🚨 CVE-2024-2511
Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1.3 sessions
Impact summary: An attacker may exploit certain server configurations to trigger
unbounded memory growth that would lead to a Denial of Service
This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
being used (but not if early_data support is also configured and the default
anti-replay protection is in use). In this case, under certain conditions, the
session cache can get into an incorrect state and it will fail to flush properly
as it fills. The session cache will continue to grow in an unbounded manner. A
malicious client could deliberately create the scenario for this failure to
force a Denial of Service. It may also happen by accident in normal operation.
This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
clients.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
1.0.2 is also not affected by this issue.
🎖@cveNotify
Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1.3 sessions
Impact summary: An attacker may exploit certain server configurations to trigger
unbounded memory growth that would lead to a Denial of Service
This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
being used (but not if early_data support is also configured and the default
anti-replay protection is in use). In this case, under certain conditions, the
session cache can get into an incorrect state and it will fail to flush properly
as it fills. The session cache will continue to grow in an unbounded manner. A
malicious client could deliberately create the scenario for this failure to
force a Denial of Service. It may also happen by accident in normal operation.
This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
clients.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
1.0.2 is also not affected by this issue.
🎖@cveNotify
GitHub
Fix unconstrained session cache growth in TLSv1.3 · openssl/openssl@7e4d731
In TLSv1.3 we create a new session object for each ticket that we send.
We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
use then the new session will be added to the sessi...
We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
use then the new session will be added to the sessi...
🚨 CVE-2024-3440
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/edit_profile.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259693 was assigned to this vulnerability.
🎖@cveNotify
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/edit_profile.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259693 was assigned to this vulnerability.
🎖@cveNotify
GitHub
CVE/PrisonManagementSystemSQL3.md at main · fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
🚨 CVE-2024-3441
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability.
🎖@cveNotify
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Employee/edit-profile.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259694 is the identifier assigned to this vulnerability.
🎖@cveNotify
GitHub
CVE/PrisonManagementSystemSQL4.md at main · fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
🚨 CVE-2024-30269
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.
🎖@cveNotify
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.
🎖@cveNotify
GitHub
Release v2.5.0 · dataease/dataease
新增功能
feat(仪表板): 仪表板的公共链接支持在移动端打开
feat(仪表板): 支持仪表板资源树支持排序
feat(仪表板): 公共链接打开后,浏览器网页标题提示支持显示为仪表板和数据大屏的名称
feat(仪表板): 支持可视化资源支持外部参数功能 #8257
feat(仪表板): 增加开启移动端功能
feat(图表): 支持地图图例显示为整数 #8202
feat(图表): 地图...
feat(仪表板): 仪表板的公共链接支持在移动端打开
feat(仪表板): 支持仪表板资源树支持排序
feat(仪表板): 公共链接打开后,浏览器网页标题提示支持显示为仪表板和数据大屏的名称
feat(仪表板): 支持可视化资源支持外部参数功能 #8257
feat(仪表板): 增加开启移动端功能
feat(图表): 支持地图图例显示为整数 #8202
feat(图表): 地图...
🚨 CVE-2024-31205
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`.
🎖@cveNotify
Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in `refreshToken` mutation, while the token persists in `JWT_REFRESH_TOKEN_COOKIE_NAME` cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace `saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token`. This will fix the issue, but be aware, that it returns `JWT_MISSING_TOKEN` instead of `JWT_INVALID_TOKEN`.
🎖@cveNotify
GitHub
Advisory fix merx-280. · saleor/saleor@36699c6
Saleor Core: the high performance, composable, headless commerce API. - Advisory fix merx-280. · saleor/saleor@36699c6
🚨 CVE-2024-31221
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.
🎖@cveNotify
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.
🎖@cveNotify
GitHub
fix(security): ensure unpairing takes effect without restart (#2365) · LizardByte/Sunshine@b7aa811
Self-hosted game stream host for Moonlight. Contribute to LizardByte/Sunshine development by creating an account on GitHub.
🚨 CVE-2024-3442
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695.
🎖@cveNotify
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259695.
🎖@cveNotify
GitHub
CVE/PrisonManagementSystemSQL5.md at main · fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
🚨 CVE-2024-3443
A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696.
🎖@cveNotify
A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259696.
🎖@cveNotify
GitHub
CVE-submissions/prison-xss.md at main · zyairelai/CVE-submissions
Contribute to zyairelai/CVE-submissions development by creating an account on GitHub.
