CVE-2024-6898 - A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument UserName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271923.
19/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6898
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38156 - Microsoft Edge (Chromium-based) Spoofing Vulnerability
19/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38156
Partager : LinkedIn / Twitter / Facebook

CVE-2024-35199 - TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost/) by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed in PR #3083. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
19/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-35199
Partager : LinkedIn / Twitter / Facebook

CVE-2024-35198 - TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed by validating the URL without characters such as ".." before downloading see PR #3082. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
19/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-35198
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30130 - HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.
19/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30130
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41111 - Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. The exploit is pretty fun as we make the Sliver server pwn itself. As described in a past issue (#65), "there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server." An operator who exploited this vulnerability would be able to view all console logs, kick all other operators, view and modify files stored on the server, and ultimately delete the server. This issue has not yet be addressed but is expected to be resolved before the full release of version 1.6.0. Users of the 1.6.0 prerelease should avoid using Silver in production.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41111
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40642 - The netty incubator codec.bhttp is a java language binary http parser. In affected versions the `BinaryHttpParser` class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync attacks, HTTP header injections, request queue poisoning, caching attacks and Server Side Request Forgery (SSRF). Attacker could also combine several issues to create well-formed messages for other text-based protocols which may result in attacks beyond the HTTP protocol. The BinaryHttpParser class implements the readRequestHead method which performs most of the relevant parsing of the received request. The data structure prefixes values with a variable length integer value. The parsing code below first gets the lengths of the values from the prefixed variable length integer. After it has all of the lengths and calculates all of the indices, the parser casts the applicable slices of the ByteBuf to String. Finally, it passes these values into a new `DefaultBinaryHttpRequest` object where no further parsing or validation occurs. Method is partially validated while other values are not validated at all. Software that relies on netty to apply input validation for binary HTTP data may be vulnerable to various injection and protocol based attacks. This issue has been addressed in version 0.0.13.Final. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40642
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5997 - The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_user and duplicate_post functions in all versions up to, and including, 0.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create duplicates of users and posts/pages.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5997
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6455 - The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6455
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39173 - calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39173
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39090 - The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39090
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30126 - HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30126
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5321 - A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5321
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39152 - Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-6655. Reason: This record is a reservation duplicate of CVE-2024-6655. Notes: All CVE users should reference CVE-2024-6655 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39152
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38806 - Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their intended permissions.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38806
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5625 - Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup.This issue affects Apinizer Management Console: before 2024.05.1.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5625
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30125 - HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30125
Partager : LinkedIn / Twitter / Facebook

