Calendar Plugin 
The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-25
6.1
CVE-2024-8549
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

ibericode — koko_analytics 
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-24
6.1
CVE-2024-8662
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

devitemsllc–ShopLentor WooCommerce Builder for Elementor & Gutenberg +12 Modules All in One Solution (formerly WooLentor) 
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-8668
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

leap13–Premium Addons for Elementor 
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-27
6.4
CVE-2024-8681
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

gtmserver–GTM Server Side 
The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-28
6.1
CVE-2024-8712
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

pierre-lebedel–Kodex Posts likes 
The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-25
6.1
CVE-2024-8713
security@wordfence.comsecurity@wordfence.com 

clifgriffin–Simple LDAP Login 
The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-28
6.1
CVE-2024-8715
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

xplodedthemes — xt_ajax_add_to_cart_for_woocommerce 
The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-24
6.1
CVE-2024-8716
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

ouhinit–012 Ps Multi Languages 
The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-26
6.4
CVE-2024-8723
security@wordfence.comsecurity@wordfence.com 

modalweb–Advanced File Manager 
Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files to any directory within the WordPress root directory, which could lead to Stored Cross-Site Scripting. The Advanced File Manager Shortcodes plugin must be installed to exploit this vulnerability.
2024-09-26
6.8
CVE-2024-8725
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

castos — seriously_simple_stats 
The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-24
6.1
CVE-2024-8738
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

outtheboxthemes–Beam me up Scotty Back to Top Button 
The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-25
6.1
CVE-2024-8741
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

github — enterprise_server 
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
2024-09-23
6.1
CVE-2024-8770
product-cna@github.comproduct-cna@github.comproduct-cna@github.comproduct-cna@github.comproduct-cna@github.com 

omardabbas–EU/UK VAT Manager for WooCommerce 
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-28
6.1
CVE-2024-8788
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

madfishdigital–Bulk NoIndex & NoFollow Toolkit 
The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-26
6.1
CVE-2024-8803
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

livemesh–Elementor Addons by Livemesh 
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-8858
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

metagauss–ProfileGrid User Profiles, Groups and Communities 
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the ‘onclick’ attribute for certain HTML elements without sufficient restriction or context validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-26
6.4
CVE-2024-8861
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

bizswoop–Store Hours for WooCommerce 
The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
2024-09-26
6.1
CVE-2024-8872
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

anwppro–AnWP Football Leagues 
The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-09-25
6.4
CVE-2024-8917
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

shakeelu–Confetti Fall Animation 
The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘confetti-fall-animation’ shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-8919
security@wordfence.comsecurity@wordfence.com 

Scriptcase–Scriptcase 
Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the "id_form_msg_title" parameter, among others. This vulnerability could allow a remote user to send a specially crafted URL to a victim and retrieve their credentials.
2024-09-25
6.3
CVE-2024-8942
cve-coordination@incibe.es 

Code Supply Co.–Absolute Reviews 
The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Name’ field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-27
6.4
CVE-2024-8965
security@wordfence.comsecurity@wordfence.com 

photoweblog–OSM OpenStreetMap 
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-27
6.4
CVE-2024-8991
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

axton–WP-WebAuthn 
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-28
6.4
CVE-2024-9023
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

braginteractive–Material Design Icons 
The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-9024
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

wpzoom–WPZOOM Shortcodes 
The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘box’ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-9027
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

bastianonm–WP GPX Maps 
The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sgpx’ shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-25
6.4
CVE-2024-9028
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

justinbusa–Beaver Builder WordPress Page Builder 
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-27
6.4
CVE-2024-9049
security@wordfence.comsecurity@wordfence.com 

themexclub–OneElements Best Elementor Addons 
The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-09-25
6.4
CVE-2024-9068
security@wordfence.comsecurity@wordfence.com 

besnikac–Graphicsly The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) 
The Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-09-25
6.4
CVE-2024-9069
security@wordfence.comsecurity@wordfence.com 

wpopal–GutenGeek Free Gutenberg Blocks for WordPress 
The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-09-25
6.4
CVE-2024-9073
security@wordfence.comsecurity@wordfence.com 

rems — profile_registration_without_reload\/refresh 
A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add.php of the component Registration Form. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
2024-09-23
6.1
CVE-2024-9092
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

thechetanvaghela–Common Tools for Site 
The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-09-26
6.4
CVE-2024-9115
security@wordfence.comsecurity@wordfence.com 

sekler–Mapplic Lite 
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-09-26
6.4
CVE-2024-9117
security@wordfence.comsecurity@wordfence.com 

mohsensd1373–king_IE 
The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-09-26
6.4
CVE-2024-9125
security@wordfence.comsecurity@wordfence.com 

solaplugins–Super Testimonials 
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-26
6.4
CVE-2024-9127
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

Huawei–HarmonyOS 
Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2024-09-27
6.7
CVE-2024-9136
psirt@huawei.com 

alefypf–GF Custom Style 
The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2024-09-26
6.4
CVE-2024-9173
security@wordfence.comsecurity@wordfence.com 

mahodder–Themedy Toolbox 
The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin’s themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-26
6.4
CVE-2024-9177
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

jeanmarc77–123solar 
A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-27
6.3
CVE-2024-9275
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

TP-LINK–TL-WR841ND 
A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-09-27
6.5
CVE-2024-9284
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

skyselang–yylAdmin 
A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component Backend. The manipulation of the argument is_disable leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-09-27
6.3
CVE-2024-9293
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

dingfanzu–CMS 
A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
2024-09-27
6.3
CVE-2024-9294
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Online Railway Reservation System 
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument page with the input trains/schedules/system_info leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
6.3
CVE-2024-9297
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Employee and Visitor Gate Pass Logging System 
A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
6.3
CVE-2024-9315
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

code-projects–Blood Bank Management System 
A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
6.3
CVE-2024-9316
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Online Eyewear Shop 
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
6.3
CVE-2024-9317
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Advocate Office Management System 
A vulnerability, which was classified as critical, has been found in SourceCodester Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/activate.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
6.3
CVE-2024-9318
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Online Timesheet App 
A vulnerability, which was classified as critical, was found in SourceCodester Online Timesheet App 1.0. This affects an unknown part of the file /endpoint/delete-timesheet.php. The manipulation of the argument timesheet leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-09-29
6.3
CVE-2024-9319
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

code-projects–Supply Chain Management 
A vulnerability was found in code-projects Supply Chain Management 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit_manufacturer.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2024-09-29
6.3
CVE-2024-9322
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

Intelbras–InControl 
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
2024-09-29
6.3
CVE-2024-9324
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

code-projects–Blood Bank System 
A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forgot.php. The manipulation of the argument useremail leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-29
6.3
CVE-2024-9327
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Advocate Office Management System 
A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /control/edit_client.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-29
6.3
CVE-2024-9328
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

n/a–n/a 
Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface.
2024-09-25
5.4
CVE-2023-26688
cve@mitre.orgcve@mitre.org 

n/a–n/a 
A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components.
2024-09-23
5.4
CVE-2023-46948
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
2024-09-25
5.4
CVE-2023-51157
cve@mitre.org 

Synology–Synology Active Backup for Business Agent 
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
2024-09-26
5
CVE-2023-52948
security@synology.com 

Synology–Synology Active Backup for Business Agent 
Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.
2024-09-26
5.5
CVE-2023-52949
security@synology.com 

Synology–Synology Active Backup for Business Agent 
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.
2024-09-26
5.3
CVE-2023-52950
security@synology.com 

Cisco–IOS 
A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP). An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.
2024-09-25
5.8
CVE-2024-20465
ykramarz@cisco.com 

Cisco–Cisco UTD SNORT IPS Engine Software 
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped.
2024-09-25
5.8
CVE-2024-20508
ykramarz@cisco.com 

HCL Software–Nomad server on Domino 
HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain circumstances, an unauthenticated attacker could obtain old session information.
2024-09-27
5.3
CVE-2024-23586
psirt@hcl.com 

Advantech–ADAM-5630 
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
2024-09-27
5.7
CVE-2024-34542
ics-cert@hq.dhs.gov 

Advantech–ADAM 5550 
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
2024-09-27
5.7
CVE-2024-37187
ics-cert@hq.dhs.gov 

IBM–Storage Defender – Resiliency Service 
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
2024-09-25
5.9
CVE-2024-38324
psirt@us.ibm.com 

TianoCore–EDK2 
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
2024-09-27
5.9
CVE-2024-38796
infosec@edk2.groups.io 

N/A–Spring Framework 
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
2024-09-27
5.3
CVE-2024-38809
security@vmware.com 

Apache Software Foundation–Apache Answer 
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user’s email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue.
2024-09-25
5.3
CVE-2024-40761
security@apache.org 

Mattermost–Mattermost 
Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files.
2024-09-26
5.4
CVE-2024-42406
responsibledisclosure@mattermost.com 

goTenna–Pro ATAK Plugin 
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
2024-09-26
5.3
CVE-2024-43108
ics-cert@hq.dhs.gov 

TaxoPress–WordPress Tag Cloud Plugin Tag Groups 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.3.
2024-09-25
5.3
CVE-2024-43237
audit@patchstack.com 

StylemixThemes–Masterstudy LMS Starter 
Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8.
2024-09-25
5.3
CVE-2024-43990
audit@patchstack.com 

goTenna–Pro ATAK Plugin 
In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.
2024-09-26
5.3
CVE-2024-45374
ics-cert@hq.dhs.gov 

