๐จ CVE-2024-3231
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
๐@cveNotify
The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
๐@cveNotify
WPScan
Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS
See details on Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS CVE 2024-3231. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2021-47406
In the Linux kernel, the following vulnerability has been resolved:
ext4: add error checking to ext4_ext_replay_set_iblocks()
If the call to ext4_map_blocks() fails due to an corrupted file
system, ext4_ext_replay_set_iblocks() can get stuck in an infinite
loop. This could be reproduced by running generic/526 with a file
system that has inline_data and fast_commit enabled. The system will
repeatedly log to the console:
EXT4-fs warning (device dm-3): ext4_block_to_path:105: block 1074800922 > max in inode 131076
and the stack that it gets stuck in is:
ext4_block_to_path+0xe3/0x130
ext4_ind_map_blocks+0x93/0x690
ext4_map_blocks+0x100/0x660
skip_hole+0x47/0x70
ext4_ext_replay_set_iblocks+0x223/0x440
ext4_fc_replay_inode+0x29e/0x3b0
ext4_fc_replay+0x278/0x550
do_one_pass+0x646/0xc10
jbd2_journal_recover+0x14a/0x270
jbd2_journal_load+0xc4/0x150
ext4_load_journal+0x1f3/0x490
ext4_fill_super+0x22d4/0x2c00
With this patch, generic/526 still fails, but system is no longer
locking up in a tight loop. It's likely the root casue is that
fast_commit replay is corrupting file systems with inline_data, and we
probably need to add better error handling in the fast commit replay
code path beyond what is done here, which essentially just breaks the
infinite loop without reporting the to the higher levels of the code.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ext4: add error checking to ext4_ext_replay_set_iblocks()
If the call to ext4_map_blocks() fails due to an corrupted file
system, ext4_ext_replay_set_iblocks() can get stuck in an infinite
loop. This could be reproduced by running generic/526 with a file
system that has inline_data and fast_commit enabled. The system will
repeatedly log to the console:
EXT4-fs warning (device dm-3): ext4_block_to_path:105: block 1074800922 > max in inode 131076
and the stack that it gets stuck in is:
ext4_block_to_path+0xe3/0x130
ext4_ind_map_blocks+0x93/0x690
ext4_map_blocks+0x100/0x660
skip_hole+0x47/0x70
ext4_ext_replay_set_iblocks+0x223/0x440
ext4_fc_replay_inode+0x29e/0x3b0
ext4_fc_replay+0x278/0x550
do_one_pass+0x646/0xc10
jbd2_journal_recover+0x14a/0x270
jbd2_journal_load+0xc4/0x150
ext4_load_journal+0x1f3/0x490
ext4_fill_super+0x22d4/0x2c00
With this patch, generic/526 still fails, but system is no longer
locking up in a tight loop. It's likely the root casue is that
fast_commit replay is corrupting file systems with inline_data, and we
probably need to add better error handling in the fast commit replay
code path beyond what is done here, which essentially just breaks the
infinite loop without reporting the to the higher levels of the code.
๐@cveNotify
๐จ CVE-2024-28061
An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file.
๐@cveNotify
An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file.
๐@cveNotify
Excellium Services
CVE-2024-28061 - Excellium Services
A new vulnerability has been found and released. Find out more about the CVE-2024-28061 concerning Apiris Kafeo
๐จ CVE-2024-26330
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it.
๐@cveNotify
An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by dumping the process memory and parsing it.
๐@cveNotify
๐จ CVE-2024-34121
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
๐@cveNotify
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB24-66
๐จ CVE-2024-49972
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Deallocate DML memory if allocation fails
[Why]
When DC state create DML memory allocation fails, memory is not
deallocated subsequently, resulting in uninitialized structure
that is not NULL.
[How]
Deallocate memory if DML memory allocation fails.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Deallocate DML memory if allocation fails
[Why]
When DC state create DML memory allocation fails, memory is not
deallocated subsequently, resulting in uninitialized structure
that is not NULL.
[How]
Deallocate memory if DML memory allocation fails.
๐@cveNotify
๐จ CVE-2024-20300
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
๐@cveNotify
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information.
๐@cveNotify
๐จ CVE-2024-47121
The goTenna Pro App uses a weak password for sharing encryption keys via
the key broadcast method. If the broadcasted encryption key is captured
over RF, and password is cracked via brute force attack, it is possible
to decrypt it and use it to decrypt all future and past messages sent
via encrypted broadcast with that particular key. This only applies when
the key is broadcasted over RF. This is an optional feature, so it is
recommended to use local QR encryption key sharing for additional
security on this and previous versions.
