π¨ CVE-2024-45237
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow.
π@cveNotify
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow.
π@cveNotify
FORT Validator - RPKI Relying Party
CVE
FORT validator is an RPKI Relying Party. It is a service that performs the validation of the entire RPKI repository, and which serves the resulting ROAs for easy access by your routers.
π¨ CVE-2024-45238
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
π@cveNotify
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
π@cveNotify
FORT Validator - RPKI Relying Party
CVE
FORT validator is an RPKI Relying Party. It is a service that performs the validation of the entire RPKI repository, and which serves the resulting ROAs for easy access by your routers.
π¨ CVE-2024-45239
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
π@cveNotify
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
π@cveNotify
FORT Validator - RPKI Relying Party
CVE
FORT validator is an RPKI Relying Party. It is a service that performs the validation of the entire RPKI repository, and which serves the resulting ROAs for easy access by your routers.
π¨ CVE-2024-8138
A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
π@cveNotify
A vulnerability, which was classified as critical, was found in code-projects Pharmacy Management System 1.0. Affected is the function editManager of the file /index.php?action=editManager of the component Parameter Handler. The manipulation of the argument id as part of String leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
π@cveNotify
π¨ CVE-2024-8139
A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulation of the argument user leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulation of the argument user leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Itsourcecode "E-Commerce Website" in PHP 1.0 "search_list.php" SQL injection Β· Issue #7 Β· ppp-src/ha
Itsourcecode "E-Commerce Website" in PHP 1.0 "search_list.php" SQL injection NAME OF AFFECTED PRODUCT(S) E-Commerce Website In PHP With Source Code Vendor Homepage https://itsou...
π¨ CVE-2024-45244
Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window.
π@cveNotify
Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window.
π@cveNotify
GitHub
added timestamp proposal check so that it does not go beyond timewind⦠· hyperledger/fabric@155457a
β¦ow (#4942)
Signed-off-by: Fedor Partanskiy <fredprtnsk@gmail.com>
Signed-off-by: Fedor Partanskiy <fredprtnsk@gmail.com>
π¨ CVE-2024-8140
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE/SourceCodester_Task_Progress_Tracker_Update_Task_XSS.md at main Β· jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
π¨ CVE-2024-8141
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-calorie.php. The manipulation of the argument calorie_date/calorie_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-calorie.php. The manipulation of the argument calorie_date/calorie_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE/SourceCodester_Daily_Calories_Monitoring_Tool_add_calorie_XSS.md at main Β· jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
π¨ CVE-2024-8142
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/delete-calorie.php. The manipulation of the argument calorie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/delete-calorie.php. The manipulation of the argument calorie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE/SourceCodester_Daily_Calories_Monitoring_Tool_delete_calorie_XSS.md at main Β· jadu101/CVE
Contribute to jadu101/CVE development by creating an account on GitHub.
π¨ CVE-2024-8144
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
bug2_report/classcms_xss.md at main Β· acmglz/bug2_report
Contribute to acmglz/bug2_report development by creating an account on GitHub.
π¨ CVE-2024-1430
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2024-8145
A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
bug2_report/classcms_url_jump.md at main Β· acmglz/bug2_report
Contribute to acmglz/bug2_report development by creating an account on GitHub.
β€1
π¨ CVE-2024-42337
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
π¨ CVE-2024-42338
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
π¨ CVE-2024-42339
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
π@cveNotify
π1
π¨ CVE-2024-42340
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
π@cveNotify
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
π@cveNotify
π¨ CVE-2024-8146
A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2024-8147
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2024-8011
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
π@cveNotify
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
π@cveNotify
HackerOne
HackerOne | Global leader in offensive security | Security for AI | Crowdsourced Security
HackerOne combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the SDLC. HackerOne offers AI red teaming, crowdsourced security, bug bounty, vulnerability disclosureβ¦
π¨ CVE-2024-33224
An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
π@cveNotify
An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
π@cveNotify
GitHub
Win-Driver-EXP/CVE-2024-33224 at main Β· DriverHunter/Win-Driver-EXP
This repo contains EXPs about Vulnerable Windows Driver - DriverHunter/Win-Driver-EXP
π¨ CVE-2024-22060
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
π@cveNotify
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
π@cveNotify