๐จ CVE-2024-40934
In the Linux kernel, the following vulnerability has been resolved:
HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
Fix a memory leak on logi_dj_recv_send_report() error path.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
Fix a memory leak on logi_dj_recv_send_report() error path.
๐@cveNotify
๐จ CVE-2024-25212
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.
๐@cveNotify
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php.
๐@cveNotify
GitHub
CVEs/Employee Management System/Employee Managment System - SQL Injection - 4.md at main ยท BurakSevben/CVEs
Contribute to BurakSevben/CVEs development by creating an account on GitHub.
๐จ CVE-2022-23086
Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small.
Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.
๐@cveNotify
Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small.
Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.
๐@cveNotify
๐จ CVE-2024-25415
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
๐@cveNotify
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
๐@cveNotify
GitHub
GitHub - capture0x/Phoenix: CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated)
CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated) - GitHub - capture0x/Phoenix: CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated)
๐จ CVE-2024-23114
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.
Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
๐@cveNotify
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.
Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1
๐@cveNotify
Apache Camel
Apache Camel Security Advisory - CVE-2024-23114
The Camel-CassandraQL AggregationRepository is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.
๐จ CVE-2023-42873
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.
๐@cveNotify
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.
๐@cveNotify
Apple Support
About the security content of iOS 16.7.2 and iPadOS 16.7.2
This document describes the security content of iOS 16.7.2 and iPadOS 16.7.2.
๐จ CVE-2024-26491
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.
๐@cveNotify
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field.
๐@cveNotify
GitHub
cms/1.md at main ยท 2111715623/cms
Contribute to 2111715623/cms development by creating an account on GitHub.
๐จ CVE-2023-51835
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.
๐@cveNotify
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.
๐@cveNotify
Mah's Notion on Notion
TEW-822DRE | Notion
Vulnerability Description
๐จ CVE-2023-49543
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.
๐@cveNotify
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.
๐@cveNotify
GitHub
GitHub - geraldoalcantara/CVE-2023-49543: Book Store Management System v1.0 - Incorrect Access Control
Book Store Management System v1.0 - Incorrect Access Control - GitHub - geraldoalcantara/CVE-2023-49543: Book Store Management System v1.0 - Incorrect Access Control
๐จ CVE-2024-29435
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.
๐@cveNotify
An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter.
๐@cveNotify
Gist
CVE-2024-29435
CVE-2024-29435. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-25187
Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.
๐@cveNotify
Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.
๐@cveNotify
Gist
CVE-2024-25187
CVE-2024-25187. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-35344
Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.
๐@cveNotify
Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera.
๐@cveNotify
๐จ CVE-2024-42464
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
upKeeper Support
CVE-2024-42464 Leak of user Information
Severity: High
CVE ID: CVE-2024-42464
Details
This advisory address a vulnerability where users can access information about other users. Vulnerability reported and patched in the following upKeep...
CVE ID: CVE-2024-42464
Details
This advisory address a vulnerability where users can access information about other users. Vulnerability reported and patched in the following upKeep...
๐จ CVE-2024-42465
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
upKeeper Support
CVE-2024-42465 Lack of resources and rate limiting - two factor authentication
Severity: Critical
CVE ID: CVE-2024-42465
Details
This advisory address a vulnerability where users can make unlimited number of two factor authentication login attempts.
Applicability
Product ...
CVE ID: CVE-2024-42465
Details
This advisory address a vulnerability where users can make unlimited number of two factor authentication login attempts.
Applicability
Product ...
๐จ CVE-2024-42466
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.
๐@cveNotify
upKeeper Support
CVE-2024-42466 Lack of resources and rate limiting - login
Severity: Critical
CVE ID: CVE-2024-42466
Details
This advisory address a vulnerability where users can make unlimited number of login attempts (username and password).
Applicability
Product Na...
CVE ID: CVE-2024-42466
Details
This advisory address a vulnerability where users can make unlimited number of login attempts (username and password).
Applicability
Product Na...
๐จ CVE-2024-42913
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
๐@cveNotify
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
๐@cveNotify
GitHub
kkll5875 - Overview
kkll5875 has 14 repositories available. Follow their code on GitHub.
๐จ CVE-2024-42851
Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function.
๐@cveNotify
Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function.
๐@cveNotify
GitHub
fuzzing/exiftags at main ยท T1anyang/fuzzing
find of fuzzing. Contribute to T1anyang/fuzzing development by creating an account on GitHub.
๐จ CVE-2024-44761
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
๐@cveNotify
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
๐@cveNotify
GitHub
web_vul/EQ/EQEMS.md at main ยท WarmBrew/web_vul
Contribute to WarmBrew/web_vul development by creating an account on GitHub.
๐จ CVE-2024-34195
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
๐@cveNotify
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
๐@cveNotify
Gist
TOTOLINK-A3002R-V1.1.1-B20200824-Poc.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-42793
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
๐@cveNotify
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
๐@cveNotify
GitHub
CVE_Writeup/Kashipara/Music Management System v1.0/CSRF - Edit User.pdf at main ยท takekaramey/CVE_Writeup
Contribute to takekaramey/CVE_Writeup development by creating an account on GitHub.
๐จ CVE-2024-43805
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 have been patched to resolve this issue. Users are advised to upgrade. There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins can be disabled on deployments which cannot update in a timely fashion to minimise the risk. These are: 1. `@jupyterlab/mathjax-extension:plugin` - users will loose ability to preview mathematical equations. 2. `@jupyterlab/markdownviewer-extension:plugin` - users will loose ability to open Markdown previews. 3. `@jupyterlab/mathjax2-extension:plugin` (if installed with optional `jupyterlab-mathjax2` package) - an older version of the mathjax plugin for JupyterLab 4.x. To disable these extensions run: ```jupyter labextension disable @jupyterlab/markdownviewer-extension:plugin && jupyter labextension disable @jupyterlab/mathjax-extension:plugin && jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` in bash.
๐@cveNotify
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2 have been patched to resolve this issue. Users are advised to upgrade. There is no workaround for the underlying DOM Clobbering susceptibility. However, select plugins can be disabled on deployments which cannot update in a timely fashion to minimise the risk. These are: 1. `@jupyterlab/mathjax-extension:plugin` - users will loose ability to preview mathematical equations. 2. `@jupyterlab/markdownviewer-extension:plugin` - users will loose ability to open Markdown previews. 3. `@jupyterlab/mathjax2-extension:plugin` (if installed with optional `jupyterlab-mathjax2` package) - an older version of the mathjax plugin for JupyterLab 4.x. To disable these extensions run: ```jupyter labextension disable @jupyterlab/markdownviewer-extension:plugin && jupyter labextension disable @jupyterlab/mathjax-extension:plugin && jupyter labextension disable @jupyterlab/mathjax2-extension:plugin ``` in bash.
๐@cveNotify
GitHub
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
### Impact
The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.
A malicious user can access an...
The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.
A malicious user can access an...