๐จ CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
๐@cveNotify
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
๐@cveNotify
Google Docs
Ghost CMS - Brute Force Protection Bypass CVE
** As I disclosed the vulnerability to them via email, there is no link to paste. However, Iโm pasting here the correspondence with Ghost team ** As stated in the previous email, the vulnerability includes a bypass in the implementation of the Brute Forceโฆ
๐จ CVE-2024-34580
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."
๐@cveNotify
Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the supplier disputes this CVE Record on the grounds that they are implementing the specification "correctly" and are not "at fault."
๐@cveNotify
Google Cloud Blog
Apache XML Security for C++ Library Allows for Server-Side Request Forgery | Google Cloud Blog
A default configuration in an Apache library could lead to server-side request forgery.
๐จ CVE-2024-35260
An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.
๐@cveNotify
An authenticated attacker can exploit an Untrusted Search Path vulnerability in Microsoft Dataverse to execute code over a network.
๐@cveNotify
๐จ CVE-2024-34588
Improper input validationํปin parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
๐@cveNotify
Improper input validationํปin parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
๐@cveNotify
๐จ CVE-2024-32861
Under certain circumstances the Software House CโCURE 9000 Site Server provides insufficient protection of directories containing executables.
๐@cveNotify
Under certain circumstances the Software House CโCURE 9000 Site Server provides insufficient protection of directories containing executables.
๐@cveNotify
๐จ CVE-2024-7378
A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability.
๐@cveNotify
A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability.
๐@cveNotify
Gist
sourcecodester_Simple Realtime Quiz System_SQL_INJECTION_10.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.
๐@cveNotify
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.
๐@cveNotify
GitHub
Added more checks by molangning ยท Pull Request #3428 ยท pugjs/pug
If templateName gets injected attackers can inject arbitrary code.
Example payload: templateName="a(){}; function template (locals) {var pug_html = process.mainModule.require('fs&a...
Example payload: templateName="a(){}; function template (locals) {var pug_html = process.mainModule.require('fs&a...
๐จ CVE-2024-35548
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
๐@cveNotify
A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection.
๐@cveNotify
MyBatis-Plus
้ข้ฒๅฎๅ
จๆผๆด
๐จ CVE-2024-37408
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pam_fprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd.
๐@cveNotify
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pam_fprintd.so to front-ends that implement a proper attention mechanism, not modifying pam_fprintd.so or fprintd.
๐@cveNotify
๐จ CVE-2024-36263
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: all versions.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: all versions.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
๐จ CVE-2024-36264
** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.
This issue affects Apache Submarine Commons Utils: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.
This issue affects Apache Submarine Commons Utils: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
๐จ CVE-2024-36265
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
๐จ CVE-2024-38394
Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."
๐@cveNotify
Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE."
๐@cveNotify
GitLab
New Security Issue: USBGuard and device spoofing (#780) ยท Issues ยท GNOME / gnome-settings-daemon ยท GitLab
Original reporter: Michael Fincham Area: Platform component (libraries, tools) Message Hi Gnome security,
๐จ CVE-2024-36277
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures.
๐@cveNotify
Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures.
๐@cveNotify
App Store
FreeFrom - the nostr client App - App Store
Download FreeFrom - the nostr client by FreeFrom K.K. on the App Store. See screenshots, ratings and reviews, user tips, and more apps like FreeFrom - the nostrโฆ
๐จ CVE-2024-38164
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
๐@cveNotify
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
๐@cveNotify
๐จ CVE-2024-38176
An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.
๐@cveNotify
An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.
๐@cveNotify
๐จ CVE-2024-38182
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
๐@cveNotify
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
๐@cveNotify
๐จ CVE-2024-38482
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
๐@cveNotify
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
๐@cveNotify
๐จ CVE-2024-42458
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type.
๐@cveNotify
server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type.
๐@cveNotify
GitHub
Add sanity check for chosen security type ยท any1/neatvnc@cc71650
A liberally licensed VNC server library with a clean interface - Add sanity check for chosen security type ยท any1/neatvnc@cc71650
๐จ CVE-2024-39236
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.
๐@cveNotify
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.
๐@cveNotify
GitHub
PoC/Gradio.md at main ยท Aaron911/PoC
Contribute to Aaron911/PoC development by creating an account on GitHub.
๐จ CVE-2023-0687
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
๐@cveNotify
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
๐@cveNotify