Les dernières vulnérabilités publiées sur la National Vulnerability Database (NVD)

CVE-2024-40433 - Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40433
Partager : LinkedIn / Twitter / Facebook

CVE-2024-37034 - An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-37034
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41815 - Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41815
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41628 - Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41628
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41120 - streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 63 of `pages/9_??_Vector_Data_Visualization.py` takes user input, which is later passed to the `gpd.read_file` method. `gpd.read_file` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41120
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41119 - streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_???_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41119
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41118 - streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_??_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41118
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41117 - streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_??_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41117
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41116 - streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_??_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41116
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41115 - streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_??_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41115
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41114 - streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_??_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41114
Partager : LinkedIn / Twitter / Facebook

CVE-2024-4786 - An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-4786
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41113 - streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_??_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41113
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41112 - streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_??_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41112
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40117 - Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40117
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40116 - An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40116
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38512 - A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38512
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38511 - A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38511
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38510 - A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38510
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38509 - A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38509
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38508 - A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38508
Partager : LinkedIn / Twitter / Facebook

CVE-2024-42007 - SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-42007
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39304 - ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39304
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38872 - Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38872
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38871 - Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38871
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41813 - txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the `/proxy` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41813
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41812 - txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the `/get` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.7.0 prevents displaying the response of forged requests, but the requests can still be sent. For complete mitigation, a firewall between txtdot and other internal network resources should be set.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41812
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41375 - ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41375
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41374 - ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41374
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41373 - ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41373
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41354 - phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41354
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41353 - phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41353
Partager : LinkedIn / Twitter / Facebook

CVE-2024-27358 - An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Local users can block an admin from completing an installation, aka a Denial-of-Service (DoS).
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-27358
Partager : LinkedIn / Twitter / Facebook

CVE-2024-27357 - An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-27357
Partager : LinkedIn / Twitter / Facebook

CVE-2024-26520 - An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-26520
Partager : LinkedIn / Twitter / Facebook

CVE-2024-24257 - An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-24257
Partager : LinkedIn / Twitter / Facebook

CVE-2023-50700 - Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-50700
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7050 - Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7050
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41807 - Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-4759. Reason: This record is a reservation duplicate of CVE-2023-4759. Notes: All CVE users should reference CVE-2023-4759 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41807
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41357 - phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41357
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41356 - phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41356
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41355 - phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41355
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41805 - Tracks, a Getting Things Done (GTD) web application, is vulnerable to reflected cross-site scripting in versions prior to 2.7.1. Reflected cross-site scripting enables execution of malicious JavaScript in the context of a user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. Tracks version 2.7.1 is patched. No known complete workarounds are available.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41805
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41670 - In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disabled webhooks can be exploited to create an accepted order. This could allow a threat actor to confirm an order with a fraudulent payment support. Versions 6.4.2 and 3.18.1 contain a patch for the issue. Additionally, users enable webhooks and check they are callable.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41670
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7128 - A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7128
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6922 - Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6922
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40689 - IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40689
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41692 - This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41692
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7062 - Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client's authorization before executing an operation. Consequently, it is possible to execute system-level commands as the root user, such as changing permissions and ownership, obtaining a handle (file descriptor) of an arbitrary file, and terminating processes, among other operations.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7062
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41691 - This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext FTP credentials from the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the FTP server associated with the targeted system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41691
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41690 - This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext default credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41690
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41689 - This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to unencrypted storing of WPA/ WPS credentials within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext WPA/ WPS credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to bypass WPA/ WPS and gain access to the Wi-Fi network of the targeted system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41689
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41688 - This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext credentials on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41688
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41687 - This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41687
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41686 - This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. A local attacker could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41686
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41685 - This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing HTTPOnly flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and obtain sensitive information on the targeted system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41685
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41684 - This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to capture cookies and compromise the targeted system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41684
Partager : LinkedIn / Twitter / Facebook

CVE-2024-35296 - Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-35296
Partager : LinkedIn / Twitter / Facebook

CVE-2024-35161 - Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-35161
Partager : LinkedIn / Twitter / Facebook

CVE-2023-38522 - Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-38522
Partager : LinkedIn / Twitter / Facebook