๐@cveNotify
The goTenna Pro App uses a weak password for sharing encryption keys via
the key broadcast method. If the broadcasted encryption key is captured
over RF, and password is cracked via brute force attack, it is possible
to decrypt it and use it to decrypt all future and past messages sent
via encrypted broadcast with that particular key. This only applies when
the key is broadcasted over RF. This is an optional feature, so it is
recommended to use local QR encryption key sharing for additional
security on this and previous versions.
๐@cveNotify
๐จ CVE-2024-6673
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.
๐@cveNotify
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.
๐@cveNotify
GitHub
upgraded ui ยท ParisNeo/lollms-webui@c1bb1ad
Lord of Large Language Models Web User Interface. Contribute to ParisNeo/lollms-webui development by creating an account on GitHub.
๐จ CVE-2024-10509
A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
Codezips Online Institute Management System In PHP MYSQL Secure Login Algorithm V1.0 login.php SQL injection ยท Issue #27 ยท pppโฆ
Codezips Online Institute Management System In PHP MYSQL Secure Login Algorithm V1.0 login.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Institute Management System In PHP MYSQL Secure Login...
๐จ CVE-2024-10556
A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
Codezips Pet Shop Management System In PHP With Source Code V1.0 birdsadd.php SQL injection ยท Issue #28 ยท ppp-src/CVE
Codezips Pet Shop Management System In PHP With Source Code V1.0 birdsadd.php SQL injection NAME OF AFFECTED PRODUCT(S) Pet Shop Management System In PHP With Source Code Vendor Homepage https://co...
๐จ CVE-2024-10557
A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /file/updateprofile.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2024-10559
A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function details of the component Passport Number Handler. The manipulation leads to buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function details of the component Passport Number Handler. The manipulation leads to buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
Airport Booking Management System in C with Source Code v1.0 - Buffer Overflow ยท Issue #64 ยท CveSecLook/cve
Airport Booking Management System in C with Source Code v1.0 - Buffer Overflow Author: YANG HUA In the main program file, a buffer overflow vulnerability exists on line 73 due to the use of the uns...
๐จ CVE-2024-10561
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
Codezips Pet Shop Management System In PHP With Source Code V1.0 birdsupdate.php SQL injection ยท Issue #29 ยท ppp-src/CVE
Codezips Pet Shop Management System In PHP With Source Code V1.0 birdsupdate.php SQL injection NAME OF AFFECTED PRODUCT(S) Pet Shop Management System In PHP With Source Code Vendor Homepage https:/...
๐จ CVE-2024-10595
A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
๐@cveNotify
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
๐@cveNotify
a-blog cms developer
JVNใงๅ ฑๅใใใVer. 3.1็ณปใฎ่ๅผฑๆงใธใฎๅฏพๅฟใซใคใใฆ | ใ็ฅใใ | ใใญใฐ | a-blog cms developer
a-blog cms Ver. 3.1็ณปใง่ๅผฑๆงใ่ฆใคใใใพใใใ ่ฉฒๅฝใฎ็ถๆณใซๅฝใฆใฏใพใๅ ดๅใฏๅคงๅคใๆๆฐใงใใไปฅไธใฎใๅฏพๅฟใใ้กใใใใใพใใ JVN่ญๅฅ็ชๅท JVN#48966481 ไปๅใฏ่ฆใคใใฃใ่ๅผฑๆงใฏใURLๅฝ่ฃ
ใฎ่ๅผฑๆงใใซใช...
๐จ CVE-2024-23269
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.
๐@cveNotify
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.
๐@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
๐จ CVE-2024-28882
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
๐@cveNotify
OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session
๐@cveNotify
๐จ CVE-2024-7084
The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.
๐@cveNotify
The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.
๐@cveNotify
WPScan
Ajax Search Lite < 4.12.1 - Admin+ Stored XSS
See details on Ajax Search Lite < 4.12.1 - Admin+ Stored XSS CVE 2024-7084. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-37879
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".
๐@cveNotify
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".
๐@cveNotify
GitHub
Fix user input sanitization in INI config ยท usvn/usvn@6b46789
Signed-off-by: Jeffrey Bencteux <jeffbencteux@gmail.com>
๐จ CVE-2024-44159
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.
๐@cveNotify
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences.
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13.7.1 - Apple Support
This document describes the security content of macOS Ventura 13.7.1.