🚨 CVE-2024-23270
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.
🎖@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.
🎖@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
🚨 CVE-2023-42950
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
🎖@cveNotify
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
🎖@cveNotify
🚨 CVE-2024-32488
In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there.
🎖@cveNotify
In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there.
🎖@cveNotify
Foxit
Security Bulletins | Foxit
A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software.
🚨 CVE-2024-6892
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
🎖@cveNotify
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
🎖@cveNotify
🚨 CVE-2023-24064
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
🎖@cveNotify
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
🎖@cveNotify
❤1
🚨 CVE-2023-40261
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR03 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
🎖@cveNotify
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR03 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
🎖@cveNotify
🚨 CVE-2024-37334
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
🎖@cveNotify
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
🎖@cveNotify
🚨 CVE-2024-27877
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
🎖@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
🎖@cveNotify
seclists.org
Full Disclosure: APPLE-SA-07-29-2024-4 macOS Sonoma 14.6
🚨 CVE-2024-41949
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair.
🎖@cveNotify
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the necessary info to generate a third-party block and to sign it, which includes the public key of the previous block (used in the signature) and the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair.
🎖@cveNotify
GitHub
Public key confusion in third party block
Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBlock` request can be sent, providing only the necessary info to generat...
🚨 CVE-2024-37176
SAP BW/4HANA Transformation and Data Transfer
Process (DTP) allows an authenticated attacker to gain higher access levels
than they should have by exploiting improper authorization checks. This results
in escalation of privileges. It has no impact on the confidentiality of data
but may have low impacts on the integrity and availability of the application.
🎖@cveNotify
SAP BW/4HANA Transformation and Data Transfer
Process (DTP) allows an authenticated attacker to gain higher access levels
than they should have by exploiting improper authorization checks. This results
in escalation of privileges. It has no impact on the confidentiality of data
but may have low impacts on the integrity and availability of the application.
🎖@cveNotify
🚨 CVE-2024-32863
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
🎖@cveNotify
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
🎖@cveNotify
🚨 CVE-2024-32864
Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)
🎖@cveNotify
Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)
🎖@cveNotify
🚨 CVE-2024-32758
Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange
🎖@cveNotify
Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange
🎖@cveNotify
🚨 CVE-2024-32862
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.
🎖@cveNotify
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.
🎖@cveNotify
🚨 CVE-2024-32865
Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.
🎖@cveNotify
Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.
🎖@cveNotify
🚨 CVE-2023-7165
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.
🎖@cveNotify
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.
🎖@cveNotify
WPScan
JetBackup < 2.0.9.9 - Directory Listing Exposing Backups
See details on JetBackup < 2.0.9.9 - Directory Listing Exposing Backups CVE 2023-7165. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-0719
The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
🎖@cveNotify
The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
🎖@cveNotify
WPScan
Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting
See details on Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting CVE 2024-0719. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-1307
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions
🎖@cveNotify
The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions
🎖@cveNotify
WPScan
Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control
See details on Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control CVE 2024-1307. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-2857
The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.
🎖@cveNotify
The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.
🎖@cveNotify
WPScan
Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS
See details on Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS CVE 2024-2857. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-2404
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks.
🎖@cveNotify
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks.
🎖@cveNotify
WPScan
Better Comments < 1.5.6 - Subscriber+ Stored XSS
See details on Better Comments < 1.5.6 - Subscriber+ Stored XSS CVE 2024-2404. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-0151
Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.
🎖@cveNotify
Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state.
🎖@cveNotify