π¨ CVE-2024-2653
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
π@cveNotify
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
π@cveNotify
π¨ CVE-2024-2758
Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.
π@cveNotify
Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.
π@cveNotify
π¨ CVE-2024-2653
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
π@cveNotify
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
π@cveNotify
π¨ CVE-2024-0335
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may
be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)
This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.
π@cveNotify
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may
be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst)
This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2.
π@cveNotify
π¨ CVE-2024-2753
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
Thank you Rikuto Tauchi for reporting
π@cveNotify
Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.0 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
Thank you Rikuto Tauchi for reporting
π@cveNotify
Concrete CMS Documentation
9.2.8 Release Notes
π¨ CVE-2024-3178
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
π@cveNotify
Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All administrators have access to the File Manager and hence could create a search filter with the malicious code attached. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
π@cveNotify
Concrete CMS Documentation
9.2.8 Release Notes
π¨ CVE-2024-3179
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
π@cveNotify
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .
π@cveNotify
Concrete CMS Documentation
9.2.8 Release Notes
π¨ CVE-2024-3180
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
π@cveNotify
Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Prior to fix, stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
π@cveNotify
Concrete CMS Documentation
9.2.8 Release Notes
π¨ CVE-2024-3179
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
π@cveNotify
Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting.
π@cveNotify
Concrete CMS Documentation
9.2.8 Release Notes
π¨ CVE-2024-3181
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
π@cveNotify
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
π@cveNotify
Concrete CMS Documentation
9.2.8 Release Notes
π¨ CVE-2024-25410
flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.
π@cveNotify
flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.
π@cveNotify
GitHub
Update update_setting.php Β· flusity/flusity-CMS@b99de3b
Signed-off-by: Darius Jakaitis <105962203+flusity@users.noreply.github.com>
π¨ CVE-2024-27706
Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues.
π@cveNotify
Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues.
π@cveNotify
GitHub
vulnerability-research/CVE-2024-27706/README.md at main Β· b-hermes/vulnerability-research
This repository contains information on the CVEs I've found. - b-hermes/vulnerability-research
π¨ CVE-2023-52043
An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication controls.
π@cveNotify
An issue in D-Link COVR 1100, 1102, 1103 AC1200 Dual-Band Whole-Home Mesh Wi-Fi System (Hardware Rev B1) truncates Wireless Access Point Passwords (WPA-PSK) allowing an attacker to gain unauthorized network access via weak authentication controls.
π@cveNotify
exploots
D-Link COVR-1102 Password Truncation Vulnerability
I discovered a vulnerability in the D-Link COVR-1102 AC1200 Dual Band Whole Home Mesh Wi-Fi System (Hardware Version: B1, Firmware Version <= 2.02). Affected devices were discovered to truncate Wi-Fi Protected Access Pre-Shared Keys (WPA-PSK) for a wirelessβ¦
π¨ CVE-2024-27705
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.
π@cveNotify
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.
π@cveNotify
GitHub
vulnerability-research/CVE-2024-27705 at main Β· b-hermes/vulnerability-research
This repository contains information on the CVEs I found. - b-hermes/vulnerability-research
π¨ CVE-2024-28870
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.
π@cveNotify
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.
π@cveNotify
GitHub
Excessive resource use in malformed ssh traffic parsing
### Impact
When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records.
### Patches
Upgrade to 7.0.4 or 6.0.17....
When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records.
### Patches
Upgrade to 7.0.4 or 6.0.17....
π¨ CVE-2024-29413
Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function.
π@cveNotify
Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function.
π@cveNotify
GitHub
Vulnerability-Research/CVE-2024-29413 at main Β· RealestName/Vulnerability-Research
This repository contains information on the CVEs I found - RealestName/Vulnerability-Research
π¨ CVE-2024-2689
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid UTF-8 will become stuck in the queue, causing an increase in queue lag. Eventually, all processes handling these queues will become stuck and the system will run out of resources. The workflow ID of the failing task will be visible in the logs, and can be used to remove that workflow as a mitigation. Version 1.23 is not impacted. In this context, a user is an operator of Temporal Server.
π@cveNotify
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid UTF-8 will become stuck in the queue, causing an increase in queue lag. Eventually, all processes handling these queues will become stuck and the system will run out of resources. The workflow ID of the failing task will be visible in the logs, and can be used to remove that workflow as a mitigation. Version 1.23 is not impacted. In this context, a user is an operator of Temporal Server.
π@cveNotify
GitHub
Releases Β· temporalio/temporal
Temporal service. Contribute to temporalio/temporal development by creating an account on GitHub.
π¨ CVE-2024-30265
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilΓ dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilΓ dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilΓ is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
π@cveNotify
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilΓ dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilΓ dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilΓ is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
π@cveNotify
GitHub
GHSA-2q59-h24c-w6fg Β· voila-dashboards/voila@00d6362
VoilΓ turns Jupyter notebooks into standalone web applications - GHSA-2q59-h24c-w6fg Β· voila-dashboards/voila@00d6362
π¨ CVE-2024-3270
A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7.
π@cveNotify
A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7.
π@cveNotify
π¨ CVE-2024-25568
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product.
π@cveNotify
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product.
π@cveNotify
jvn.jp
JVNVU#95381465: Multiple vulnerabilities in ELECOM wireless LAN routers
Japan Vulnerability Notes
π¨ CVE-2024-26258
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
π@cveNotify
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
π@cveNotify
jvn.jp
JVNVU#95381465: Multiple vulnerabilities in ELECOM wireless LAN routers
Japan Vulnerability Notes