CVE-2024-25090 - Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-25090
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6490 - During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6490
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40897 - Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40897
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7120 - A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7120
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7119 - A vulnerability, which was classified as critical, has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this issue is some unknown functionality of the file /employee_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272450 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7119
Partager : LinkedIn / Twitter / Facebook

CVE-2023-49921 - An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input's logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-49921
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7118 - A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this vulnerability is an unknown functionality of the file /department_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier VDB-272449 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7118
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7117 - A vulnerability classified as critical has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected is an unknown function of the file /shift_viewmore.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-272448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7117
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7116 - A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been rated as critical. This issue affects some unknown processing of the file /branch_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7116
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7115 - A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been declared as critical. This vulnerability affects unknown code of the file /designation_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7115
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7114 - A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7114
Partager : LinkedIn / Twitter / Facebook

CVE-2024-4447 - In the System ? Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. While this is information that would and should be available to admins who possess "Sign In As" powers, admins who otherwise lack this privilege would still be able to utilize the session IDs to imitate other users. While this is a very small attack vector that requires very high permissions to execute, its danger lies principally in obfuscating attribution; all Sign In As operations are attributed appropriately in the log files, and a malicious administrator could use this information to render their dealings untraceable — including those admins who have not been granted this ability — such as by using a session ID to generate an API token. Fixed in: 24.07.12 / 23.01.20 LTS / 23.10.24v13 LTS / 24.04.24v5 LTS
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-4447
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6589 - The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
25/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6589
Partager : LinkedIn / Twitter / Facebook

CVE-2024-37084 - In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server
25/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-37084
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41707 - An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
25/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41707
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41706 - A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P4 (6.14.0.4) is also a fixed release.
25/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41706
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41705 - A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14.P4 (6.14.0.4) and 6.13 P4 (6.13.0.4) are also fixed releases. This vulnerability is similar to, but not identical to, CVE-2023-30639.
25/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41705
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6972 - In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text.
25/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6972
Partager : LinkedIn / Twitter / Facebook

CVE-2024-4811 - In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts.
25/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-4811
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7057 - An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level.
25/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7057
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7047 - A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary scripts under the context of the current logged in user.
25/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7047
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7066 - A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272347.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7066
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6896 - The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6896
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7065 - A vulnerability was found in Spina CMS up to 2.18.0. It has been classified as problematic. Affected is an unknown function of the file /admin/pages/. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272346 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7065
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6930 - The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6930
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6874 - libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the *macidn* IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string. This flaw can lead to stack contents accidently getting returned as part of the converted string.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6874
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6197 - libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6197
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3454 - An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3454
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3297 - An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3297
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39676 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). This issue was addressed by the Role-based Access Control https://docs.pinot.apache.org/operators/tutorials/authentication/basic-auth-access-control , so that /appConfigs` and all other APIs can be access controlled. Only authorized users have access to it. Note the user needs to add the admin role accordingly to the RBAC guide to control access to this endpoint, and in the future version of Pinot, a default admin role is planned to be added.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39676
Partager : LinkedIn / Twitter / Facebook

CVE-2023-48362 - XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-48362
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32471 - Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-32471
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6629 - The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6629
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6571 - The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. This is due the plugin utilizing cocur and not preventing direct access to the generate-default.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6571
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6553 - The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6553
Partager : LinkedIn / Twitter / Facebook

CVE-2023-32466 - Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-32466
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6836 - The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to update multiple settings, including templates, designs, checkouts, and other plugin settings.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6836
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6094 - The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6094
Partager : LinkedIn / Twitter / Facebook

CVE-2024-5861 - The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5861
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3246 - The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
24/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3246
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2024-41473 - Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41473
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41468 - Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41468
Partager : LinkedIn / Twitter / Facebook

CVE-2024-3938 - The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a http://localhost:8082/dotAdmin/#/public/login?resetEmailSent=true&resetEmail=%3Ch1%3E%3Ca%20href%3D%22https:%2F%2Fgoogle.com%22%3ECLICK%20ME%3C%2Fa%3E%3C%2Fh1%3E This will result in a view along these lines: * OWASP Top 10 - A03: Injection * CVSS Score: 5.4 * AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator * https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N&... https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-3938
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38103 - Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38103
Partager : LinkedIn / Twitter / Facebook

CVE-2024-24623 - Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-24623
Partager : LinkedIn / Twitter / Facebook

