🚨 CVE-2024-11670
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.

🎖@cveNotify

🚨 CVE-2024-11671
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.

🎖@cveNotify

🚨 CVE-2024-11672
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.

🎖@cveNotify

🚨 CVE-2023-28461
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."

🎖@cveNotify

🚨 CVE-2023-42889
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to bypass certain Privacy preferences.

🎖@cveNotify

🚨 CVE-2024-27906
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.

Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

🎖@cveNotify

🚨 CVE-2024-27231
In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify

🚨 CVE-2024-30851
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.

🎖@cveNotify

🚨 CVE-2024-35401
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

🎖@cveNotify

🚨 CVE-2024-9798
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.

🎖@cveNotify

🚨 CVE-2024-9802
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.

🎖@cveNotify

🚨 CVE-2024-9787
A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🎖@cveNotify

🚨 CVE-2019-12387
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

🎖@cveNotify

🚨 CVE-2019-12855
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

🎖@cveNotify

🚨 CVE-2014-7143
Python Twisted 14.0 trustRoot is not respected in HTTP client

🎖@cveNotify

🚨 CVE-2016-1000111
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

🎖@cveNotify

🚨 CVE-2020-10108
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.

🎖@cveNotify

🚨 CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

🎖@cveNotify

🚨 CVE-2019-20921
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.

🎖@cveNotify

🚨 CVE-2021-24171
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter.

🎖@cveNotify

🚨 CVE-2022-21712
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

🎖@cveNotify