CVE-2024-3027 - The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks.
13/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3027
Partager : LinkedIn / Twitter / Facebook

CVE-2024-1957 - The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
13/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-1957
Partager : LinkedIn / Twitter / Facebook

CVE-2024-32028 - OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-32028
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31462 - stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31462
Partager : LinkedIn / Twitter / Facebook

CVE-2024-28869 - Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-28869
Partager : LinkedIn / Twitter / Facebook

CVE-2024-32019 - Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-32019
Partager : LinkedIn / Twitter / Facebook

CVE-2024-32005 - NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-32005
Partager : LinkedIn / Twitter / Facebook

CVE-2024-32003 - wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without having to go through authentication. This route is `[[URL]]/_dusk/login/[[USER ID]]/[[MANAGER]]` - where `[[URL]]` is the base URL of the site, `[[USER ID]]` is the ID of the user account and `[[MANAGER]]` is the authentication manager (either `backend` for Backend, or `user` for the User plugin). If a configuration of a site using the Dusk plugin is set up in such a way that the Dusk plugin is available publicly and the test cases in Dusk are run with live data, this route may potentially be used to gain access to any user account in either the Backend or User plugin without authentication. As indicated in the `README`, this plugin should only be used in development and should *NOT* be used in a production instance. It is specifically recommended that the plugin be installed as a development dependency only in Composer. In order to remediate this issue, the special routes used above will now no longer be registered unless the `APP_ENV` environment variable is specifically set to `dusk`. Since Winter by default does not use this environment variable and it is not populated by default, it will only exist if Dusk's automatic configuration is used (which won't exhibit this vulnerability) or if a developer manually specifies it in their configuration. The automatic configuration performed by the Dusk plugin has also been hardened by default to use sane defaults and not allow external environment variables to leak into this configuration. This will only affect users in which the Winter CMS installation meets ALL the following criteria: 1. The Dusk plugin is installed in the Winter CMS instance. 2. The application is in production mode (ie. the `debug` config value is set to `true` in `config/app.php`). 3. The Dusk plugin's automatic configuration has been overridden, either by providing a custom `.env.dusk` file or by providing custom configuration in the `config/dusk` folder, or by providing configuration environment variables externally. 4. The environment has been configured to use production data in the database for testing, and not the temporary SQLite database that Dusk uses by default. 5. The application is connectable via the web. This issue has been fixed in version 2.1.0. Users are advised to upgrade.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-32003
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29023 - Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be granted access to the session page, or be a super admin. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this vulnerability.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29023
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29022 - Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into the session page to exfiltrate session IDs and User Agents. These session IDs / User Agents can subsequently be used to hijack active sessions. A malicious script can be injected into the display grid to exfiltrate information related to displays. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Upgrading to a fixed version is necessary to remediate. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this issue.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29022
Partager : LinkedIn / Twitter / Facebook

CVE-2024-32000 - matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a precondition to the attack, the malicious user needs to know the event ID of the message they want to leak, as well as to be joined to both the Matrix room and the IRC channel it is bridged to. The message reply containing the leaked message content is visible to IRC channel members when this happens. matrix-appservice-irc 2.0.0 checks whether the user has permission to view an event before constructing a reply. Administrators should upgrade to this version. It's possible to limit the amount of information leaked by setting a reply template that doesn't contain the original message. See these lines `601-604` in the configuration file linked.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-32000
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3698 - A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3698
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3697 - A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3697
Partager : LinkedIn / Twitter / Facebook

CVE-2024-22359 - IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-22359
Partager : LinkedIn / Twitter / Facebook

CVE-2024-22358 - IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-22358
Partager : LinkedIn / Twitter / Facebook

CVE-2024-22339 - IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-22339
Partager : LinkedIn / Twitter / Facebook

CVE-2024-22334 - IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-22334
Partager : LinkedIn / Twitter / Facebook