CVE-2024-24622 - Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-24622
Partager : LinkedIn / Twitter / Facebook

CVE-2024-24621 - Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-24621
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7106 - A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272431. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7106
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7105 - A vulnerability classified as critical has been found in ForIP Tecnologia Administração PABX 1.x. Affected is an unknown function of the file /detalheIdUra of the component Lista Ura Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272430 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7105
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41809 - OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41809
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6558 - HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-6558
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41808 - The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. It has been noted that the front-end uses `DOMPurify` or Vue templating to escape cross-site scripting (XSS) extensively, however certain areas of the front end lack this XSS protection. When combining the missing protection with the insecure authentication handling that the front-end uses, a malicious user may be able to take over any victim's account provided they meet the exploitation steps. As of time of publication, no patched version is available.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41808
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40324 - A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40324
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38289 - A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38289
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38288 - A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38288
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38287 - The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-38287
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29069 - In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29069
Partager : LinkedIn / Twitter / Facebook

CVE-2024-29068 - In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-29068
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40318 - An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40318
Partager : LinkedIn / Twitter / Facebook

CVE-2024-1724 - In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-1724
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40873 - There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Attackers with system administrator permissions can interfere with another system administrator's use of the publishing UI when the administrators are editing the same management object. The scope is unchanged, there is no loss of confidentiality. Impact to system availability is none, impact to system integrity is high.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40873
Partager : LinkedIn / Twitter / Facebook

CVE-2024-28772 - IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-28772
Partager : LinkedIn / Twitter / Facebook

CVE-2022-32759 - IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2022-32759
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7007 - Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7007
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41801 - OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProject user's account. This vulnerability affects default packaged installation of OpenProject without any additional configuration or modules on Apache (such as mod_security, manually setting a host name, having a fallthrough VirtualHost). It might also affect other installations that did not take care to fix the HOST/X-Forwarded-Host headers. Version 14.3.0 includes stronger protections for the hostname from within the application using the HostAuthorization middleware of Rails to reject any requests with a host name that does not match the configured one. Also, all generated links by the application are now ensured to use the built-in hostname. Users who aren't able to upgrade immediately may use mod_security for Apache2 or manually fix the Host and X-Forwarded-Host headers in their proxying application before reaching the application server of OpenProject. Alternatively, they can manually apply the patch to opt-in to host header protections in previous versions of OpenProject.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41801
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41800 - Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41800
Partager : LinkedIn / Twitter / Facebook

CVE-2024-40872 - There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component. This could be used to manipulate process tokens to elevate the privilege of a normal process to System. The scope is changed, the impact to system confidentiality and integrity is high, the impact to the availability of the effected component is none.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-40872
Partager : LinkedIn / Twitter / Facebook

CVE-2024-36542 - Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-36542
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7101 - A vulnerability, which was classified as critical, has been found in ForIP Tecnologia Administração PABX 1.x. This issue affects some unknown processing of the file /login of the component Authentication Form. The manipulation of the argument usuario leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7101
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41806 - The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available when the uploader uses versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper. The patch in commit cb729a3ced0404736dfa0ae768526c82b608657b ensures that cohorts data uploaded to AWS S3 buckets is written with a private ACL. Beyond patching, deployers should also ensure that existing cohorts uploads have a private ACL, or that other precautions are taken to avoid public access.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41806
Partager : LinkedIn / Twitter / Facebook

CVE-2024-36111 - KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is detected to be empty in the configuration file reading logic, the key is empty during actual verification. Using an empty key to generate a JWT token can bypass the login verification and directly take over the back end. Version 1.8.0 contains a patch for this issue.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-36111
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39674 - Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39674
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39673 - Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39673
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39672 - Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39672
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39671 - Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39671
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39670 - Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39670
Partager : LinkedIn / Twitter / Facebook

CVE-2023-7271 - Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2023-7271
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7081 - A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file expcatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272366 is the identifier assigned to this vulnerability.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7081
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41466 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41466
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41465 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41465
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41464 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41464
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41463 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41463
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41462 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41462
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41461 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41461
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41460 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41460
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41459 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41459
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41136 - An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41136
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7080 - A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7080
Partager : LinkedIn / Twitter / Facebook

CVE-2024-41551 - CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41551
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7079 - A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.
26/07/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7079
Partager : LinkedIn / Twitter / Facebook