TopQuadrant–TopBraid EDG 
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721).
2024-09-27
5
CVE-2024-45745
9119a7d8-5eab-497f-8521-727c672e37259119a7d8-5eab-497f-8521-727c672e3725 

mattermost — mattermost_server 
Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.
2024-09-26
5.4
CVE-2024-45843
responsibledisclosure@mattermost.com 

Facebook–Facebook Thrift 
A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00.
2024-09-27
5.3
CVE-2024-45863
cve-assign@fb.com 

n/a–n/a 
A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages whenever the account information is accessed.
2024-09-26
5.4
CVE-2024-45986
cve@mitre.org 

n/a–n/a 
PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php.
2024-09-23
5.9
CVE-2024-46241
cve@mitre.org 

n/a–n/a 
An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal.
2024-09-26
5.7
CVE-2024-46327
cve@mitre.org 

NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION–Hikari Denwa router RT-400MI 
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product’s Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas.
2024-09-26
5.3
CVE-2024-47044
vultures@jpcert.or.jpvultures@jpcert.or.jpvultures@jpcert.or.jpvultures@jpcert.or.jpvultures@jpcert.or.jpvultures@jpcert.or.jp 

rocket.chat — rocket.chat 
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.
2024-09-25
5.4
CVE-2024-47048
cve@mitre.orgcve@mitre.org 

NixOS–nix 
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `<nix/fetchurl.nix>` did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle (MITM) attack. `<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It’s not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue. A user may be affected by the risk of leaking credentials if they have a `netrc` file for authentication, or rely on derivations with `impureEnvVars` set to use credentials from the environment. In addition, the commonplace trust-on-first-use (TOFU) technique of updating dependencies by specifying an invalid hash and obtaining it from a remote store was also vulnerable to a MITM injecting arbitrary store objects. This also applied to the impure derivations experimental feature. Note that this may also happen when using Nixpkgs fetchers to obtain new hashes when not using the fake hash method, although that mechanism is not implemented in Nix itself but rather in Nixpkgs using a fixed-output derivation. The behavior was introduced in version 1.11 to make it consistent with the Nixpkgs `pkgs.fetchurl` and to make `<nix/fetchurl.nix>` work in the derivation builder sandbox, which back then did not have access to the CA bundles by default. Nowadays, CA bundles are bind-mounted on Linux. This issue has been fixed in Nix 2.18.8 and 2.24.8. As a workaround, implement (authenticated) fetching with `pkgs.fetchurl` from Nixpkgs, using `impureEnvVars` and `curlOpts` as needed.
2024-09-26
5.9
CVE-2024-47174
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

Huawei–HarmonyOS 
Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability.
2024-09-27
5.5
CVE-2024-47290
psirt@huawei.com 

Huawei–HarmonyOS 
Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability.
2024-09-27
5.6
CVE-2024-47291
psirt@huawei.com 

GiveWP–GiveWP 
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.
2024-09-25
5.4
CVE-2024-47315
audit@patchstack.com 

Unknown–Chatbot with ChatGPT WordPress 
The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key
2024-09-25
5.3
CVE-2024-6845
contact@wpscan.com 

peepso–Community by PeepSo Social Network, Membership, Registration, User Profiles, Premium Mobile App 
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due to the plugin displaying errors and allowing direct access to the sse.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
2024-09-25
5.3
CVE-2024-7426
security@wordfence.comsecurity@wordfence.com 

realmag777–HUSKY Products Filter Professional for WooCommerce 
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the ‘key’ user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to unsubscribe users from a product notification sign-ups, if they can successfully obtain or brute force the key value for users who signed up to receive notifications. This vulnerability requires the plugin’s Products Messenger extension to be enabled.
2024-09-25
5.3
CVE-2024-7491
security@wordfence.comsecurity@wordfence.com 

Unknown–YITH WooCommerce Ajax Search 
YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts.
2024-09-23
5.4
CVE-2024-7846
contact@wpscan.com 

mailoptin — mailoptin 
The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘post-meta’ shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-24
5.4
CVE-2024-8628
security@wordfence.comsecurity@wordfence.com 

10web–Form Maker by 10Web Mobile-Friendly Drag & Drop Contact Form Builder 
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-26
5.5
CVE-2024-8633
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

ggnome — garden_gnome_package 
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2024-09-24
5.4
CVE-2024-8657
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

wpexpertsio–myCred Loyalty Points and Rewards plugin for WordPress and WooCommerce Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification 
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mycred_update_database() function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to upgrade an out of date database.
2024-09-25
5.3
CVE-2024-8658
security@wordfence.comsecurity@wordfence.com 

revolutbusiness–Revolut Gateway for WooCommerce 
The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for unauthenticated attackers to mark orders as completed.
2024-09-25
5.3
CVE-2024-8678
security@wordfence.comsecurity@wordfence.com 

ba-booking — ba_book_everything 
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a user’s identity prior to setting a password. This makes it possible for unauthenticated attackers to reset any user’s passwords, including administrators. It’s important to note that the attacker will not have access to the generated password, therefore, privilege escalation is not possible.
2024-09-24
5.3
CVE-2024-8794
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

codesupplyco–Sight Professional Image Gallery and Portfolio 
The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘handler_post_title’ function in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to expose private, pending, trashed, and draft post titles. Successful exploitation requires the Elementor plugin to be installed and activated.
2024-09-26
5.3
CVE-2024-9025
security@wordfence.comsecurity@wordfence.com 

mayurik — modern_loan_management_system 
A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. The manipulation of the argument amount leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-23
5.4
CVE-2024-9089
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

Oct8ne–Oct8ne 
Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload.
2024-09-25
5.4
CVE-2024-9141
cve-coordination@incibe.es 

litespeedtech–LiteSpeed Cache 
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
2024-09-25
5.5
CVE-2024-9169
security@wordfence.comsecurity@wordfence.com 

omardabbas–EU/UK VAT Manager for WooCommerce 
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. This makes it possible for unauthenticated attackers to update the VAT status for any order.
2024-09-28
5.3
CVE-2024-9189
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

Clibo Manager–Clibo Manager 
Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS).
2024-09-26
5.8
CVE-2024-9199
cve-coordination@incibe.es 

SourceCodester–Online Railway Reservation System 
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_details.php. The manipulation of the argument id leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-29
5.3
CVE-2024-9321
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

Synology–Synology Drive Client 
Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.
2024-09-26
4.4
CVE-2022-49040
security@synology.com 

Synology–Synology Drive Client 
Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.
2024-09-26
4.4
CVE-2022-49041
security@synology.com 

IBM–Cloud Pak for Multicloud Management 
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.
2024-09-26
4.4
CVE-2023-46175
psirt@us.ibm.com 

Synology–Synology Active Backup for Business Agent 
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout.
2024-09-26
4
CVE-2023-52947
security@synology.com 

Google–Chrome 
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
2024-09-23
4.3
CVE-2023-7281
chrome-cve-admin@google.com 

Google–Chrome 
Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
2024-09-23
4.3
CVE-2023-7282
chrome-cve-admin@google.com 

NVIDIA–Container Toolkit 
NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
2024-09-26
4.1
CVE-2024-0133
psirt@nvidia.com 

Cisco–Cisco IOS XE Software 
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services.
2024-09-25
4.3
CVE-2024-20434
ykramarz@cisco.com 

Cisco–Cisco IOS XE Software 
A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting.
2024-09-25
4.7
CVE-2024-20510
ykramarz@cisco.com 

Alpine–Halo9 
Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23102
2024-09-28
4.6
CVE-2024-23960
cve@asrg.io 

IBM–Cognos Command Center 
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.
2024-09-26
4.3
CVE-2024-31899
psirt@us.ibm.com 

Zyxel–VMG8825-T50K firmware 
An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
2024-09-24
4.9
CVE-2024-38266
security@zyxel.com.tw 

Zyxel–VMG8825-T50K firmware 
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
2024-09-24
4.9
CVE-2024-38267
security@zyxel.com.tw 

Zyxel–VMG8825-T50K firmware 
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
2024-09-24
4.9
CVE-2024-38268
security@zyxel.com.tw 

Zyxel–VMG8825-T50K firmware 
An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
2024-09-24
4.9
CVE-2024-38269
security@zyxel.com.tw 

kstover–Ninja Forms The Contact Form Builder That Grows With You 
The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Successful exploitation of this vulnerability requires "maintenance mode" for a targeted form to be enabled. However, there is no setting available to the attacker or even an administrator-level user to enable this mode. The mode is only enabled during a required update, which is a very short window of time. Additionally, because of the self-based nature of this vulnerability, attackers would have to rely on additional techniques to execute a supplied payload in the context of targeted user.
2024-09-25
4.7
CVE-2024-3866
security@wordfence.comsecurity@wordfence.com 

goTenna–Pro ATAK Plugin 
The goTenna Pro ATAK Plugin has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.
2024-09-26
4.3
CVE-2024-41715
ics-cert@hq.dhs.gov 

goTenna–Pro ATAK Plugin 
The goTenna Pro ATAK Plugin broadcast key name is always sent unencrypted and could reveal the location of operation.
2024-09-26
4.3
CVE-2024-41931
ics-cert@hq.dhs.gov 

goTenna–Pro ATAK Plugin 
In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.
2024-09-26
4.3
CVE-2024-43694
ics-cert@hq.dhs.gov 

goTenna–Pro ATAK Plugin 
goTenna Pro ATAK Plugin by default enables frequent unencrypted Position, Location and Information (PLI) transmission. This transmission is done without user’s knowledge, revealing the exact location transmitted in unencrypted form.
2024-09-26
4.3
CVE-2024-43814
ics-cert@hq.dhs.gov 