CVE-2024-0857 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: through 18072024.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-0857
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5620 - Authentication Bypass Using an Alternate Path or Channel vulnerability in PruvaSoft Informatics Apinizer Management Console allows Authentication Bypass.This issue affects Apinizer Management Console: before 2024.05.1.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5620
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5619 - Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apinizer Management Console: before 2024.05.1.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5619
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5618 - Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Apinizer Management Console: before 2024.05.1.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5618
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40648 - matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result return a value contrary to what is implied by its name and documentation. If the method is used to decide whether to perform sensitive operations towards a user identity, a malicious homeserver could manipulate the outcome in order to make the identity appear trusted. This is not a typical usage of the method, which lowers the impact. The method itself is not used inside the `matrix-sdk-crypto` crate. The 0.7.2 release of the `matrix-sdk-crypto` crate includes a fix. All users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40648
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40647 - sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK < 2.8.0 allows the environment variables to be passed to subprocesses despite the `env={}` setting. In Python's `subprocess` calls, all environment variables are passed to subprocesses by default. However, if you specifically do not want them to be passed to subprocesses, you may use `env` argument in `subprocess` calls. Due to the bug in Sentry SDK, with the Stdlib integration enabled (which is enabled by default), this expectation is not fulfilled, and all environment variables are being passed to subprocesses instead. The issue has been patched in pull request #3251 and is included in sentry-sdk==2.8.0. We strongly recommend upgrading to the latest SDK version. However, if it's not possible, and if passing environment variables to child processes poses a security risk for you, you can disable all default integrations.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40647
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40644 - gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. `gix-path` can be tricked into running another `git.exe` placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new directories in the root of the system drive. While `gix-path` first looks for `git` using a `PATH` search, in version 0.10.8 it also has a fallback strategy on Windows of checking two hard-coded paths intended to be the 64-bit and 32-bit Program Files directories. Existing functions, as well as the newly introduced `exe_invocation` function, were updated to make use of these alternative locations. This causes facilities in `gix_path::env` to directly execute `git.exe` in those locations, as well as to return its path or whatever configuration it reports to callers who rely on it. Although unusual setups where the system drive is not `C:`, or even where Program Files directories have non-default names, are technically possible, the main problem arises on a 32-bit Windows system. Such a system has no `C:\Program Files (x86)` directory. A limited user on a 32-bit Windows system can therefore create the `C:\Program Files (x86)` directory and populate it with arbitrary contents. Once a payload has been placed at the second of the two hard-coded paths in this way, other user accounts including administrators will execute it if they run an application that uses `gix-path` and do not have `git` in a `PATH` directory. (While having `git` found in a `PATH` search prevents exploitation, merely having it installed in the default location under the real `C:\Program Files` directory does not. This is because the first hard-coded path's `mingw64` component assumes a 64-bit installation.). Only Windows is affected. Exploitation is unlikely except on a 32-bit system. In particular, running a 32-bit build on a 64-bit system is not a risk factor. Furthermore, the attacker must have a user account on the system, though it may be a relatively unprivileged account. Such a user can perform privilege escalation and execute code as another user, though it may be difficult to do so reliably because the targeted user account must run an application or service that uses `gix-path` and must not have `git` in its `PATH`. The main exploitable configuration is one where Git for Windows has been installed but not added to `PATH`. This is one of the options in its installer, though not the default option. Alternatively, an affected program that sanitizes its `PATH` to remove seemingly nonessential directories could allow exploitation. But for the most part, if the target user has configured a `PATH` in which the real `git.exe` can be found, then this cannot be exploited. This issue has been addressed in release version 0.10.9 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40644
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40629 - JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to remote code execution (RCE) in the Celery container. The Celery container runs as root and has database access, allowing an attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been patched in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40629
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40628 - JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible playbook to read arbitrary files in the celery container, leading to sensitive information disclosure. The Celery container runs as root and has database access, allowing the attacker to steal all secrets for hosts, create a new JumpServer account with admin privileges, or manipulate the database in other ways. This issue has been addressed in release versions 3.10.12 and 4.0.0. It is recommended to upgrade the safe versions. There is no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40628
Partager : LinkedIn / Twitter / Facebook

CVE-2023-40704 - Philips Vue PACS uses default credentials for potentially critical functionality.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-40704
Partager : LinkedIn / Twitter / Facebook

CVE-2023-40539 - Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-40539
Partager : LinkedIn / Twitter / Facebook

CVE-2023-40223 - Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-40223
Partager : LinkedIn / Twitter / Facebook

CVE-2023-40159 - A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-40159
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39911 - 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39911
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39907 - 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39907
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38302 - Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38302
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30473 - Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30473
Partager : LinkedIn / Twitter / Facebook

CVE-2023-50304 - IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-50304
Partager : LinkedIn / Twitter / Facebook

CVE-2024-34013 - Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-34013
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31143 - An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31143
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29178 - On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29178
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6504 - Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6504
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40898 - SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. 
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40898
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40725 - A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40725
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5555 - The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title' parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5555
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5554 - The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclick_event' parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5554
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3242 - The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Version 2.4.44 prevents the upload of files ending in .sh and .php. Version 2.4.45 fully patches the issue.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3242
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40764 - Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40764
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29014 - Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29014
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41011 - In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41011
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6164 - The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6164
Partager : LinkedIn / Twitter / Facebook

CVE-2023-6708 - The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-6708
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6705 - The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6705
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6599 - The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6599
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6175 - The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions in all versions up to, and including, 1.1.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete. multiple plugin options and data such as payments, pricing, booking information, business hours, calendars, profile information, and email templates.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6175
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5964 - The Zenon Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url' parameter within the theme's Button shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5964
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5726 - The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5726
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41184 - In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41184
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39682 - Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39682
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39681 - Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39681
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39680 - Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39680
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39679 - Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39679
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39678 - Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39678
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40639 - Rejected reason: This CVE is a duplicate of another CVE.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40639
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6765 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6765
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31411 - Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31411
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40617 - Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40617
Partager : LinkedIn / Twitter / Facebook

