π¨ CVE-2024-7269
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.
π@cveNotify
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.
π@cveNotify
cert.pl
Vulnerability in ConnX ESP HR Management software
Stored XSS vulnerability (CVE-2024-7269) has been found in ConnX ESP HR Management software.
π¨ CVE-2024-7608
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.
π@cveNotify
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.
π@cveNotify
π¨ CVE-2024-45346
The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
π@cveNotify
The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
π@cveNotify
Mi
Xiaomi Security Center
Xiaomi Product Security Center provides users and partners of Xiaomi with detailed information on the security status of our smartphones and IoT products, including product security advisories and notices, security updates and support information, and securityβ¦
π¨ CVE-2024-6449
HyperView Geoportal Toolkit in versions though 8.2.4 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters.
An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space.
By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides.
π@cveNotify
HyperView Geoportal Toolkit in versions though 8.2.4 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters.
An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space.
By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides.
π@cveNotify
cert.pl
Vulnerabilities in HyperView Geoportal Toolkit software
CERT Polska has received a report about 2 vulnerabilities (CVE-2024-6449 and CVE-2024-6450) found in HyperView Geoportal Toolkit software.
π¨ CVE-2024-6450
HyperView Geoportal Toolkit in versions though 8.2.4 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.
π@cveNotify
HyperView Geoportal Toolkit in versions though 8.2.4 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.
π@cveNotify
cert.pl
Vulnerabilities in HyperView Geoportal Toolkit software
CERT Polska has received a report about 2 vulnerabilities (CVE-2024-6449 and CVE-2024-6450) found in HyperView Geoportal Toolkit software.
π¨ CVE-2024-7447
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor β Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to upload arbitrary media to the site, even if no forms exist.
π@cveNotify
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor β Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to upload arbitrary media to the site, even if no forms exist.
π@cveNotify
π¨ CVE-2022-39997
A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges
π@cveNotify
A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges
π@cveNotify
π¨ CVE-2024-1544
Generating the ECDSA nonce k samples a random number r and then
truncates this randomness with a modular reduction mod n where n is the
order of the elliptic curve. Meaning k = r mod n. The division used
during the reduction estimates a factor q_e by dividing the upper two
digits (a digit having e.g. a size of 8 byte) of r by the upper digit of
n and then decrements q_e in a loop until it has the correct size.
Observing the number of times q_e is decremented through a control-flow
revealing side-channel reveals a bias in the most significant bits of
k. Depending on the curve this is either a negligible bias or a
significant bias large enough to reconstruct k with lattice reduction
methods. For SECP160R1, e.g., we find a bias of 15 bits.
π@cveNotify
Generating the ECDSA nonce k samples a random number r and then
truncates this randomness with a modular reduction mod n where n is the
order of the elliptic curve. Meaning k = r mod n. The division used
during the reduction estimates a factor q_e by dividing the upper two
digits (a digit having e.g. a size of 8 byte) of r by the upper digit of
n and then decrements q_e in a loop until it has the correct size.
Observing the number of times q_e is decremented through a control-flow
revealing side-channel reveals a bias in the most significant bits of
k. Depending on the curve this is either a negligible bias or a
significant bias large enough to reconstruct k with lattice reduction
methods. For SECP160R1, e.g., we find a bias of 15 bits.
π@cveNotify
GitHub
Release wolfSSL Release 5.7.2 (July 8, 2024) Β· wolfSSL/wolfssl
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
Vulnerabilities
[Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6...
Vulnerabilities
[Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6...
π¨ CVE-2024-42361
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.
π@cveNotify
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.