ory–kratos 
Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assume that the identity’s highest available AAL is `aal1` even though it really is `aal2`. This means that the `highest_available` configuration will act as if the user has only one factor set up, for that particular user. This means that they can call the settings and whoami endpoint without a `aal2` session, even though that should be disallowed. An attacker would need to steal or guess a valid login OTP of a user who has only OTP for login enabled and who has an incorrect `available_aal` value stored, to exploit this vulnerability. All other aspects of the session (e.g. the session’s aal) are not impacted by this issue. On the Ory Network, only 0.00066% of registered users were affected by this issue, and most of those users appeared to be test users. Their respective AAL values have since been updated and they are no longer vulnerable to this attack. Version 1.3.0 is not affected by this issue. As a workaround, those who require MFA should disable the passwordless code login method. If that is not possible, check the sessions `aal` to identify if the user has `aal1` or `aal2`.
2024-09-26
4.4
CVE-2024-45042
security-advisories@github.com 

goTenna–Pro ATAK Plugin 
The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.
2024-09-26
4.3
CVE-2024-45838
ics-cert@hq.dhs.gov 

n/a–n/a 
A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List is viewed.
2024-09-26
4.7
CVE-2024-45984
cve@mitre.org 

n/a–n/a 
A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the update_contact.php
2024-09-26
4.7
CVE-2024-45985
cve@mitre.org 

n/a–n/a 
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user’s sensitive chat data of the current session to a malicious third-party or attacker-controlled server.
2024-09-26
4
CVE-2024-45989
cve@mitre.orgcve@mitre.org 

n/a–n/a 
An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function.
2024-09-27
4.8
CVE-2024-46333
cve@mitre.org 

n/a–n/a 
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31
2024-09-25
4.7
CVE-2024-46600
cve@mitre.org 

n/a–n/a 
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
2024-09-26
4.3
CVE-2024-46632
cve@mitre.org 

strawberry-graphql–strawberry 
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to cross-site request forgery (CSRF) attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django’s built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. Version `v0.243.0` is the first `strawberry-graphql` including a patch.
2024-09-25
4.6
CVE-2024-47082
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

mattermost — mattermost_server 
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.
2024-09-26
4.3
CVE-2024-47145
responsibledisclosure@mattermost.com 

agnaistic–agnai 
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue.
2024-09-26
4.3
CVE-2024-47170
security-advisories@github.com 

agnaistic–agnai 
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability.
2024-09-26
4.3
CVE-2024-47171
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

amir20–dozzle 
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.
2024-09-27
4.8
CVE-2024-47182
security-advisories@github.comsecurity-advisories@github.com 

Huawei–HarmonyOS 
Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability.
2024-09-27
4.7
CVE-2024-47293
psirt@huawei.com 

Huawei–HarmonyOS 
Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability.
2024-09-27
4.4
CVE-2024-47294
psirt@huawei.com 

Dnesscarkey–Use Any Font 
Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.
2024-09-25
4.3
CVE-2024-47305
audit@patchstack.com 

Supsystic–Slider by Supsystic 
Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.
2024-09-26
4.3
CVE-2024-47330
audit@patchstack.comaudit@patchstack.com 

Stuart Wilson–Joy Of Text Lite 
Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite.This issue affects Joy Of Text Lite: from n/a through 2.3.1.
2024-09-26
4.3
CVE-2024-47337
audit@patchstack.com 

Google–Chrome 
Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
2024-09-23
4.3
CVE-2024-7019
chrome-cve-admin@google.com 

Google–Chrome 
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
2024-09-23
4.3
CVE-2024-7020
chrome-cve-admin@google.com 

Red Hat–Red Hat Virtualization 4 
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.
2024-09-26
4.4
CVE-2024-7259
secalert@redhat.comsecalert@redhat.com 

codename065–Premium Packages Sell Digital Products Securely 
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.
2024-09-25
4.3
CVE-2024-7386
security@wordfence.comsecurity@wordfence.com 

Unknown–WP ULike 
The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2024-09-25
4.8
CVE-2024-7878
contact@wpscan.com 

Unknown–adstxt Plugin 
The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
2024-09-25
4.3
CVE-2024-7892
contact@wpscan.com 

thangnv27–WP MultiTasking WP Utilities 
The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
2024-09-28
4.4
CVE-2024-8189
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

webba-booking — webba_booking 
The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the booking form’s CSS.
2024-09-24
4.3
CVE-2024-8432
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

themehunk–Easy Mega Menu Plugin for WordPress ThemeHunk 
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings.
2024-09-25
4.3
CVE-2024-8434
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

hahncgdev–WP Easy Gallery WordPress Gallery Plugin 
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries.
2024-09-25
4.3
CVE-2024-8437
security@wordfence.comsecurity@wordfence.com 

scottpaterson–Easy PayPal Events 
The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2024-09-25
4.3
CVE-2024-8476
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

farookibrahim–MAS Static Content 
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information from private static content pages.
2024-09-25
4.3
CVE-2024-8483
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

themesflat–Themesflat Addons For Elementor 
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from draft and future scheduled posts.
2024-09-25
4.3
CVE-2024-8516
security@wordfence.comsecurity@wordfence.com 

wpchill–Download Monitor 
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality.
2024-09-26
4.3
CVE-2024-8552
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

expresstech — quiz_and_survey_master 
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2024-09-23
4.8
CVE-2024-8758
contact@wpscan.com 

icegram–Email Subscribers by Icegram Express Email Marketing, Newsletters, Automation for WordPress & WooCommerce 
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘preview_email_template_design’ function in all versions up to, and including, 5.7.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages.
2024-09-26
4.3
CVE-2024-8771
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

thehappymonster–Happy Addons for Elementor 
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including private, draft, and pending Elementor templates.
2024-09-25
4.3
CVE-2024-8801
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

devitemsllc–HT Mega Absolute Addons For Elementor 
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
2024-09-25
4.3
CVE-2024-8910
security@wordfence.comsecurity@wordfence.com 

Mattermost–Mattermost 
Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of.
2024-09-26
4.3
CVE-2024-9155
responsibledisclosure@mattermost.com 

HuankeMao–SCRM 
A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of the argument domain_verification_file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-09-27
4.7
CVE-2024-9278
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

kalvinGit–kvf-admin 
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
2024-09-27
4.7
CVE-2024-9280
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

bg5sbk–MiniCMS 
A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way.
2024-09-27
4.3
CVE-2024-9281
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

bg5sbk–MiniCMS 
A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way.
2024-09-27
4.3
CVE-2024-9282
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Online Railway Reservation System 
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /?page=tickets of the component Ticket Handler. The manipulation of the argument id leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
4.3
CVE-2024-9298
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Online Railway Reservation System 
A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. This vulnerability affects unknown code of the file contact_us.php of the component Message Us Form. The manipulation of the argument fullname/email/message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
4.3
CVE-2024-9300
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

Back to top

Low Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info
Patch Info

IBM–Aspera Console 
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie.
2024-09-25
3.7
CVE-2022-43845
psirt@us.ibm.com 

n/a–n/a 
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH.
2024-09-25
3.3
CVE-2023-25189
cve@mitre.org 

boldgrid–W3 Total Cache 
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.
2024-09-25
3.7
CVE-2023-5359
security@wordfence.comsecurity@wordfence.comsecurity@wordfence.com 

GitLab–GitLab 
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection.
2024-09-26
3.1
CVE-2024-4099
cve@gitlab.comcve@gitlab.com 

Peter Hardy-vanDoorn–Maintenance Redirect 
Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance Redirect: from n/a through 2.0.1.
2024-09-23
3.7
CVE-2024-45453
audit@patchstack.com 

getcursor–cursor 
Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib Injection using DYLD_INSERT_LIBRARIES environment variable. The usage of `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` allows an external dynamic library to be injected into the application using DYLD_INSERT_LIBRARIES environment variable. Moreover, the entitlement `com.apple.security.device.camera` allows the application to use the host camera and `com.apple.security.device.audio-input` allows the application to use the microphone. This means that untrusted code that is executed on the user’s machine can access the camera or the microphone, if the user has already given permission for Cursor to do so. In version 0.41.0, the entitlements have been split by process: the main process gets the camera and microphone entitlements, but not the DyLib entitlements, whereas the extension host process gets the DyLib entitlements but not the camera or microphone entitlements. As a workaround, do not explicitly give Cursor the permission to access the camera or microphone if untrusted users can run arbitrary commands on the affected machine.
2024-09-25
3.8
CVE-2024-45599
security-advisories@github.com 

TopQuadrant–TopBraid EDG 
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally.
2024-09-27
3
CVE-2024-45744
9119a7d8-5eab-497f-8521-727c672e37259119a7d8-5eab-497f-8521-727c672e37259119a7d8-5eab-497f-8521-727c672e37259119a7d8-5eab-497f-8521-727c672e3725 

TMsoft–MyAuth Gateway 
A vulnerability classified as problematic has been found in TMsoft MyAuth Gateway 3. Affected is an unknown function of the file /index.php. The manipulation of the argument console/nocache/cmd leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-09-27
3.5
CVE-2024-9276
cna@vuldb.comcna@vuldb.comcna@vuldb.com 

n/a–Langflow 
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-09-27
3.5
CVE-2024-9277
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

RelaxedJS–ReLaXed 
A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
2024-09-27
3.3
CVE-2024-9283
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

kalvinGit–kvf-admin 
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the argument upfile leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The GitHub repository of the project did not receive an update for more than two years.
2024-09-27
3.5
CVE-2024-9291
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Online Railway Reservation System 
A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. This affects an unknown part of the file /?page=reserve. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-09-28
3.5
CVE-2024-9299
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Online Timesheet App 
A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /endpoint/add-timesheet.php of the component Add Timesheet Form. The manipulation of the argument day/task leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2024-09-29
3.5
CVE-2024-9320
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