CVE-2024-36491 - FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS) condition.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-36491
Partager : LinkedIn / Twitter / Facebook

CVE-2024-36475 - FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-36475
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31979 - Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31979
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31070 - Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31070
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30471 - Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30471
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29737 - In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.4 Background info: Log in to Streampark using the default username (e.g. test1, test2, test3) and the default password (streampark). Navigate to the Project module, then add a new project. Enter the git repository address of the project and input `touch /tmp/success_2.1.2` as the "Build Argument". Note that there is no verification and interception of the special character "`". As a result, you will find that this injection command will be successfully executed after executing the build. In the latest version, the special symbol ` is intercepted.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29737
Partager : LinkedIn / Twitter / Facebook

CVE-2023-52291 - In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Background: In the "Project" module, the maven build args  “
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-52291
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6220 - The ????? (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6220
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5703 - The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access the API (provided it is enabled) and add, edit, and delete audience users.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5703
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5582 - The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5582
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39877 - Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39877
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39863 - Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39863
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6669 - The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6669
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6660 - The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6660
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6467 - The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files on the server, allowing the execution of any PHP code in those files or the exposure of sensitive information.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6467
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6033 - The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to import events, speakers, schedules and attendee data.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6033
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5255 - The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_dual_color shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5255
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5254 - The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_banner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5254
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5253 - The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ult_team shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5253
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5252 - The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_table shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5252
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5251 - The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_pricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5251
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41009 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that "owns" the record will successfully advance producer counter. In user space each time a record is read, the consumer of the data advanced the consumer counter once it finished processing. Both counters are stored in separate pages so that from user space, the producer counter is read-only and the consumer counter is read-write. One aspect that simplifies and thus speeds up the implementation of both producers and consumers is how the data area is mapped twice contiguously back-to-back in the virtual memory, allowing to not take any special measures for samples that have to wrap around at the end of the circular buffer data area, because the next page after the last data page would be first data page again, and thus the sample will still appear completely contiguous in virtual memory. Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for book-keeping the length and offset, and is inaccessible to the BPF program. Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ` for the BPF program to use. Bing-Jhong and Muhammad reported that it is however possible to make a second allocated memory chunk overlapping with the first chunk and as a result, the BPF program is now able to edit first chunk's header. For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in [0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets allocate a chunk B with size 0x3000. This will succeed because consumer_pos was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask` check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data pages. This means that chunk B at [0x4000,0x4008] is chunk A's header. bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong page and could cause a crash. Fix it by calculating the oldest pending_pos and check whether the range from the oldest outstanding record to the newest would span beyond the ring buffer size. If that is the case, then reject the request. We've tested with the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh) before/after the fix and while it seems a bit slower on some benchmarks, it is still not significantly enough to matter.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41009
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6807 - A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271706 is the identifier assigned to this vulnerability.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6807
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6803 - A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert.php. The manipulation of the argument anothercont leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271705 was assigned to this vulnerability.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6803
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6535 - A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6535
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6802 - A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271704.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6802
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6801 - A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271703.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6801
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6595 - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.
17/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6595
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6326 - An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network.
16/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6326
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6325 - The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html  and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html
16/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6325
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6089 - An input validation vulnerability exists in the Rockwell Automation 5015 - AENFTXT when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product.
16/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6089
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40626 - Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror's rendering process that leads to a Stored Cross-Site Scripting (XSS) vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other users view this document, the malicious Javascript can execute in the origin of Outline. Outline includes CSP rules to prevent third-party code execution, however in the case of self-hosting and having your file storage on the same domain as Outline a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions. This issue has been addressed in release version 0.77.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
16/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40626
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3232 - A formula injection vulnerability exists in Tenable Identity Exposure where an authenticated remote attacker with administrative privileges could manipulate application form fields in order to trick another administrator into executing CSV payloads. - CVE-2024-3232
16/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3232
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16641 - An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EG_RGOS 11.1(1)B1.
16/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2019-16641
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16640 - An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1.
16/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2019-16640
Partager : LinkedIn / Twitter / Facebook

CVE-2019-16639 - An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1.
16/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2019-16639
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2024-40492 - Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40492
Partager : LinkedIn / Twitter / Facebook

