๐จ CVE-2024-35329
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions.
๐@cveNotify
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions.
๐@cveNotify
๐จ CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
๐@cveNotify
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
๐@cveNotify
Google Docs
Ghost CMS - Brute Force Protection Bypass CVE
** As I disclosed the vulnerability to them via email, there is no link to paste. However, Iโm pasting here the correspondence with Ghost team ** As stated in the previous email, the vulnerability includes a bypass in the implementation of the Brute Forceโฆ
๐จ CVE-2024-34580
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."
๐@cveNotify
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."
๐@cveNotify
Google Cloud Blog
Apache XML Security for C++ Library Allows for Server-Side Request Forgery | Google Cloud Blog
A default configuration in an Apache library could lead to server-side request forgery.
๐จ CVE-2024-35260
An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.
๐@cveNotify
An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.
๐@cveNotify
๐จ CVE-2024-34588
Improper input validationํปin parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
๐@cveNotify
Improper input validationํปin parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
๐@cveNotify
๐จ CVE-2024-32861
Under certain circumstances the Software House CโCURE 9000 Site Server provides insufficient protection of directories containing executables.
๐@cveNotify
Under certain circumstances the Software House CโCURE 9000 Site Server provides insufficient protection of directories containing executables.
๐@cveNotify
๐จ CVE-2024-7378
A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability.
๐@cveNotify
Gist
sourcecodester_Simple Realtime Quiz System_SQL_INJECTION_10.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.
๐@cveNotify
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.
๐@cveNotify
GitHub
Added more checks by molangning ยท Pull Request #3428 ยท pugjs/pug
If templateName gets injected attackers can inject arbitrary code.
Example payload: templateName="a(){}; function template (locals) {var pug_html = process.mainModule.require('fs&a...
Example payload: templateName="a(){}; function template (locals) {var pug_html = process.mainModule.require('fs&a...
๐จ CVE-2024-35548
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
๐@cveNotify
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
๐@cveNotify
MyBatis-Plus
้ข้ฒๅฎๅ
จๆผๆด
๐จ CVE-2024-37408
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pam_fprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd.
๐@cveNotify
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pam_fprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd.
๐@cveNotify
๐จ CVE-2024-36263
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: all versions.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: all versions.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
๐จ CVE-2024-36264
** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.
This issue affects Apache Submarine Commons Utils: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.
This issue affects Apache Submarine Commons Utils: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
๐จ CVE-2024-36265
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
๐จ CVE-2024-38394
Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."
๐@cveNotify
Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."
๐@cveNotify
GitLab
New Security Issue: USBGuard and device spoofing (#780) ยท Issues ยท GNOME / gnome-settings-daemon ยท GitLab
Original reporter: Michael Fincham Area: Platform component (libraries, tools) Message Hi Gnome security,
๐จ CVE-2024-36277
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures.
๐@cveNotify
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures.
๐@cveNotify
App Store
FreeFrom - the nostr client App - App Store
Download FreeFrom - the nostr client by FreeFrom K.K. on the App Store. See screenshots, ratings and reviews, user tips, and more apps like FreeFrom - the nostrโฆ
๐จ CVE-2024-38164
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
๐@cveNotify
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
๐@cveNotify
๐จ CVE-2024-38176
An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.
๐@cveNotify
An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.
๐@cveNotify
๐จ CVE-2024-38182
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
๐@cveNotify
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
๐@cveNotify
๐จ CVE-2024-38482
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
๐@cveNotify
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
๐@cveNotify
๐จ CVE-2024-42458
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type.
๐@cveNotify
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type.
๐@cveNotify
GitHub
Add sanity check for chosen security type ยท any1/neatvnc@cc71650
A liberally licensed VNC server library with a clean interface - Add sanity check for chosen security type ยท any1/neatvnc@cc71650
๐จ CVE-2024-39236
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.
๐@cveNotify
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.
๐@cveNotify
GitHub
PoC/Gradio.md at main ยท Aaron911/PoC
Contribute to Aaron911/PoC development by creating an account on GitHub.