SourceCodester–Inventory Management System 
A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/add_staff.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2024-09-29
3.5
CVE-2024-9323
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

gitlab — gitlab 
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
2024-09-26
2.7
CVE-2024-4278
cve@gitlab.comcve@gitlab.com 

Uncanny Owl–Uncanny Groups for LearnDash 
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader-level access and above, to add users to their group which ultimately allows them to leverage CVE-2024-8349 and gain admin access to the site.
2024-09-25
2.7
CVE-2024-8350
security@wordfence.comsecurity@wordfence.com 

GitLab–GitLab 
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."
2024-09-26
2.6
CVE-2024-8974
cve@gitlab.com 

Enpass–Password Manager 
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component.
2024-09-26
2.5
CVE-2024-9203
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

funnyzpc–Mee-Admin 
A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of the argument User Nickname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-09-27
2.4
CVE-2024-9279
cna@vuldb.comcna@vuldb.comcna@vuldb.comcna@vuldb.com 

Back to top

Severity Not Yet Assigned

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info
Patch Info

goTenna–Pro 
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
2024-09-26
not yet calculated
CVE-2024-47123
ics-cert@hq.dhs.gov 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) – not-present page PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0 Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:memcpy_erms+0x6/0x10 […] Call Trace: <TASK> ? tpg_fill_plane_buffer+0x856/0x15b0 vivid_fillbuff+0x8ac/0x1110 vivid_thread_vid_cap_tick+0x361/0xc90 vivid_thread_vid_cap+0x21a/0x3a0 kthread+0x143/0x180 ret_from_fork+0x1f/0x30 </TASK> This is because we forget to check boundary after adjust compose->height int V4L2_SEL_TGT_CROP case. Add v4l2_rect_map_inside() to fix this problem for this case.
2024-09-23
not yet calculated
CVE-2022-48945
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Western Digital–My Cloud 
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102.
2024-09-27
not yet calculated
CVE-2024-22170
psirt@wdc.com 

n/a–n/a 
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.
2024-09-25
not yet calculated
CVE-2024-22892
cve@mitre.org 

Apache Software Foundation–Apache Hadoop 
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.
2024-09-25
not yet calculated
CVE-2024-23454
security@apache.orgsecurity@apache.org 

n/a–n/a 
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
2024-09-27
not yet calculated
CVE-2024-25412
cve@mitre.orgcve@mitre.org 

RSM Design–Website Template 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in RSM Design Website Template allows SQL Injection.This issue affects Website Template: before 1.2.
2024-09-27
not yet calculated
CVE-2024-3373
iletisim@usom.gov.tr 

MikroTik — Checkmk Exchange  
Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.
2024-09-27
not yet calculated
CVE-2024-38861
security@checkmk.com 

aimeos–ai-controller-frontend 
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
2024-09-26
not yet calculated
CVE-2024-39319
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

n/a–n/a 
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) after the installation process. This file can be accessed without authentication on HTTP port 80 by guessing the correct IIS webroot path. It includes system configuration parameter names and values with sensitive configuration values encrypted.
2024-09-23
not yet calculated
CVE-2024-39341
cve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function.
2024-09-27
not yet calculated
CVE-2024-40510
cve@mitre.orgcve@mitre.org 

n/a–n/a 
Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function
2024-09-25
not yet calculated
CVE-2024-41445
cve@mitre.org 

Media Fusion Co.,Ltd.–MF Teacher Performance Management System 
Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.
2024-09-27
not yet calculated
CVE-2024-41930
vultures@jpcert.or.jp 

n/a–n/a 
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
2024-09-23
not yet calculated
CVE-2024-42861
cve@mitre.org 

n/a–n/a 
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c).
2024-09-27
not yet calculated
CVE-2024-44910
cve@mitre.orgcve@mitre.org 

n/a–n/a 
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_aos.c).
2024-09-27
not yet calculated
CVE-2024-44911
cve@mitre.orgcve@mitre.org 

n/a–n/a 
NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c).
2024-09-27
not yet calculated
CVE-2024-44912
cve@mitre.orgcve@mitre.org 

PLANEX COMMUNICATIONS INC.–MZK-DP300N 
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.
2024-09-26
not yet calculated
CVE-2024-45372
vultures@jpcert.or.jpvultures@jpcert.or.jp 

Xen–Xen 
In x86’s APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, which generates an error when an error interrupt is raised. This case causes Xen to recurse through vlapic_error(). The recursion itself is bounded; errors accumulate in the the status register and only generate an interrupt when a new status bit becomes set. However, the lock protecting this state in Xen will try to be taken recursively, and deadlock.
2024-09-25
not yet calculated
CVE-2024-45817
security@xen.org 

PLANEX COMMUNICATIONS INC.–CS-QR10 
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user.
2024-09-26
not yet calculated
CVE-2024-45836
vultures@jpcert.or.jp 

n/a–n/a 
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user’s consent or knowledge. The attack leverages the user’s active session to perform the unauthorized action, compromising the integrity of the voting process.
2024-09-26
not yet calculated
CVE-2024-45987
cve@mitre.org 

n/a–n/a 
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let’s Encrypt Certificate.
2024-09-27
not yet calculated
CVE-2024-46256
cve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let’s Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5.
2024-09-27
not yet calculated
CVE-2024-46257
cve@mitre.orgcve@mitre.orgcve@mitre.org 

n/a–n/a 
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
2024-09-27
not yet calculated
CVE-2024-46453
cve@mitre.org 

Apache Software Foundation–Apache Tomcat Connectors 
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.
2024-09-23
not yet calculated
CVE-2024-46544
security@apache.org 

Talent Software–BAP Automation 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Talent Software BAP Automation allows Stored XSS.This issue affects BAP Automation: before 30840.
2024-09-25
not yet calculated
CVE-2024-4657
iletisim@usom.gov.tr 