CVE-2024-0157 - Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-0157
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3696 - A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3696
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3695 - A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3695
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3691 - A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3691
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31069 - IO-1020 Micro ELD web server uses a default password for authentication.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31069
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30403 - A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition. This issue affects Juniper Networks Junos OS Evolved: 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30403
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30402 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition. This issue affects: Junos OS: All versions earlier than 20.4R3-S10; 21.2 versions earlier than 21.2R3-S7; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S1; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2. Junos OS Evolved: All versions earlier than 21.4R3-S5-EVO; 22.1-EVO versions earlier than 22.1R3-S4-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S1-EVO; 22.4-EVO versions earlier than 22.4R3-EVO; 23.2-EVO versions earlier than 23.2R2-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30402
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30401 - An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2;  This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30401
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30398 - An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS:   21.2 before 21.2R3-S7, 21.4 before 21.4R3-S6,  22.1 before 22.1R3-S5, 22.2 before 22.2R3-S3, 22.3 before 22.3R3-S2, 22.4 before 22.4R3, 23.2 before 23.2R1-S2, 23.2R2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30398
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30397 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail. This CPU utilization of pkid can be checked using this command:   root@srx> show system processes extensive | match pkid   xxxxx root 103 0 846M 136M CPU1 1 569:00 100.00% pkid This issue affects: Juniper Networks Junos OS All versions prior to 20.4R3-S10; 21.2 versions prior to 21.2R3-S7; 21.4 versions prior to 21.4R3-S5; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S3; 22.3 versions prior to 22.3R3-S1; 22.4 versions prior to 22.4R3; 23.2 versions prior to 23.2R1-S2, 23.2R2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30397
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30392 - A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30392
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30391 - A Missing Authentication for Critical Function vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated network-based attacker to cause limited impact to the integrity or availability of the device. If a device is configured with IPsec authentication algorithm hmac-sha-384 or hmac-sha-512, tunnels are established normally but for traffic traversing the tunnel no authentication information is sent with the encrypted data on egress, and no authentication information is expected on ingress. So if the peer is an unaffected device transit traffic is going to fail in both directions. If the peer is an also affected device transit traffic works, but without authentication, and configuration and CLI operational commands indicate authentication is performed. This issue affects Junos OS: All versions before 20.4R3-S7, 21.1 versions before 21.1R3,  21.2 versions before 21.2R2-S1, 21.2R3,  21.3 versions before 21.3R1-S2, 21.3R2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30391
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30390 - An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane. When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn't consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded. This issue affects Junos OS Evolved: All versions before 21.4R3-S4-EVO, 22.1-EVO versions before 22.1R3-S3-EVO, 22.2-EVO versions before 22.2R3-S2-EVO,  22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30390
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30389 - An Incorrect Behavior Order vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows an unauthenticated, network-based attacker to cause an integrity impact to networks downstream of the vulnerable device. When an output firewall filter is applied to an interface it doesn't recognize matching packets but permits any traffic. This issue affects Junos OS 21.4 releases from 21.4R1 earlier than 21.4R3-S6. This issue does not affect Junos OS releases earlier than 21.4R1.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30389
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30388 - An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss. This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series: * 20.4 versions from 20.4R3-S4 before 20.4R3-S8, * 21.2 versions from 21.2R3-S2 before 21.2R3-S6, * 21.4 versions from 21.4R2 before 21.4R3-S4, * 22.1 versions from 22.1R2 before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2-S1, 22.4R3.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30388
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30387 - A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: All versions before 20.4R3-S9, 21.2 versions before 21.2R3-S5,  21.3 versions before 21.3R3-S5,  21.4 versions before 21.4R3-S4, 22.1 versions before 22.1R3-S2, 22.2 versions before 22.2R3-S2, 22.3 versions before 22.3R2-S2, 22.3R3, 22.4 versions before 22.4R2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30387
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30386 - A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS:  * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved:  * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO,  * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30386
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30384 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers.  This issue affects Junos OS:  All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30384
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30382 - An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below). This issue affects: Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2; Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30382
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30210 - IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30210
Partager : LinkedIn / Twitter / Facebook