π@cveNotify
GitHub
hertzbeat/manager/src/main/java/org/dromara/hertzbeat/manager/controller/MonitorsController.java at 1f12ac9f2a1a3d86b1d476775e14174243b250a8β¦
An AI-powered next-generation open source real-time observability system. - apache/hertzbeat
π¨ CVE-2024-42362
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
π@cveNotify
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
π@cveNotify
GitHub
fix jmx custom url cause deserialization vulnerability (#1611) Β· apache/hertzbeat@79f5408
Signed-off-by: tomsun28 <tomsun28@outlook.com>
π¨ CVE-2024-23216
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.
π@cveNotify
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-03-07-2024-2 macOS Sonoma 14.4
π¨ CVE-2023-46427
An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.
π@cveNotify
An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.
π@cveNotify
GitHub
Null pointer deference in gf_dash_setup_period at media_tools/dash_client.c:6333 Β· Issue #2641 Β· gpac/gpac
Description Null pointer deference in gf_dash_setup_period at media_tools/dash_client.c:6333 Version git log commit 7edc40feef23efd8c9948292d269eae76fa475af (HEAD -> master, origin/master, origi...
π¨ CVE-2024-28339
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
π@cveNotify
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
π@cveNotify
GitHub
IoT-vuls/Netgear CBR40\CBK40\CBK43/Info Leak in Netgear-CBR40γCBK40γCBK43 RouterοΌdebuginfo.htmοΌ.md at main Β· funny-mud-peee/IoTβ¦
iot-vuls. Contribute to funny-mud-peee/IoT-vuls development by creating an account on GitHub.
π¨ CVE-2024-28669
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.
π@cveNotify
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php.
π@cveNotify
GitHub
cms/10.md at main Β· 777erp/cms
Contribute to 777erp/cms development by creating an account on GitHub.
π¨ CVE-2024-28682
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
π@cveNotify
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php.
π@cveNotify
GitHub
cms/13.md at main Β· 777erp/cms
Contribute to 777erp/cms development by creating an account on GitHub.
π¨ CVE-2024-28756
The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.
π@cveNotify
The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server.
π@cveNotify
Solaredge
SEDG-2024-1
Learn about SolarEdge's Security Advisory SEDG-2024-1, including identified vulnerabilities and updates.
π¨ CVE-2024-29271
Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.
π@cveNotify
Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.
π@cveNotify
GitHub
Fixed XSS vulnerability in save.php https://github.com/givanz/VvvebJs⦠· givanz/VvvebJs@c0c0545
β¦/issues/342 reported by https://github.com/Hebing123 updated Bootstrap to 5.3.3
π¨ CVE-2024-1962
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
π@cveNotify
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
π@cveNotify
WPScan
CM Download and File Manager < 2.9.1 - Download Edit via CSRF
See details on CM Download and File Manager < 2.9.1 - Download Edit via CSRF CVE 2024-1962. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-25354
RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function.
π@cveNotify
RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function.
π@cveNotify
Gist
Security issue in domain-suffix
Security issue in domain-suffix. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-35325
A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.
π@cveNotify
A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.
π@cveNotify
GitHub
pocs/libyaml/CVE-2024-35325.c at main Β· idhyt/pocs
vulnerabilities... Contribute to idhyt/pocs development by creating an account on GitHub.
π¨ CVE-2024-8088
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.
When iterating over names of entries in a zip archive (for example, methods
of "zipfile.Path" like "namelist()", "iterdir()", etc)
the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
π@cveNotify
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected.
When iterating over names of entries in a zip archive (for example, methods
of "zipfile.Path" like "namelist()", "iterdir()", etc)
the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
π@cveNotify
GitHub
[3.11] gh-122905: Sanitize names in zipfile.Path. (GH-122906) (#122925) Β· python/cpython@795f259
* gh-122905: Sanitize names in zipfile.Path. (#122906)
Ported from zipp 3.19.1; ref jaraco/zipp#119.
(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)
* [3.11] gh-122905...
Ported from zipp 3.19.1; ref jaraco/zipp#119.
(cherry picked from commit 9cd03263100ddb1657826cc4a71470786cab3932)
* [3.11] gh-122905...
π1