π¨ CVE-2024-23946
Possible path traversal in Apache OFBiz allowing file inclusion.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.
π@cveNotify
Possible path traversal in Apache OFBiz allowing file inclusion.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.
π@cveNotify
π¨ CVE-2024-24149
A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.
π@cveNotify
A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.
π@cveNotify
GitHub
Memory leaks on parseSWF_GLYPHENTRY Β· Issue #310 Β· libming/libming
Envrionment ubuntu ξ° ~/lab/libming/util ξ° ξ master ξ° lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.2 LTS Release: 22.04 Codename: jammy Compiler ubun...
π¨ CVE-2024-25830
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
π@cveNotify
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
π@cveNotify
IoT Security Research Labs - NeroTeam Blog
F-logic DataCube3 Security Flaws - NeroTeam Security Labs
Vulnerabilities of F-logic DataCube3, including unauthenticated SQL Injection, unrestricted file upload, improper access control, and XSS.
π¨ CVE-2021-28663
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
π@cveNotify
The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
π@cveNotify
Arm
Arm Product Security Center
Arm is committed to upholding the highest standards of security across its products and the wider Arm ecosystem. To support its partners and the broader community, Arm publishes three types of security-related documentation, Security Bulletins, Security Updatesβ¦
π¨ CVE-2023-50379
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.
Impact:
A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.
π@cveNotify
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.
Impact:
A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.
π@cveNotify
π¨ CVE-2023-52047
Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.
π@cveNotify
Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager.
π@cveNotify
π¨ CVE-2023-50437
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.
π@cveNotify
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.
π@cveNotify
Couchbase
Release Notes for Couchbase Server 8.0 | Couchbase Docs
Couchbase Server 8.0.0 introduces many fixes, as well as some deprecations and removals.
π¨ CVE-2024-29756
In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2024-33620
Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker.
π@cveNotify
Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker.
π@cveNotify
jvn.jp
JVN#65171386: Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR
Japan Vulnerability Notes
π¨ CVE-2024-36877
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3.
π@cveNotify
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3.
π@cveNotify
π¨ CVE-2024-24027
SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists.
π@cveNotify
SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists.
π@cveNotify
Substack
CVE-2024-24027 - SQL Injection trong LikeShop <2.5.7
Lα» hα»ng bαΊ£o mαΊt SQL Injection (CVE-2024-24027) của sαΊ£n phαΊ©m LikeShop < 2.5.7 trong tham sα» id tαΊ‘i endpoint /admin/distribution_member/fans.html
π¨ CVE-2024-6684
Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass.This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported.
π@cveNotify
Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass.This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported.
π@cveNotify
π¨ CVE-2024-39091
An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request.
π@cveNotify
An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request.
π@cveNotify
π¨ CVE-2024-7742
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Mirage/CVE14-3.md at main Β· DeepMountains/Mirage
Contribute to DeepMountains/Mirage development by creating an account on GitHub.
π¨ CVE-2024-7743
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Mirage/CVE14-4.md at main Β· DeepMountains/Mirage
Contribute to DeepMountains/Mirage development by creating an account on GitHub.
π¨ CVE-2024-38166
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.
π@cveNotify
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.
π@cveNotify
π¨ CVE-2024-38206
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
π@cveNotify
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
π@cveNotify
π¨ CVE-2024-38109
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
π@cveNotify
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
π@cveNotify
π¨ CVE-2024-7748
A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0. This issue affects some unknown processing of the file /endpoint/delete-account.php. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0. This issue affects some unknown processing of the file /endpoint/delete-account.php. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
webray.com.cn/Accounts-Manager-App/Accounts-Manager-Appsql.md at main Β· joinia/webray.com.cn
Contribute to joinia/webray.com.cn development by creating an account on GitHub.
π¨ CVE-2024-7749
A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Affected is an unknown function of the file /endpoint/add-account.php. The manipulation of the argument account_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
webray.com.cn/Accounts-Manager-App/Accounts-Manager-Appxss.md at main Β· joinia/webray.com.cn
Contribute to joinia/webray.com.cn development by creating an account on GitHub.
π¨ CVE-2024-38164
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
π@cveNotify
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
π@cveNotify