CVE-2024-28878 - IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-28878
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3690 - A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3690
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3689 - A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3689
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31391 - Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the "solr" and "admin" accounts for use by end-users, and a "k8s-oper" account which the operator uses for its own requests to Solr. One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr's health and ability to receive traffic. By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well. Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes "event" containing the username and password of the "k8s-oper" account. Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`. Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests.  Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31391
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30410 - An Incorrect Behavior Order in the routing engine (RE) of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback (lo0) interface. The intended function is that the lo0 firewall filter takes precedence over the revenue interface firewall filter.  This issue affects only IPv6 firewall filter. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability.  This issue affects Juniper Networks Junos OS: * All versions before 20.4R3-S10, * from 21.2 before 21.2R3-S7, * from 21.4 before 21.4R3-S6. 
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30410
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30409 - An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.  This issue affects Juniper Networks Junos OS: * from 22.1 before 22.1R1-S2, 22.1R2. Junos OS Evolved:  * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30409
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30407 - The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform Person-in-the-Middle (PitM) attacks which results in complete compromise of the container. Due to hardcoded SSH host keys being present on the container, a PitM attacker can intercept SSH traffic without being detected.  This issue affects Juniper Networks JCNR: * All versions before 23.4. This issue affects Juniper Networks cRPD: * All versions before 23.4R1.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30407
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30406 - A Cleartext Storage in a File on Disk vulnerability in Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on network devices allows a local, authenticated attacker with high privileges to read all other users login credentials. This issue affects only Juniper Networks Junos OS Evolved ACX Series devices using the Paragon Active Assurance Test Agent software installed on these devices from 23.1R1-EVO through 23.2R2-EVO.  This issue does not affect releases before 23.1R1-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30406
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30405 - An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. 
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30405
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30395 - An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects: Junos OS: * all versions before 21.2R3-S7,  * from 21.3 before 21.3R3-S5,  * from 21.4 before 21.4R3-S5,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R1-S2, 23.2R2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO,  * from 21.3-EVO before 21.3R3-S5-EVO,  * from 21.4-EVO before 21.4R3-S5-EVO,  * from 22.2-EVO before 22.2R3-S3-EVO,  * from 22.3-EVO before 22.3R3-S2-EVO,  * from 22.4-EVO before 22.4R3-EVO,  * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. This is a related but separate issue than the one described in JSA75739
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30395
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30394 - A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * all versions before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S2-EVO, * from 22.3-EVO before 22.3R3-S1-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30394
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30381 - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The "netrounds-probe-login" daemon (also called probe_serviced) exposes functions where the Test Agent (TA) Appliance pushes interface state/config, unregister itself, etc. The remote service accidentally exposes an internal database object that can be used for direct database access on the Paragon Active Assurance Control Center. This issue affects Paragon Active Assurance: 4.1.0, 4.2.0.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30381
Partager : LinkedIn / Twitter / Facebook

CVE-2024-21618 - An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4,  * from 22.1 before 22.1R3-S4,  * from 22.2 before 22.2R3-S2,  * from 22.3 before 22.3R2-S2, 22.3R3-S1,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO,  * from 22.1-EVO before 22.1R3-S4-EVO,  * from 22.2-EVO before 22.2R3-S2-EVO,  * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,  * from 22.4-EVO before 22.4R3-EVO,  * from 23.2-EVO before 23.2R2-EVO. This issue does not affect: * Junos OS versions prior to 21.4R1; * Junos OS Evolved versions prior to 21.4R1-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-21618
Partager : LinkedIn / Twitter / Facebook

CVE-2024-21615 - An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system. On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system. This issue affects: Junos OS: * all versions before 21.2R3-S7,  * from 21.4 before 21.4R3-S5,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R1-S2. Junos OS Evolved:  * all versions before 21.2R3-S7-EVO,  * from 21.3 before 21.3R3-S5-EVO,  * from 21.4 before 21.4R3-S5-EVO,  * from 22.1 before 22.1R3-S5-EVO,  * from 22.2 before 22.2R3-S3-EVO,  * from 22.3 before 22.3R3-S2-EVO, * from 22.4 before 22.4R3-EVO,  * from 23.2 before 23.2R1-S2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-21615
Partager : LinkedIn / Twitter / Facebook

CVE-2024-21610 - An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc. Stuck mgd processes can be monitored by executing the following command:   user@host> show system processes extensive | match mgd | match sbwait This issue affects Juniper Networks Junos OS on MX Series: All versions earlier than 20.4R3-S9; 21.2 versions earlier than 21.2R3-S7; 21.3 versions earlier than 21.3R3-S5; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S2; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-21610
Partager : LinkedIn / Twitter / Facebook