n/a–n/a 
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users’ information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
2024-09-25
not yet calculated
CVE-2024-46610
cve@mitre.orgcve@mitre.org 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL
2024-09-27
not yet calculated
CVE-2024-46802
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interrupt context, write dbg_ev_file will be run by work queue. It will cause write dbg_ev_file execution after debug_trap_disable, which will cause NULL pointer access. v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.
2024-09-27
not yet calculated
CVE-2024-46803
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Do not check if array index valid. [How] Check msg_id valid and valid array index.
2024-09-27
not yet calculated
CVE-2024-46804
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix the waring dereferencing hive Check the amdgpu_hive_info *hive that maybe is NULL.
2024-09-27
not yet calculated
CVE-2024-46805
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the warning division or modulo by zero Checks the partition mode and returns an error for an invalid mode.
2024-09-27
not yet calculated
CVE-2024-46806
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer Validate tbo resource pointer, skip if NULL
2024-09-27
not yet calculated
CVE-2024-46807
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range [Why & How] ASSERT if return NULL from kcalloc.
2024-09-27
not yet calculated
CVE-2024-46808
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check BIOS images before it is used BIOS images may fail to load and null checks are added before they are used. This fixes 6 NULL_RETURNS issues reported by Coverity.
2024-09-27
not yet calculated
CVE-2024-46809
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initialized before signalling any HPD events via drm_kms_helper_hotplug_event(), otherwise this may lead to NULL pointer dereference.
2024-09-27
not yet calculated
CVE-2024-46810
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box [Why] Coverity reports OVERRUN warning. soc.num_states could be 40. But array range of bw_params->clk_table.entries is 8. [How] Assert if soc.num_states greater than 8.
2024-09-27
not yet calculated
CVE-2024-46811
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration [Why] Coverity reports Memory – illegal accesses. [How] Skip inactive planes.
2024-09-27
not yet calculated
CVE-2024-46812
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index. This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.
2024-09-27
not yet calculated
CVE-2024-46813
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity.
2024-09-27
not yet calculated
CVE-2024-46814
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets – 1]. This fixes an OVERRUN issue reported by Coverity.
2024-09-27
not yet calculated
CVE-2024-46815
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links [Why] Coverity report OVERRUN warning. There are only max_links elements within dc->links. link count could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31. [How] Make sure link count less than max_links.
2024-09-27
not yet calculated
CVE-2024-46816
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning. Should abort amdgpu_dm initialize. [How] Return failure to amdgpu_dm_init.
2024-09-27
not yet calculated
CVE-2024-46817
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity.
2024-09-27
not yet calculated
CVE-2024-46818
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don’t print NBIO err data
2024-09-27
not yet calculated
CVE-2024-46819
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend We do not directly enable/disable VCN IRQ in vcn 5.0.0. And we do not handle the IRQ state as well. So the calls to disable IRQ and set state are removed. This effectively gets rid of the warining of "WARN_ON(!amdgpu_irq_enabled(adev, src, type))" in amdgpu_irq_put().
2024-09-27
not yet calculated
CVE-2024-46820
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang)
2024-09-27
not yet calculated
CVE-2024-46821
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for the entry in cpu_madt_gicc[cpu] == NULL. This function would then cause a NULL pointer dereference. Whilst a path to trigger this has not been established, harden this caller against the possibility.
2024-09-27
not yet calculated
CVE-2024-46822
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflow_allocation_test The ‘device_name’ array doesn’t exist out of the ‘overflow_allocation_test’ function scope. However, it is being used as a driver name when calling ‘kunit_driver_create’ from ‘kunit_device_register’. It produces the kernel panic with KASAN enabled. Since this variable is used in one place only, remove it and pass the device name into kunit_device_register directly as an ascii string.
2024-09-27
not yet calculated
CVE-2024-46823
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don’t do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000004 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101059000 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 371 Comm: qemu-system-aar Not tainted 6.8.0-rc7-gde77230ac23a #9 Hardware name: linux,dummy-virt (DT) pstate: 81400809 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=-c) pc : 0x0 lr : iommufd_hwpt_invalidate+0xa4/0x204 sp : ffff800080f3bcc0 x29: ffff800080f3bcf0 x28: ffff0000c369b300 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000000 x22: 00000000c1e334a0 x21: ffff0000c1e334a0 x20: ffff800080f3bd38 x19: ffff800080f3bd58 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffff8240d6d8 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000001000000002 x7 : 0000fffeac1ec950 x6 : 0000000000000000 x5 : ffff800080f3bd78 x4 : 0000000000000003 x3 : 0000000000000002 x2 : 0000000000000000 x1 : ffff800080f3bcc8 x0 : ffff0000c6034d80 Call trace: 0x0 iommufd_fops_ioctl+0x154/0x274 __arm64_sys_ioctl+0xac/0xf0 invoke_syscall+0x48/0x110 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xb4 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 All existing drivers implement this op for nesting, this is mostly a bisection aid.
2024-09-27
not yet calculated
CVE-2024-46824
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is normally called with input from the firmware, so it should use IWL_FW_CHECK() instead of WARN_ON().
2024-09-27
not yet calculated
CVE-2024-46825
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec.
2024-09-27
not yet calculated
CVE-2024-46826
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an association request containing an Extended HE Capabilities Information Element with an invalid MCS-NSS, it triggers a firmware crash. This issue arises when EHT-PHY capabilities shows support for a bandwidth and MCS-NSS set for that particular bandwidth is filled by zeros and due to this, driver obtains peer_nss as 0 and sending this value to firmware causes crash. Address this issue by implementing a validation step for the peer_nss value before passing it to the firmware. If the value is greater than zero, proceed with forwarding it to the firmware. However, if the value is invalid, reject the association request to prevent potential firmware crashes. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1
2024-09-27
not yet calculated
CVE-2024-46827
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness In sch_cake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when iterating through flows. The count of active bulk flows is updated whenever a flow changes state. This has a peculiar interaction with the hash collision handling: when a hash collision occurs (after the set-associative hashing), the state of the hash bucket is simply updated to match the new packet that collided, and if host fairness is enabled, that also means assigning new per-host state to the flow. For this reason, the bulk flow counters of the host(s) assigned to the flow are decremented, before new state is assigned (and the counters, which may not belong to the same host anymore, are incremented again). Back when this code was introduced, the host fairness mode was always enabled, so the decrement was unconditional. When the configuration flags were introduced the *increment* was made conditional, but the *decrement* was not. Which of course can lead to a spurious decrement (and associated wrap-around to U16_MAX). AFAICT, when host fairness is disabled, the decrement and wrap-around happens as soon as a hash collision occurs (which is not that common in itself, due to the set-associative hashing). However, in most cases this is harmless, as the value is only used when host fairness mode is enabled. So in order to trigger an array overflow, sch_cake has to first be configured with host fairness disabled, and while running in this mode, a hash collision has to occur to cause the overflow. Then, the qdisc has to be reconfigured to enable host fairness, which leads to the array out-of-bounds because the wrapped-around value is retained and used as an array index. It seems that syzbot managed to trigger this, which is quite impressive in its own right. This patch fixes the issue by introducing the same conditional check on decrement as is used on increment. The original bug predates the upstreaming of cake, but the commit listed in the Fixes tag touched that code, meaning that this patch won’t apply before that.
2024-09-27
not yet calculated
CVE-2024-46828
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the ‘scheduling in atomic’ warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ]
2024-09-27
not yet calculated
CVE-2024-46829
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN via sync_regs(), which already holds SRCU. I.e. trying to precisely use kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause problems. Acquiring SRCU isn’t all that expensive, so for simplicity, grab it unconditionally for KVM_SET_VCPU_EVENTS. ============================= WARNING: suspicious RCU usage 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted —————————– include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by repro/1071: #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm] stack backtrace: CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: <TASK> dump_stack_lvl+0x7f/0x90 lockdep_rcu_suspicious+0x13f/0x1a0 kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm] kvm_vcpu_read_guest+0x3e/0x90 [kvm] nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel] load_vmcs12_host_state+0x432/0xb40 [kvm_intel] vmx_leave_nested+0x30/0x40 [kvm_intel] kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm] kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm] ? mark_held_locks+0x49/0x70 ? kvm_vcpu_ioctl+0x7d/0x970 [kvm] ? kvm_vcpu_ioctl+0x497/0x970 [kvm] kvm_vcpu_ioctl+0x497/0x970 [kvm] ? lock_acquire+0xba/0x2d0 ? find_held_lock+0x2b/0x80 ? do_user_addr_fault+0x40c/0x6f0 ? lock_release+0xb7/0x270 __x64_sys_ioctl+0x82/0xb0 do_syscall_64+0x6c/0x170 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7ff11eb1b539 </TASK>
2024-09-27
not yet calculated
CVE-2024-46830
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap: Fix use-after-free error in kunit test This is a clear use-after-free error. We remove it, and rely on checking the return code of vcap_del_rule.
2024-09-27
not yet calculated
CVE-2024-46831
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don’t call get_c0_compare_int if timer irq is installed This avoids warning: [ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by get_c0_compare_int on secondary CPU. We also skipped saving IRQ number to struct clock_event_device *cd as it’s never used by clockevent core, as per comments it’s only meant for "non CPU local devices".
2024-09-27
not yet calculated
CVE-2024-46832
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: net: hns3: void array out of bound when loop tnl_num When query reg inf of SSU, it loops tnl_num times. However, tnl_num comes from hardware and the length of array is a fixed value. To void array out of bound, make sure the loop time is not greater than the length of array
2024-09-27
not yet calculated
CVE-2024-46833
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can’t get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with active RSS contexts") proves that allowing indirection table to contain channels with out of bounds IDs may lead to crashes. Currently the max channel check in the core gets skipped if driver can’t fetch the indirection table or when we can’t allocate memory. Both of those conditions should be extremely rare but if they do happen we should try to be safe and fail the channel change.
2024-09-27
not yet calculated
CVE-2024-46834
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix smatch static checker warning adev->gfx.imu.funcs could be NULL
2024-09-27
not yet calculated
CVE-2024-46835
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis.
2024-09-27
not yet calculated
CVE-2024-46836
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on group_create We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM master or users with the CAP_SYS_NICE capability to set higher priorities than PANTHOR_GROUP_PRIORITY_MEDIUM. As the sole user of that uAPI lives in Mesa and hardcode a value of MEDIUM [1], this should be safe to do. Additionally, as those checks are performed at the ioctl level, panthor_group_create now only check for priority level validity. [1]https://gitlab.freedesktop.org/mesa/mesa/-/blob/f390835074bdf162a63deb0311d1a6de527f9f89/src/gallium/drivers/panfrost/pan_csf.c#L1038
2024-09-27
not yet calculated
CVE-2024-46837
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: don’t BUG_ON() if khugepaged yanks our page table Since khugepaged was changed to allow retracting page tables in file mappings without holding the mmap lock, these BUG_ON()s are wrong – get rid of them. We could also remove the preceding "if (unlikely(…))" block, but then we could reach pte_offset_map_lock() with transhuge pages not just for file mappings but also for anonymous mappings – which would probably be fine but I think is not necessarily expected.
2024-09-27
not yet calculated
CVE-2024-46838
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: workqueue: Improve scalability of workqueue watchdog touch On a ~2000 CPU powerpc system, hard lockups have been observed in the workqueue code when stop_machine runs (in this case due to CPU hotplug). This is due to lots of CPUs spinning in multi_cpu_stop, calling touch_nmi_watchdog() which ends up calling wq_watchdog_touch(). wq_watchdog_touch() writes to the global variable wq_watchdog_touched, and that can find itself in the same cacheline as other important workqueue data, which slows down operations to the point of lockups. In the case of the following abridged trace, worker_pool_idr was in the hot line, causing the lockups to always appear at idr_find. watchdog: CPU 1125 self-detected hard LOCKUP @ idr_find Call Trace: get_work_pool __queue_work call_timer_fn run_timer_softirq __do_softirq do_softirq_own_stack irq_exit timer_interrupt decrementer_common_virt * interrupt: 900 (timer) at multi_cpu_stop multi_cpu_stop cpu_stopper_thread smpboot_thread_fn kthread Fix this by having wq_watchdog_touch() only write to the line if the last time a touch was recorded exceeds 1/4 of the watchdog threshold.
2024-09-27
not yet calculated
CVE-2024-46839
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren’t holding a lock on the extent leaf and thus could get a transient incorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which could happen if we have extent tree corruption. Change that to return -EUCLEAN. In do_walk_down() we catch this case and handle it correctly, however we return -EIO, which -EUCLEAN is a more appropriate error code. Finally in walk_up_proc we have the same BUG_ON(refs == 0), so convert that to proper error handling. Also adjust the error message so we can actually do something with the information.
2024-09-27
not yet calculated
CVE-2024-46840
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: btrfs: don’t BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn’t fatal, return the error.
2024-09-27
not yet calculated
CVE-2024-46841
