‼️CVE-2024-21623‼️
📖 Read more
Via "National Vulnerability Database"
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the mehahotclient "Analysis SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-21627‼️
📖 Read more
Via "National Vulnerability Database"
PrestaShop is an opensource ecommerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to crosssite scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the HTMLPurifier library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of HTML type will call isCleanHTML.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2020-26623‼️
📖 Read more
Via "National Vulnerability Database"
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the AdministrationWidget tab after the login portal.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2020-26624‼️
📖 Read more
Via "National Vulnerability Database"
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2020-26625‼️
📖 Read more
Via "National Vulnerability Database"
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'userid' parameter after the login portal.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-4164‼️
📖 Read more
Via "National Vulnerability Database"
There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50019‼️
📖 Read more
Via "National Vulnerability Database"
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of NudmUECMRegistration response.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50020‼️
📖 Read more
Via "National Vulnerability Database"
An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6339‼️
📖 Read more
Via "National Vulnerability Database"
Google Nest WiFi Pro root codeexecution userdata compromise📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0196‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability has been found in MagicApi up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file resourcefileapisave?auto1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249511.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-21628‼️
📖 Read more
Via "National Vulnerability Database"
PrestaShop is an opensource ecommerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a crosssite scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the crosssite scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-21629‼️
📖 Read more
Via "National Vulnerability Database"
Rust EVM is an Ethereum Virtual Machine interpreter. In rustevm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or CREATE2, in the case that the substack execution happens successfully, rustevm will first commit the substate, and then call recordexternaloperationWriteoutcode.len. If recordexternaloperation later fails, this error is returned to the parent call stack, instead of Succeeded. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address which usually indicates that the execution has failed. This issue only impacts library users with custom recordexternaloperation that returns errors. The issue is patched in release 0.41.1. No known workarounds are available.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-21632‼️
📖 Read more
Via "National Vulnerability Database"
omniauthmicrosoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it givedocument an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-48418‼️
📖 Read more
Via "National Vulnerability Database"
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49549‼️
📖 Read more
Via "National Vulnerability Database"
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsgetretvalpos function in the msj.c file.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49550‼️
📖 Read more
Via "National Vulnerability Database"
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs0x4ec508 component.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49551‼️
📖 Read more
Via "National Vulnerability Database"
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonparse function in the msj.c file.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49552‼️
📖 Read more
Via "National Vulnerability Database"
An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonstringify function in the msj.c file.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49553‼️
📖 Read more
Via "National Vulnerability Database"
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsdestroy function in the msj.c file.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49554‼️
📖 Read more
Via "National Vulnerability Database"
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the dodirective function in the modulespreprocsnasmnasmpp.c component.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49555‼️
📖 Read more
Via "National Vulnerability Database"
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expandsmacro function in the modulespreprocsnasmnasmpp.c component.📖 Read more
Via "National Vulnerability Database"