๐จ CVE-2024-41677
Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` file. It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). This has been resolved in qwik version 1.6.0 and @builder.io/qwik version 1.7.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
๐@cveNotify
Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` file. It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). This has been resolved in qwik version 1.6.0 and @builder.io/qwik version 1.7.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
๐@cveNotify
GitHub
qwik/packages/qwik/src/core/render/ssr/render-ssr.ts at v1.5.5 ยท QwikDev/qwik
Instant-loading web apps, without effort. Contribute to QwikDev/qwik development by creating an account on GitHub.
๐จ CVE-2024-42347
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.
๐@cveNotify
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.
๐@cveNotify
GitHub
Release v3.105.1 ยท matrix-org/matrix-react-sdk
Fixes for CVE-2024-42347 / GHSA-f83w-wqhc-cfp4.
๐จ CVE-2024-34610
Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.
๐@cveNotify
Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.
๐@cveNotify
๐จ CVE-2024-34611
Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.
๐@cveNotify
Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.
๐@cveNotify
๐จ CVE-2024-34612
Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
๐@cveNotify
Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
๐@cveNotify
๐จ CVE-2024-34613
Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.
๐@cveNotify
Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.
๐@cveNotify
๐1
๐จ CVE-2024-34614
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
๐@cveNotify
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
๐@cveNotify
๐จ CVE-2024-34615
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.
๐@cveNotify
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.
๐@cveNotify
๐จ CVE-2024-34616
Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.
๐@cveNotify
Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.
๐@cveNotify
๐จ CVE-2024-34617
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.
๐@cveNotify
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.
๐@cveNotify
๐จ CVE-2024-34618
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
๐@cveNotify
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
๐@cveNotify
๐จ CVE-2024-34619
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
๐@cveNotify
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
๐@cveNotify
๐จ CVE-2024-2400
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 122.0.6261.128/.129 for Windows and Mac and 122.0.6261.128 to Linux which will roll out over the comi...
๐จ CVE-2024-3406
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
๐@cveNotify
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
๐@cveNotify
WPScan
WP Prayer <= 2.0.9 - Email Settings Update via CSRF
See details on WP Prayer <= 2.0.9 - Email Settings Update via CSRF CVE 2024-3406. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-3643
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
๐@cveNotify
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
๐@cveNotify
WPScan
Newsletter Popup <= 1.2 - List Deletion via CSRF
See details on Newsletter Popup <= 1.2 - List Deletion via CSRF CVE 2024-3643. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-35527
An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file.
๐@cveNotify
An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file.
๐@cveNotify
www.bastionsecurity.co.nz
FarCry Core Framework - Multiple issues
Multiple vulnerabilities were discovered in the FarCry Core framework which could allow an unauthenticated user to arbitrarily upload files and perform remote code execution on the underlying server.
๐จ CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
๐@cveNotify
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
๐@cveNotify
GitHub
Releases ยท gogs/gogs
Gogs is a painless self-hosted Git service. Contribute to gogs/gogs development by creating an account on GitHub.
๐จ CVE-2024-40892
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).
๐@cveNotify
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).
๐@cveNotify
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
๐จ CVE-2024-40893
Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software
versions before 1.979. A physically close
attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.
๐@cveNotify
Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software
versions before 1.979. A physically close
attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.
๐@cveNotify
VulnCheck
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
๐จ CVE-2024-41710
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
๐@cveNotify
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. A successful exploit could allow an attacker to execute arbitrary commands within the context of the system.
๐@cveNotify
GitHub
CVE/Mitel/6.3.0.1020/README.md at main ยท kwburns/CVE
A repository containing exploit code / zero-day research I've worked on. - kwburns/CVE
๐จ CVE-2024-42546
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
๐@cveNotify
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
๐@cveNotify
GitHub
IoT-vulnerable/TOTOLink/A3100R/loginauth_password.md at main ยท noahze01/IoT-vulnerable
Contribute to noahze01/IoT-vulnerable development by creating an account on GitHub.