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for MBX_TIMEOUT cases, when firmware returns SFP information at a later time, that same mailbox memory region references previously freed memory in its cmpl routine. Fix by adding checks for the MBX_TIMEOUT return code. During mailbox resource cleanup, check the mbox flag to make sure that the wait did not timeout. If the MBOX_WAKE flag is not set, then do not free the resources because it will be freed when firmware completes the mailbox at a later time in its cmpl routine. Also, increase the timeout from 30 to 60 seconds to accommodate boot scripts requiring longer timeouts.
2024-09-27
not yet calculated
CVE-2024-46842
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported"). To guarantee that SCSI host is removed only if it has been added, set the scsi_host_added flag to true after adding a SCSI host and check whether it is set or not before removing it.
2024-09-27
not yet calculated
CVE-2024-46843
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn’t initialized by callers, but I have encountered cases where it’s still printed; initialize it in all possible cases in setup_one_line().
2024-09-27
not yet calculated
CVE-2024-46844
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and timer latency. If the program using this is killed via a SIGTERM, the threads are shutdown one at a time and another tracing instance can start up resetting the threads before they are fully closed. That causes the hrtimer assigned to the kthread to be shutdown and freed twice when the dying thread finally closes the file descriptors, causing a use-after-free bug. Only cancel the hrtimer if the associated thread is still around. Also add the interface_lock around the resetting of the tlat_var->kthread. Note, this is just a quick fix that can be backported to stable. A real fix is to have a better synchronization between the shutdown of old threads and the starting of new ones.
2024-09-27
not yet calculated
CVE-2024-46845
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and simply disabled clocks unconditionally when suspending the system. This causes problems when the device is already runtime suspended when we go to sleep — in which case we double-disable clocks and produce a WARNing. Switch back to pm_runtime_force_{suspend,resume}(), because that still seems like the right thing to do, and the aforementioned commit makes no explanation why it stopped using it. Also, refactor some of the resume() error handling, because it’s not actually a good idea to re-disable clocks on failure.
2024-09-27
not yet calculated
CVE-2024-46846
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block") extended the ‘vmap_block’ structure to contain a ‘cpu’ field which is set at allocation time to the id of the initialising CPU. When a new ‘vmap_block’ is being instantiated by new_vmap_block(), the partially initialised structure is added to the local ‘vmap_block_queue’ xarray before the ‘cpu’ field has been initialised. If another CPU is concurrently walking the xarray (e.g. via vm_unmap_aliases()), then it may perform an out-of-bounds access to the remote queue thanks to an uninitialised index. This has been observed as UBSAN errors in Android: | Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP | | Call trace: | purge_fragmented_block+0x204/0x21c | _vm_unmap_aliases+0x170/0x378 | vm_unmap_aliases+0x1c/0x28 | change_memory_common+0x1dc/0x26c | set_memory_ro+0x18/0x24 | module_enable_ro+0x98/0x238 | do_init_module+0x1b0/0x310 Move the initialisation of ‘vb->cpu’ in new_vmap_block() ahead of the addition to the xarray.
2024-09-27
not yet calculated
CVE-2024-46847
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner’s analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143. (For the details, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/) The HSW11 requires a period larger than 100 for the INST_RETIRED.ALL event, but the initial period in the freq mode is 1. The erratum is the same as the BDM11, which has been supported in the kernel. A minimum period of 128 is enforced as well on HSW. HSW143 is regarding that the fixed counter 1 may overcount 32 with the Hyper-Threading is enabled. However, based on the test, the hardware has more issues than it tells. Besides the fixed counter 1, the message ‘interrupt took too long’ can be observed on any counter which was armed with a period < 32 and two events expired in the same NMI. A minimum period of 32 is enforced for the rest of the events. The recommended workaround code of the HSW143 is not implemented. Because it only addresses the issue for the fixed counter. It brings extra overhead through extra MSR writing. No related overcounting issue has been reported so far.
2024-09-27
not yet calculated
CVE-2024-46848
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix ‘use-after-free’ Buffer ‘card->dai_link’ is reallocated in ‘meson_card_reallocate_links()’, so move ‘pad’ pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194
2024-09-27
not yet calculated
CVE-2024-46849
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. The pipe context passed to dcn35_set_drr() is a member of this resource context. If dc_state_destruct() is called parallel to the IRQ processing (which calls dcn35_set_drr() at some point), we can end up using already nulled function callback fields of struct stream_resource. The logic in dcn35_set_drr() already tries to avoid this, by checking tg against NULL. But if the nulling happens exactly after the NULL check and before the next access, then we get a race. Avoid this by copying tg first to a local variable, and then use this variable for all the operations. This should work, as long as nobody frees the resource pool where the timing generators live. (cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)
2024-09-27
not yet calculated
CVE-2024-46850
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. The pipe context passed to dcn10_set_drr() is a member of this resource context. If dc_state_destruct() is called parallel to the IRQ processing (which calls dcn10_set_drr() at some point), we can end up using already nulled function callback fields of struct stream_resource. The logic in dcn10_set_drr() already tries to avoid this, by checking tg against NULL. But if the nulling happens exactly after the NULL check and before the next access, then we get a race. Avoid this by copying tg first to a local variable, and then use this variable for all the operations. This should work, as long as nobody frees the resource pool where the timing generators live. (cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643)
2024-09-27
not yet calculated
CVE-2024-46851
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don’t track CMA dma-buf pages under RssFile") it was possible to obtain a mapping larger than the buffer size via mremap and bypass the overflow check in dma_buf_mmap_internal. When using such a mapping to attempt to fault past the end of the buffer, the CMA heap fault handler also checks the fault offset against the buffer size, but gets the boundary wrong by 1. Fix the boundary check so that we don’t read off the end of the pages array and insert an arbitrary page in the mapping.
2024-09-27
not yet calculated
CVE-2024-46852
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd if=3b of=/dev/mtd0 [ 36.926103] ================================================================== [ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838 [ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455 [ 36.946721] [ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070 [ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT) [ 36.961260] Call trace: [ 36.963723] dump_backtrace+0x90/0xe8 [ 36.967414] show_stack+0x18/0x24 [ 36.970749] dump_stack_lvl+0x78/0x90 [ 36.974451] print_report+0x114/0x5cc [ 36.978151] kasan_report+0xa4/0xf0 [ 36.981670] __asan_report_load_n_noabort+0x1c/0x28 [ 36.986587] nxp_fspi_exec_op+0x26ec/0x2838 [ 36.990800] spi_mem_exec_op+0x8ec/0xd30 [ 36.994762] spi_mem_no_dirmap_read+0x190/0x1e0 [ 36.999323] spi_mem_dirmap_write+0x238/0x32c [ 37.003710] spi_nor_write_data+0x220/0x374 [ 37.007932] spi_nor_write+0x110/0x2e8 [ 37.011711] mtd_write_oob_std+0x154/0x1f0 [ 37.015838] mtd_write_oob+0x104/0x1d0 [ 37.019617] mtd_write+0xb8/0x12c [ 37.022953] mtdchar_write+0x224/0x47c [ 37.026732] vfs_write+0x1e4/0x8c8 [ 37.030163] ksys_write+0xec/0x1d0 [ 37.033586] __arm64_sys_write+0x6c/0x9c [ 37.037539] invoke_syscall+0x6c/0x258 [ 37.041327] el0_svc_common.constprop.0+0x160/0x22c [ 37.046244] do_el0_svc+0x44/0x5c [ 37.049589] el0_svc+0x38/0x78 [ 37.052681] el0t_64_sync_handler+0x13c/0x158 [ 37.057077] el0t_64_sync+0x190/0x194 [ 37.060775] [ 37.062274] Allocated by task 455: [ 37.065701] kasan_save_stack+0x2c/0x54 [ 37.069570] kasan_save_track+0x20/0x3c [ 37.073438] kasan_save_alloc_info+0x40/0x54 [ 37.077736] __kasan_kmalloc+0xa0/0xb8 [ 37.081515] __kmalloc_noprof+0x158/0x2f8 [ 37.085563] mtd_kmalloc_up_to+0x120/0x154 [ 37.089690] mtdchar_write+0x130/0x47c [ 37.093469] vfs_write+0x1e4/0x8c8 [ 37.096901] ksys_write+0xec/0x1d0 [ 37.100332] __arm64_sys_write+0x6c/0x9c [ 37.104287] invoke_syscall+0x6c/0x258 [ 37.108064] el0_svc_common.constprop.0+0x160/0x22c [ 37.112972] do_el0_svc+0x44/0x5c [ 37.116319] el0_svc+0x38/0x78 [ 37.119401] el0t_64_sync_handler+0x13c/0x158 [ 37.123788] el0t_64_sync+0x190/0x194 [ 37.127474] [ 37.128977] The buggy address belongs to the object at ffff00081037c2a0 [ 37.128977] which belongs to the cache kmalloc-8 of size 8 [ 37.141177] The buggy address is located 0 bytes inside of [ 37.141177] allocated 3-byte region [ffff00081037c2a0, ffff00081037c2a3) [ 37.153465] [ 37.154971] The buggy address belongs to the physical page: [ 37.160559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89037c [ 37.168596] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.175149] page_type: 0xfdffffff(slab) [ 37.179021] raw: 0bfffe0000000000 ffff000800002500 dead000000000122 0000000000000000 [ 37.186788] raw: 0000000000000000 0000000080800080 00000001fdffffff 0000000000000000 [ 37.194553] page dumped because: kasan: bad access detected [ 37.200144] [ 37.201647] Memory state around the buggy address: [ 37.206460] ffff00081037c180: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 37.213701] ffff00081037c200: fa fc fc fc 05 fc fc fc 03 fc fc fc 02 fc fc fc [ 37.220946] >ffff00081037c280: 06 fc fc fc 03 fc fc fc fc fc fc fc fc fc fc fc [ 37.228186] ^ [ 37.232473] ffff00081037c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.239718] ffff00081037c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.246962] ============================================================== —truncated—
2024-09-27
not yet calculated
CVE-2024-46853
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination
2024-09-27
not yet calculated
CVE-2024-46854
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: fix sk refcount leaks We must put ‘sk’ reference before returning.
2024-09-27
not yet calculated
CVE-2024-46855
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices The probe() function is only used for DP83822 and DP83826 PHY, leaving the private data pointer uninitialized for the DP83825 models which causes a NULL pointer dereference in the recently introduced/changed functions dp8382x_config_init() and dp83822_set_wol(). Add the dp8382x_probe() function, so all PHY models will have a valid private data pointer to fix this issue and also prevent similar issues in the future.
2024-09-27
not yet calculated
CVE-2024-46856
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 […] [ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] […] [ 168.976037] Call Trace: [ 168.976188] <TASK> [ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core] [ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core] [ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0 [ 168.979714] rtnetlink_rcv_msg+0x159/0x400 [ 168.980451] netlink_rcv_skb+0x54/0x100 [ 168.980675] netlink_unicast+0x241/0x360 [ 168.980918] netlink_sendmsg+0x1f6/0x430 [ 168.981162] ____sys_sendmsg+0x3bb/0x3f0 [ 168.982155] ___sys_sendmsg+0x88/0xd0 [ 168.985036] __sys_sendmsg+0x59/0xa0 [ 168.985477] do_syscall_64+0x79/0x150 [ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 168.987773] RIP: 0033:0x7f8f7950f917 (esw->fdb_table.legacy.vepa_fdb is null) The bridge mode is only relevant when there are multiple functions per port. Therefore, prevent setting and getting this setting when there are no VFs. Note that after this change, there are no settings to change on the PF interface using `bridge link` when there are no VFs, so the interface no longer appears in the `bridge link` output.
2024-09-27
not yet calculated
CVE-2024-46857
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by "pm.lock", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of "entry->add_timer". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar "entry->x" uaf.
2024-09-27
not yet calculated
CVE-2024-46858
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 – SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries. So it only supports the AC+DC brightness entries and mute. Check that the SINF array has a minimum size which covers all AC+DC brightness entries and refuse to load if the SINF array is smaller. For higher SINF indexes hide the sysfs attributes when the SINF array does not contain an entry for that attribute, avoiding show()/store() accessing the array out of bounds and add bounds checking to the probe() and resume() code accessing these.
2024-09-27
not yet calculated
CVE-2024-46859
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change When disabling wifi mt7921_ipv6_addr_change() is called as a notifier. At this point mvif->phy is already NULL so we cannot use it here.
2024-09-27
not yet calculated
CVE-2024-46860
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: * Payload too short * Payload formatted incorrecly (e.g. bad NCM framing) * Lack of memory None of these should cause the driver to seize up. Make such failures non-critical and continue processing further incoming URBs.
2024-09-27
not yet calculated
CVE-2024-46861
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required.
2024-09-27
not yet calculated
CVE-2024-46862
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required.
2024-09-27
not yet calculated
CVE-2024-46863
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization. cpuhp_setup_state() returns the state number if state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call is conditioned upon "hyperv_init_cpuhp > 0". This will never be true and so hv_cpu_die() won’t be called on all CPUs. This means the VP assist page won’t be reset. When the kexec kernel tries to setup the VP assist page again, the hypervisor corrupts the memory region of the old VP assist page causing a panic in case the kexec kernel is using that memory elsewhere. This was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec panic/hang issues"). Get rid of hyperv_init_cpuhp entirely since we are no longer using a dynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with cpuhp_remove_state().
2024-09-27
not yet calculated
CVE-2024-46864
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.
2024-09-27
not yet calculated
CVE-2024-46865
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in show_meminfo() bo_meminfo() wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab the bo lock when calling bo_meminfo(), ensuring we drop any spinlocks first. In the case of object_idr we now also need to hold a ref. v2 (MattB) – Also add xe_bo_assert_held() (cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)
2024-09-27
not yet calculated
CVE-2024-46866
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in show_meminfo() There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix that by dropping the ref using xe_bo_put_deferred(), and moving the final commit outside of the lock. Dropping the lock around the put is tricky since the bo can go out of scope and delete itself from the list, making it difficult to navigate to the next list entry. (cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)
2024-09-27
not yet calculated
CVE-2024-46867
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