CVE-2024-21609 - A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent attacker which is able to successfully establish IPsec tunnels to cause a Denial of Service (DoS). If specific values for the IPsec parameters local-ip, remote-ip, remote ike-id, and traffic selectors are sent from the peer, a memory leak occurs during every IPsec SA rekey which is carried out with a specific message sequence. This will eventually result in an iked process crash and restart. The iked process memory consumption can be checked using the below command:   user@host> show system processes extensive | grep iked           PID USERNAME   PRI NICE   SIZE   RES   STATE   C TIME WCPU COMMAND           56903 root       31   0     4016M 2543M CPU0   0 2:10 10.50% iked This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-21609
Partager : LinkedIn / Twitter / Facebook

CVE-2024-21605 - An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Specific valid link-local traffic is not blocked on ports in STP blocked state but is instead sent to the control plane of the device. This leads to excessive resource consumption and in turn severe impact on all control and management protocols of the device. This issue affects Juniper Networks Junos OS: * 21.2 version 21.2R3-S3 and later versions earlier than 21.2R3-S6; * 22.1 version 22.1R3 and later versions earlier than 22.1R3-S4; * 22.2 version 22.2R2 and later versions earlier than 22.2R3-S2; * 22.3 version 22.3R2 and later versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. This issue does not affect Juniper Networks Junos OS 21.4R1 and later versions of 21.4.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-21605
Partager : LinkedIn / Twitter / Facebook

CVE-2024-21598 - An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-21598
Partager : LinkedIn / Twitter / Facebook

CVE-2024-21593 - An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-21593
Partager : LinkedIn / Twitter / Facebook

CVE-2024-21590 - An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).  When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-21590
Partager : LinkedIn / Twitter / Facebook

CVE-2023-52211 - Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-52211
Partager : LinkedIn / Twitter / Facebook

CVE-2023-51515 - Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-51515
Partager : LinkedIn / Twitter / Facebook

CVE-2023-51499 - Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-51499
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3707 - Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3707
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3706 - Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3706
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3705 - Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3705
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3704 - SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3704
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3688 - A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3688
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3687 - A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3687
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3686 - A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3686
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31839 - Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31839
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30845 - Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30845
Partager : LinkedIn / Twitter / Facebook

CVE-2024-2397 - Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-2397
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29461 - An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29461
Partager : LinkedIn / Twitter / Facebook

CVE-2023-51409 - Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-51409
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3685 - A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Affected is an unknown function of the file stepselect_main.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260472. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3685
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31818 - Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31818
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31364 - Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31364
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31363 - Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31363
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31362 - Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31362
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31360 - Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31360
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31354 - Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31354
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31305 - Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31305
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31303 - Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31303
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31301 - Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31301
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31293 - Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31293
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31289 - Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31289
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31279 - Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31279
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31272 - Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31272
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31271 - Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31271
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31269 - Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31269
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31268 - Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31268
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31265 - Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31265
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31264 - Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31264
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31263 - Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31263
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31262 - Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31262
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31251 - Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31251
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31250 - Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31250
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31239 - Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31239
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31238 - Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31238
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31235 - Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31235
Partager : LinkedIn / Twitter / Facebook

CVE-2024-28718 - An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-28718
Partager : LinkedIn / Twitter / Facebook

CVE-2024-27261 - IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-27261
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2024-3400 - A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
13/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3400
Partager : LinkedIn / Twitter / Facebook

CVE-2024-26811 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload.
13/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-26811
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48865 - An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-48865
Partager : LinkedIn / Twitter / Facebook

CVE-2024-28458 - Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-28458
Partager : LinkedIn / Twitter / Facebook

CVE-2024-27592 - Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-27592
Partager : LinkedIn / Twitter / Facebook

CVE-2024-25852 - Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-25852
Partager : LinkedIn / Twitter / Facebook

CVE-2024-25376 - An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-25376
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29454 - An issue discovered in packages or nodes in ROS2 Humble Hawksbill with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary commands potentially leading to unauthorized system control, data breaches, system and network compromise, and operational disruption.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29454
Partager : LinkedIn / Twitter / Facebook