🚨 CVE-2024-3444
A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability.
🎖@cveNotify
A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability.
🎖@cveNotify
GitHub
lLGcmVjGkR/Wangshen SecGata 3600 Firewall net_pro_keyword_import_save arbitrary file upload vulnerability.pdf at main · h0e4a0r1t/lLGcmVjGkR
Contribute to h0e4a0r1t/lLGcmVjGkR development by creating an account on GitHub.
🚨 CVE-2024-31224
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.
🎖@cveNotify
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.
🎖@cveNotify
GitHub
Qhaoduoyu patch 1: pickle to json to increase security (#1648) · binary-husky/gpt_academic@8af6c0c
* Update theme.py
fix bugs
* Update theme.py
fix bugs
* change var names
---------
Co-authored-by: binary-husky <qingxu.fu@outlook.com>
fix bugs
* Update theme.py
fix bugs
* change var names
---------
Co-authored-by: binary-husky <qingxu.fu@outlook.com>
🚨 CVE-2024-31442
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.
🎖@cveNotify
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.
🎖@cveNotify
GitHub
V1.0.2 · Redon-Tech/Redon-Hub@38cb7c0
Redon Hub is a Roblox Product Delivery Bot (AKA Hub), it is designed to be as useful as other hub systems such as myPod, Parcel, and more while being 100% free and open source. - V1.0.2 · Redon-Tech/Redon-Hub@38cb7c0
👍1
🚨 CVE-2024-31447
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround.
🎖@cveNotify
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. The problem has been fixed in Shopware 6.6.1.0 and 6.5.8.8. Those who are unable to update can install the latest version of the Shopware Security Plugin as a workaround.
🎖@cveNotify
GitHub
NEXT-34608 - Improve account logout · shopware/shopware@5cc84dd
Shopware 6 is an open commerce platform based on Symfony Framework and Vue and supported by a worldwide community and more than 3.100 community extensions - NEXT-34608 - Improve account logout · shopware/shopware@5cc84dd
🚨 CVE-2024-3445
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability.
🎖@cveNotify
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability.
🎖@cveNotify
GitHub
CVE/LaundryManagementSystemSQL.md at main · fubxx/CVE
My CVE exploit repository. Contribute to fubxx/CVE development by creating an account on GitHub.
🚨 CVE-2024-3455
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711.
🎖@cveNotify
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259711.
🎖@cveNotify
GitHub
cve/NS-ASG-sql-add_postlogin.md at main · flyyue2001/cve
Contribute to flyyue2001/cve development by creating an account on GitHub.
🚨 CVE-2024-3456
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712.
🎖@cveNotify
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/config_Anticrack.php. The manipulation of the argument GroupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259712.
🎖@cveNotify
GitHub
cve/NS-ASG-sql-config_Anticrack.md at main · flyyue2001/cve
Contribute to flyyue2001/cve development by creating an account on GitHub.
🚨 CVE-2024-2369
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
🎖@cveNotify
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
🎖@cveNotify
WPScan
Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS
See details on Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS CVE 2024-2369. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-2509
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
🎖@cveNotify
The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
🎖@cveNotify
Plugin Security Certification (PSC) by CleanTalk
CVE-2024-2509 - Gutenberg Blocks by Kadence Blocks - Stored XSS to Admin Account Creation (Contributor+) - POC - Plugin Security…
A critical vulnerability, CVE-2024-2509, has been uncovered in the popular Gutenberg Blocks by Kadence Blocks plugin, boasting over 400,000 active installations. This flaw opens the door to malicious attackers, allowing them to execute Stored XSS attacks…
🚨 CVE-2024-1292
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
🎖@cveNotify
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
🎖@cveNotify
WPScan
WPB Show Core < 2.6 - Reflected XSS
See details on WPB Show Core < 2.6 - Reflected XSS CVE 2024-1292. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-1958
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
🎖@cveNotify
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users
🎖@cveNotify
WPScan
WPB Show Core < 2.7 - Reflected XSS
See details on WPB Show Core < 2.7 - Reflected XSS CVE 2024-1958. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2023-7164
The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database.
🎖@cveNotify
The BackWPup WordPress plugin before 4.0.4 does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database.
🎖@cveNotify
WPScan
BackWPup < 4.0.4 - Unauthenticated Backup Download
See details on BackWPup < 4.0.4 - Unauthenticated Backup Download CVE 2023-7164. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-23082
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition).
🎖@cveNotify
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition).
🎖@cveNotify