Linux–Linux 
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock. That means that if we tried to set it later, then it would cause a deadlock. Drop the lock on the error path. That’s what all the callers are expecting.
2024-09-27
not yet calculated
CVE-2024-46868
416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 

microsoft–terraform-provider-power-platform 
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the `client_secret` used in the service principal authentication, may be exposed in logs. This exposure occurs due to an error in the logging code that causes the `client_secret` to not be properly masked when logs are persisted or viewed. Users should upgrade to version 3.0.0 to receive a patched version of the provider that removes all logging of sensitive content. Users who have used this provider with the affected versions should take the following additional steps to mitigate the risk: Immediately rotate the `client_secret` for any service principal that has been configured using this Terraform provider. This will invalidate any potentially exposed secrets. Those who have set the `TF_LOG_PATH` environment variable or configured Terraform to persist logs to a file or an external system, consider disabling this until they have updated to a fixed version of the provider. Those who have existing logs that may contain the `client_secret` should remove or sanitize these logs to prevent unauthorized access. This includes logs on disk, in monitoring systems, or in logging services.
2024-09-25
not yet calculated
CVE-2024-47083
security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com 

goTenna–Pro 
The goTenna Pro series uses a weak password for the QR broadcast message. If the QR broadcast message is captured over RF it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast.
2024-09-26
not yet calculated
CVE-2024-47121
ics-cert@hq.dhs.gov 

goTenna–Pro 
In the goTenna Pro application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted communications that include P2P, Group, and broadcast messages that use these keys.
2024-09-26
not yet calculated
CVE-2024-47122
ics-cert@hq.dhs.gov 

goTenna–Pro 
The goTenna pro series does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities.
2024-09-26
not yet calculated
CVE-2024-47124
ics-cert@hq.dhs.gov 

goTenna–Pro 
The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker to intercept and manipulate messages.
2024-09-26
not yet calculated
CVE-2024-47125
ics-cert@hq.dhs.gov 

goTenna–Pro 
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.
2024-09-26
not yet calculated
CVE-2024-47126
ics-cert@hq.dhs.gov 

goTenna–Pro 
In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulnerability can be exploited if the device is being used in a unencrypted environment or if the cryptography has already been compromised.
2024-09-26
not yet calculated
CVE-2024-47127
ics-cert@hq.dhs.gov 

goTenna–Pro 
The goTenna Pro broadcast key name is always sent unencrypted and could reveal the location of operation.
2024-09-26
not yet calculated
CVE-2024-47128
ics-cert@hq.dhs.gov 

goTenna–Pro 
The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.
2024-09-26
not yet calculated
CVE-2024-47129
ics-cert@hq.dhs.gov 

goTenna–Pro 
The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys used for P2P and Group messages.
2024-09-26
not yet calculated
CVE-2024-47130
ics-cert@hq.dhs.gov 

Apache Software Foundation–Maven Archetype Plugin 
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. We expect that on many developer machines, this also contains credentials. When the user runs mvn verify again (without a mvn clean), this file becomes part of the final artifact. If a developer were to publish this into Maven Central or any other remote repository (whether as a release or a snapshot) their credentials would be published without them knowing.
2024-09-26
not yet calculated
CVE-2024-47197
security@apache.org 

n/a–n/a 
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.
2024-09-23
not yet calculated
CVE-2024-47222
cve@mitre.orgcve@mitre.org 

Rockwell Automation–SequenceManager 
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted.
2024-09-27
not yet calculated
CVE-2024-6436
PSIRT@rockwellautomation.com 

Devolutions–Devolutions Server 
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
2024-09-25
not yet calculated
CVE-2024-6512
security@devolutions.net 

Unknown–Contact Form 7 Math Captcha 
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.
2024-09-26
not yet calculated
CVE-2024-6517
contact@wpscan.com 

ESET, spol. s r.o.–ESET Cyber Security 
Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down.
2024-09-27
not yet calculated
CVE-2024-6654
security@eset.com 

mudler–mudler/localai 
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system.
2024-09-27
not yet calculated
CVE-2024-6983
security@huntr.devsecurity@huntr.dev 