CVE-2024-22722 - Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-22722
Partager : LinkedIn / Twitter / Facebook

CVE-2024-22721 - Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-22721
Partager : LinkedIn / Twitter / Facebook

CVE-2024-22719 - SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-22719
Partager : LinkedIn / Twitter / Facebook

CVE-2024-22718 - Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-22718
Partager : LinkedIn / Twitter / Facebook

CVE-2024-22717 - Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-22717
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5394 - Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-5394
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5393 - Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-5393
Partager : LinkedIn / Twitter / Facebook

CVE-2023-5392 - C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-5392
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30273 - Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30273
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30272 - Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30272
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30271 - Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30271
Partager : LinkedIn / Twitter / Facebook

CVE-2023-50949 - IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-50949
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31678 - Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31678
Partager : LinkedIn / Twitter / Facebook

CVE-2024-0881 - The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-0881
Partager : LinkedIn / Twitter / Facebook

CVE-2024-32105 - Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-32105
Partager : LinkedIn / Twitter / Facebook

CVE-2023-29483 - eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-29483
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31309 - HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31309
Partager : LinkedIn / Twitter / Facebook

CVE-2024-24576 - Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected. The `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument. On Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted. One exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution. Due to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process. The fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.
12/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-24576
Partager : LinkedIn / Twitter / Facebook

CVE-2024-32001 - SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for either `folder` or `folder#parent`. This bug only manifests if the same subject type is used multiple types in a relation, relationships exist for both subject types and an arrow is used over the relation. Any user making a negative authorization decision based on the results of a LookupSubjects request with version before v1.30.1 is affected. Version 1.30.1 contains a patch for the issue. As a workaround, avoid using LookupSubjects for negative authorization decisions and/or avoid using the broken schema.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-32001
Partager : LinkedIn / Twitter / Facebook

CVE-2024-30728 - An issue was discovered in the default configurations of ROS (Robot Operating System) Kinetic Kame ROS_VERSION 1 and ROS_ PYTHON_VERSION 3, allows unauthenticated attackers to gain access using default credentials.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-30728
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29903 - Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates slices based on the number of signatures, manifests or attestations in untrusted artifacts. As such, the untrusted artifact can control the amount of memory that Cosign allocates. The exact issue is Cosign allocates excessive memory on the lines that creates a slice of the same length as the manifests. Version 2.2.4 contains a patch for the vulnerability.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29903
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29902 - Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29902
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29445 - An issue was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3 where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29445
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29443 - A shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29443
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29439 - An unauthorized node injection vulnerability has been identified in ROS2 Humble Hawksbill in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to escalate privileges and inject malicious ROS2 nodes into the system.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29439
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31999 - @festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. Thus theoretically the web instance is still accessing the data from a server-side session, but technically that session is generated solely from a user provided cookie (which is assumed to be non-craftable because it is encrypted with a secret key not known to the user). The issue exists in the session removal process. In the delete function of the code, when the session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could keep using it forever. Version 7.3.0 contains a patch for the issue. As a workaround, one may include a "last update" field in the session, and treat "old sessions" as expired.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31999
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31997 - XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31997
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31995 - `@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31995
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29504 - Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29504
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31996 - XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9 RC1. Apart from upgrading, there is no generic workaround. However, replacing `$escapetool.html` by `$escapetool.xml` in XWiki documents fixes the vulnerability. In a standard XWiki installation, the maintainers are only aware of the document `Panels.PanelLayoutUpdate` that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31996
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31988 - XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update `RTFrontend.ConvertHTML` manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31988
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31987 - XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31987
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31986 - XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31986
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31985 - XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31985
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29460 - An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29460
Partager : LinkedIn / Twitter / Facebook

CVE-2024-26362 - HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-26362
Partager : LinkedIn / Twitter / Facebook

CVE-2024-1481 - A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-1481
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31984 - XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31984
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31983 - XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31983
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31982 - XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31982
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31981 - XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31981
Partager : LinkedIn / Twitter / Facebook

CVE-2024-31939 - Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.
11/04/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-31939
Partager : LinkedIn / Twitter / Facebook