CVE-2023-43971 - Cross Site Scripting vulnerability in ACG-faka v1.1.7 allows a remote attacker to execute arbitrary code via the encode parameter in Index.php.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-43971
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40402 - A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40402
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40119 - Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote attackers to change the admin password without the user's consent, leading to a potential account takeover.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40119
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39126 - Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39126
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39125 - Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39125
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39124 - In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39124
Partager : LinkedIn / Twitter / Facebook

CVE-2024-32981 - Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-32981
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29885 - silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for that report returns `false`. This issue has been addressed in version 5.2.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29885
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40420 - A Server-Side Template Injection (SSTI) vulnerability in the edit theme function of openCart project v4.0.2.3 allows attackers to execute arbitrary code via injecting a crafted payload.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40420
Partager : LinkedIn / Twitter / Facebook

CVE-2024-28796 - IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-28796
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40641 - Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In this case, users can execute arbitrary commands. (Although, as far as I know, most web applications use -t to execute). This issue has been addressed in version 3.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40641
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40640 - vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. The use of a non-constant time base64 implementation might allow an attacker to observe timing variations in the encoding and decoding operations of the secret key material. This could potentially provide insights into the underlying secret key material. The impact of this vulnerability is considered low because exploiting the attacker is required to have access to high precision timing measurements, as well as repeated access to the base64 encoding or decoding processes. Additionally, the estimated leakage amount is bounded and low according to the referenced paper. This has been patched in commit 734b6c6948d4b2bdee3dd8b4efa591d93a61d272 which has been included in release version 0.7.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40640
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40636 - Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry, an error is logged with the Eureka server service URLs but only the first URL is masked. The code in question is `_logger.LogError(e, "FetchRegistry Failed for Eureka service urls: {EurekaServerServiceUrls}", new Uri(ClientConfig.EurekaServerServiceUrls).ToMaskedString());` in the `DiscoveryClient.cs` file which may leak credentials into logs. This issue has been addressed in version 3.2.8 of the Steeltoe.Discovery.Eureka nuget package.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40636
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40633 - Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the `/api/v2/shop/adjustments/{id}` endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve order tokens. Using these tokens, an attacker can access guest customer order details - sensitive guest customer information. The issue is fixed in versions: 1.12.19, 1.13.4 and above. The `/api/v2/shop/adjustments/{id}` will always return `404` status. Users are advised to upgrade. Users unable to upgrade may alter their config to mitigate this issue. Please see the linked GHSA for details.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40633
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38447 - NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38447
Partager : LinkedIn / Twitter / Facebook

CVE-2023-42010 - IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-42010
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38870 - Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38870
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38446 - NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38446
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20435 - A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20435
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20429 - A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To successfully exploit this vulnerability, an attacker would need at least valid Operator credentials.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20429
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20419 - A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20419
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20416 - A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20416
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20401 - A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20401
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20400 - A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20400
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20396 - A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20396
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20395 - A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20395
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20323 - A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20323
Partager : LinkedIn / Twitter / Facebook

CVE-2024-20296 - A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-20296
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6830 - A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument order_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271812.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6830
Partager : LinkedIn / Twitter / Facebook

CVE-2023-4976 - A flaw exists in Purity//FB whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-4976
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6834 - A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in there and allow an attacker to handle the whole communication including user credentials.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6834
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6833 - A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6833
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29120 - In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc.  Mitigation: all users should upgrade to 2.1.4
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29120
Partager : LinkedIn / Twitter / Facebook

CVE-2024-28993 - The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-28993
Partager : LinkedIn / Twitter / Facebook

CVE-2024-28992 - The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-28992
Partager : LinkedIn / Twitter / Facebook

CVE-2024-28074 - It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-28074
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23475 - The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23475
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23474 - The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23474
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23472 - SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23472
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23471 - The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23471
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23470 - The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23470
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23469 - SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23469
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23468 - The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23468
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23467 - The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23467
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23466 - SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23466
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23465 - The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.  
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-23465
Partager : LinkedIn / Twitter / Facebook

CVE-2023-7272 - In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-7272
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5471 - Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5471
Partager : LinkedIn / Twitter / Facebook

CVE-2024-27311 - Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.
18/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-27311
Partager : LinkedIn / Twitter / Facebook