Sharp NEC Display Solutions, Ltd.–NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, NP-CG6400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, NP-PV710UL-B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X, NP-CA4300U, NP-CA4300W, NP-CA4305X, NP-CA4400X, NP-CD2125X, NP-CD2200W, NP-CD2300U, NP-CD2310X, NP-CR2105X, NP-CR2200X, NP-CR2205W, NP-CR2300U, NP-CR2300W, NP-CR2315X, NP-CR2400X, NP-MC333XG, NP-MC363XG, NP-MC393WJL, NP-MC423W, NP-MC423WG, NP-MC453X, NP-MC453X, NP-MC453XG, NP-MC453XJL, NP-ME383WG, NP-ME403U, NP-ME403UG, NP-ME403UJL, NP-ME423W, NP-ME423WG, NP-ME423WJL, NP-ME453X, NP-ME453XG, NP-CB4400USL, NP-CB4400WSL, NP-CB4510UL, NP-CB4510WL, NP-CB4510XL, NP-CB4550USL, NP-CB6700UL, NP-CG6510UL, NP-PE456USL, NP-PE456USLG, NP-PE456USLJL, NP-PE456WSLG, NP-PE506UL, NP-PE506ULG, NP-PE506ULJL, NP-PE506WL, NP-PE506WLG, NP-PE506WLJL 
Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, NP-CG6400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, NP-PV710UL-B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X, NP-CA4300U, NP-CA4300W, NP-CA4305X, NP-CA4400X, NP-CD2125X, NP-CD2200W, NP-CD2300U, NP-CD2310X, NP-CR2105X, NP-CR2200X, NP-CR2205W, NP-CR2300U, NP-CR2300W, NP-CR2315X, NP-CR2400X, NP-MC333XG, NP-MC363XG, NP-MC393WJL, NP-MC423W, NP-MC423WG, NP-MC453X, NP-MC453X, NP-MC453XG, NP-MC453XJL, NP-ME383WG, NP-ME403U, NP-ME403UG, NP-ME403UJL, NP-ME423W, NP-ME423WG, NP-ME423WJL, NP-ME453X, NP-ME453XG, NP-CB4400USL, NP-CB4400WSL, NP-CB4510UL, NP-CB4510WL, NP-CB4510XL, NP-CB4550USL, NP-CB6700UL, NP-CG6510UL, NP-PE456USL, NP-PE456USLG, NP-PE456USLJL, NP-PE456WSLG, NP-PE506UL, NP-PE506ULG, NP-PE506ULJL, NP-PE506WL, NP-PE506WLG, NP-PE506WLJL) allows an attacker to cause a denial-of-service (DoS) condition via SNMP service.
2024-09-27
not yet calculated
CVE-2024-7011
psirt-info@cyber.jp.nec.com 

National Keep Cyber Security Services–CyberMath 
Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: before CYBM.240816253.
2024-09-26
not yet calculated
CVE-2024-7107
iletisim@usom.gov.tr 

National Keep Cyber Security Services–CyberMath 
Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.240816253.
2024-09-26
not yet calculated
CVE-2024-7108
iletisim@usom.gov.tr 

Concrete CMS–Concrete CMS 
Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users or groups with permission to create event calendars can embed scripts, and users or groups with permission to modify event calendars can execute scripts. The Concrete CMS Security Team gave this vulnerability a CVSS v4 score of 1.8 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N . Thank you, Yusuke Uchida for reporting.
2024-09-25
not yet calculated
CVE-2024-7398
ff5b8ace-8b95-4078-9743-eac1ca5451deff5b8ace-8b95-4078-9743-eac1ca5451deff5b8ace-8b95-4078-9743-eac1ca5451deff5b8ace-8b95-4078-9743-eac1ca5451deff5b8ace-8b95-4078-9743-eac1ca5451de 

ESET, spol. s r.o.–ESET NOD32 Antivirus 
The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.
2024-09-27
not yet calculated
CVE-2024-7400
security@eset.com 

Devolutions–Remote Desktop Manager 
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions
2024-09-25
not yet calculated
CVE-2024-7421
security@devolutions.net 

Unknown–AI ChatBot with ChatGPT and Content Generator by AYS 
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
2024-09-27
not yet calculated
CVE-2024-7713
contact@wpscan.com 

Exnet Informatics Software–Ferry Reservation System 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection.This issue affects Ferry Reservation System: before 240805-002.
2024-09-23
not yet calculated
CVE-2024-7735
iletisim@usom.gov.tr 

Exnet Informatics Software–Ferry Reservation System 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Exnet Informatics Software Ferry Reservation System allows Reflected XSS.This issue affects Ferry Reservation System: before 240805-002.
2024-09-23
not yet calculated
CVE-2024-7835
iletisim@usom.gov.tr 

Grafana–Grafana 
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
2024-09-26
not yet calculated
CVE-2024-8118
security@grafana.com 

GitHub–GitHub Enterprise Server 
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program.
2024-09-23
not yet calculated
CVE-2024-8263
product-cna@github.comproduct-cna@github.comproduct-cna@github.comproduct-cna@github.comproduct-cna@github.com 

Concrete CMS–Concrete CMS 
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 2.1 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N  Thanks,  Alexey Solovyev for reporting.
2024-09-25
not yet calculated
CVE-2024-8291
ff5b8ace-8b95-4078-9743-eac1ca5451deff5b8ace-8b95-4078-9743-eac1ca5451deff5b8ace-8b95-4078-9743-eac1ca5451deff5b8ace-8b95-4078-9743-eac1ca5451de 

Checkmk GmbH–Checkmk 
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
2024-09-23
not yet calculated
CVE-2024-8606
security@checkmk.com 

Oceanic Software–ValeApp 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0.
2024-09-27
not yet calculated
CVE-2024-8607
iletisim@usom.gov.tr 

Oceanic Software–ValeApp 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0.
2024-09-27
not yet calculated
CVE-2024-8608
iletisim@usom.gov.tr 

Oceanic Software–ValeApp 
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0.
2024-09-27
not yet calculated
CVE-2024-8609
iletisim@usom.gov.tr 

Oceanic Software–ValeApp 
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.
2024-09-27
not yet calculated
CVE-2024-8643
iletisim@usom.gov.tr 

Oceanic Software–ValeApp 
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0.
2024-09-27
not yet calculated
CVE-2024-8644
iletisim@usom.gov.tr 

Riello–Netman 204 
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05.
2024-09-25
not yet calculated
CVE-2024-8877
office@cyberdanube.com 

Riello–Netman 204 
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.
2024-09-25
not yet calculated
CVE-2024-8878
office@cyberdanube.com 

Acronis–Acronis Cyber Protect Cloud Agent 
Local active protection service settings manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows, macOS) before build 38565.
2024-09-23
not yet calculated
CVE-2024-8903
security@acronis.com 

Puppet–PEADM Forge Module 
In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.
2024-09-27
not yet calculated
CVE-2024-9160
security@puppet.com 

Atelmo–Atemio AM 520 HD Full HD Satellite Receiver 
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the ‘getcommand’ query within the application, allowing the attacker to gain root access.
2024-09-26
not yet calculated
CVE-2024-9166
ics-cert@hq.dhs.gov 

Eclipse Foundation–Eclipse Dataspace Components 
In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single dataset, which should be subject to the same filtering process, but currently is missing the correct filtering. This enables parties to potentially see datasets they should not have access to, thereby exposing sensitive information. Exploiting this vulnerability requires knowing the ID of a restricted dataset, but some IDs may be guessed by trying out many IDs in an automated way. Affected code: DatasetResolverImpl, L76-79 https://github.com/eclipse-edc/Connector/blob/v0.9.0/core/control-plane/control-plane-catalog/src/main/java/org/eclipse/edc/connector/controlplane/catalog/DatasetResolverImpl.java
2024-09-27
not yet calculated
CVE-2024-9202
emo@eclipse.orgemo@eclipse.orgemo@eclipse.org 

Netflix–E2Nest 
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
2024-09-27
not yet calculated
CVE-2024-9301
security-report@netflix.com 

Back to top

AI Summary and Description: Yes

**Summary**: The text outlines numerous vulnerabilities found across a broad spectrum of software and systems, including vulnerabilities rated from high to low, along with their CVSS scores, descriptions, and publication dates. It serves as a critical resource for security, privacy, and compliance professionals to mitigate risks associated with their infrastructures.

**Detailed Description**: This exhaustive list of vulnerabilities covers a variety of applications and devices, highlighting critical security risks that carry significant implications for professionals in information technology and cybersecurity. The vulnerabilities span popular products and plugins, including numerous WordPress plugins, Cisco software, Linux kernel vulnerabilities, and specific hardware devices.

Key points include:

– **High Severity Vulnerabilities**:
– Many vulnerabilities have been identified with CVSS scores of 10, indicating critical risks such as remote code execution, SQL injection, and privilege escalation in widely used applications and systems (e.g., vulnerabilities in Docker, WordPress plugins, and network equipment).
– Examples include a severe SQL injection vulnerability in SourceCodester’s online systems, which could lead to data breaches and unauthorized access, and a command injection vulnerability in various devices from manufacturers like Autel and Sony that could result in unauthorized control over these devices.

– **Medium to Low Severity Vulnerabilities**:
– Mid-tier vulnerabilities (CVSS scores ranging from 4 to 6.9) indicate less critical but still significant issues that could compromise data integrity or enable unauthorized operations, such as authentication bypass or improper access controls.
– Even low-severity vulnerabilities can lead to exploitation under certain conditions, highlighting the necessity for robust patch management and security monitoring.

– **Specific Examples**:
– The text notes specific CVEs (Common Vulnerabilities and Exposures) with unique identifiers that provide a clear pathway for remediation effort tracking.
– For instance, vulnerabilities in Apache Tomcat Connectors and various plugins for WordPress highlight the extensive security concerns across widely adopted software solutions.

– **Recommendations for Professionals**:
– IT and cybersecurity professionals should treat these reported vulnerabilities as priority targets for mitigation.
– Implementing a strategy for rapid inventory management and patch deployment will aid in defending against the exploitation of these vulnerabilities.
– Engaging in regular vulnerability scanning, penetration testing, and user training could fortify defenses against potential attacks arising from these weaknesses.

This comprehensive list serves as an essential reference for proactive security management, and keeping track of updates from software vendors to address identified vulnerabilities should be prioritized. Ensuring rigorous compliance with security protocols and guidelines will mitigate risks associated with these vulnerabilities effectively.