๐จ CVE-2024-28870
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.
๐@cveNotify
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.
๐@cveNotify
GitHub
Excessive resource use in malformed ssh traffic parsing
### Impact
When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records.
### Patches
Upgrade to 7.0.4 or 6.0.17....
When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records.
### Patches
Upgrade to 7.0.4 or 6.0.17....
๐จ CVE-2024-29413
Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function.
๐@cveNotify
Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function.
๐@cveNotify
GitHub
Vulnerability-Research/CVE-2024-29413 at main ยท RealestName/Vulnerability-Research
This repository contains information on the CVEs I found - RealestName/Vulnerability-Research
๐จ CVE-2024-2689
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid UTF-8 will become stuck in the queue, causing an increase in queue lag. Eventually, all processes handling these queues will become stuck and the system will run out of resources. The workflow ID of the failing task will be visible in the logs, and can be used to remove that workflow as a mitigation. Version 1.23 is not impacted. In this context, a user is an operator of Temporal Server.
๐@cveNotify
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid UTF-8 will become stuck in the queue, causing an increase in queue lag. Eventually, all processes handling these queues will become stuck and the system will run out of resources. The workflow ID of the failing task will be visible in the logs, and can be used to remove that workflow as a mitigation. Version 1.23 is not impacted. In this context, a user is an operator of Temporal Server.
๐@cveNotify
GitHub
Releases ยท temporalio/temporal
Temporal service. Contribute to temporalio/temporal development by creating an account on GitHub.
๐จ CVE-2024-30265
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilร dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilร dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilร is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
๐@cveNotify
Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilร dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilร dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilร is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
๐@cveNotify
GitHub
GHSA-2q59-h24c-w6fg ยท voila-dashboards/voila@00d6362
Voilร turns Jupyter notebooks into standalone web applications - GHSA-2q59-h24c-w6fg ยท voila-dashboards/voila@00d6362
๐จ CVE-2024-3270
A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7.
๐@cveNotify
A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7.
๐@cveNotify
๐จ CVE-2024-25568
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product.
๐@cveNotify
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product.
๐@cveNotify
jvn.jp
JVNVU#95381465: Multiple vulnerabilities in ELECOM wireless LAN routers
Japan Vulnerability Notes
๐จ CVE-2024-26258
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
๐@cveNotify
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
๐@cveNotify
jvn.jp
JVNVU#95381465: Multiple vulnerabilities in ELECOM wireless LAN routers
Japan Vulnerability Notes
๐จ CVE-2024-29167
SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
๐@cveNotify
SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
๐@cveNotify
jvn.jp
JVNVU#93932313: SEEnergy SVR-116 vulnerable to OS command injection
Japan Vulnerability Notes
๐จ CVE-2024-29225
WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.
๐@cveNotify
WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.
๐@cveNotify
jvn.jp
JVNVU#95381465: Multiple vulnerabilities in ELECOM wireless LAN routers
Japan Vulnerability Notes
๐จ CVE-2024-21798
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.
๐@cveNotify
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.
๐@cveNotify
jvn.jp
JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
Japan Vulnerability Notes
๐จ CVE-2024-23910
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.
๐@cveNotify
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.
๐@cveNotify
jvn.jp
JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
Japan Vulnerability Notes
๐จ CVE-2024-25579
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.
๐@cveNotify
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier.
๐@cveNotify
jvn.jp
JVNVU#99444194: ELECOM wireless LAN routers vulnerable to OS command injection
Japan Vulnerability Notes
๐จ CVE-2024-3272
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
๐@cveNotify
GitHub
GitHub - netsecfish/dlink
Contribute to netsecfish/dlink development by creating an account on GitHub.
๐จ CVE-2024-3273
A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
๐@cveNotify
A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
๐@cveNotify
GitHub
GitHub - netsecfish/dlink
Contribute to netsecfish/dlink development by creating an account on GitHub.
๐จ CVE-2023-7152
A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.
๐@cveNotify
GitHub
extmod/modselect: Handle growing the pollfds allocation correctly. ยท jimmo/micropython@8b24aa3
The poll_obj_t instances have their pollfd field point into this
allocation. So if re-allocating results in a move, we need to update the
existing poll_obj_t's.
Update the test to cover t...
allocation. So if re-allocating results in a move, we need to update the
existing poll_obj_t's.
Update the test to cover t...
๐จ CVE-2023-7158
A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.
๐@cveNotify
A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.
๐@cveNotify
GitHub
heap-buffer-overflow: mis-interpretation of float as int at slice_indices ยท Issue #13007 ยท micropython/micropython
Summary OS: Ubuntu 22.04 version: a00c9d5 port: unix contribution: Junwha Hong and Wonil Jang @S2-Lab, UNIST description: slice_indices misinterpret float value as integer value, and leads to buffe...
๐จ CVE-2024-2692
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.
๐@cveNotify
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.
๐@cveNotify
Fluidattacks
SiYuan 3.0.3 - RCE via Server Side XSS | Fluid Attacks
AppSec solution that integrates AI, automated tools, and pentesters to help you prevent, detect, manage, and fix vulnerabilities continuously across your SDLC.
๐จ CVE-2024-2803
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
๐จ CVE-2024-2868
The ShopLentor โ WooCommerce Builder for Elementor & Gutenberg +12 Modules โ All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
The ShopLentor โ WooCommerce Builder for Elementor & Gutenberg +12 Modules โ All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
๐จ CVE-2024-3022
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution.
๐@cveNotify
The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpress_process_upload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or higher to upload arbitrary files on the affected site's server, enabling remote code execution.
๐@cveNotify
๐จ CVE-2024-3030
The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
๐@cveNotify
The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
๐@cveNotify