π¨ CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
π@cveNotify
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
π@cveNotify
π¨ CVE-2024-4708
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
π@cveNotify
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
π@cveNotify
π¨ CVE-2024-34685
Due to weak encoding of user-controlled input in
SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can
be executed in the application, potentially leading to a Cross-Site Scripting
(XSS) vulnerability. This has no impact on the availability of the application
but it has a low impact on its confidentiality and integrity.
π@cveNotify
Due to weak encoding of user-controlled input in
SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can
be executed in the application, potentially leading to a Cross-Site Scripting
(XSS) vulnerability. This has no impact on the availability of the application
but it has a low impact on its confidentiality and integrity.
π@cveNotify
π¨ CVE-2024-37173
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
π@cveNotify
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
π@cveNotify
π¨ CVE-2024-37174
Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled inputs resulting in Cross-Site
Scripting vulnerability. On successful exploitation an attacker can cause
limited impact on confidentiality and integrity of the application.
π@cveNotify
Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled inputs resulting in Cross-Site
Scripting vulnerability. On successful exploitation an attacker can cause
limited impact on confidentiality and integrity of the application.
π@cveNotify
π¨ CVE-2024-39592
Elements of PDCE does not perform necessary
authorization checks for an authenticated user, resulting in escalation of
privileges.
This
allows an attacker to read sensitive information causing high impact on the
confidentiality of the application.
π@cveNotify
Elements of PDCE does not perform necessary
authorization checks for an authenticated user, resulting in escalation of
privileges.
This
allows an attacker to read sensitive information causing high impact on the
confidentiality of the application.
π@cveNotify
π¨ CVE-2024-39593
SAP Landscape Management allows an authenticated
user to read confidential data disclosed by the REST Provider Definition
response. Successful exploitation can cause high impact on confidentiality of
the managed entities.
π@cveNotify
SAP Landscape Management allows an authenticated
user to read confidential data disclosed by the REST Provider Definition
response. Successful exploitation can cause high impact on confidentiality of
the managed entities.
π@cveNotify
π¨ CVE-2024-43920
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.
π@cveNotify
Patchstack
WordPress Gutenverse β Gutenberg Blocks β Page Builder for Site Editor plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerabilityβ¦
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-43921
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.
π@cveNotify
Patchstack
WordPress Generate Images β Magic Post Thumbnail plugin <= 5.2.9 - Cross Site Scripting (XSS) vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π1
π¨ CVE-2024-43947
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
π@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress WP Armour Extended Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-5866
Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.
π@cveNotify
Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.
π@cveNotify
GitHub
Advisories/K-Delinea-2023-002.md at master Β· klsecservices/Advisories
Contribute to klsecservices/Advisories development by creating an account on GitHub.
π1
π¨ CVE-2023-41993
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
π@cveNotify
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
π@cveNotify
security.gentoo.org
WebKitGTK+: Multiple Vulnerabilities (GLSA 202401-33) β Gentoo security
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution.
π¨ CVE-2023-39335
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
π@cveNotify
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
π@cveNotify
Ivanti
CVE-2023-39335 - Certificate creation authentication bypass in UPDATEPROFILE handler
A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM) β formerly MobileIron Core. We are reporting this vulnerability as CVE-2023-39335.
This vulnerability impacts all supported versions of the products β EPMM Versions 11.11, 11.10β¦
This vulnerability impacts all supported versions of the products β EPMM Versions 11.11, 11.10β¦
π¨ CVE-2023-39337
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.
π@cveNotify
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.
π@cveNotify
Ivanti
CVE-2023-39337 - MobileConfig profile download authentication bypass
<p>A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM) β formerly MobileIron Core. We are reporting this vulnerability as CVE-2023-39337.
This vulnerability impacts all supported versions of the products β EPMM Versions 11.11, 11.10β¦
This vulnerability impacts all supported versions of the products β EPMM Versions 11.11, 11.10β¦
π₯1
π¨ CVE-2023-43591
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
π@cveNotify
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
π@cveNotify
Zoom
Zoom Security Bulletins
View the latest Zoom Security Bulletins and make sure to update your Zoom app to the latest version in order to get the latest fixes and security improvements.
π¨ CVE-2023-48089
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
π@cveNotify
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
π@cveNotify
GitHub
Remote Code Execution in /xxl-job-admin/jobcode/save Β· Issue #3333 Β· xuxueli/xxl-job
Environment MySQL 5.7.44, XXL-Job-Admin 2.4.0 Virtual Machine 1: Ubuntu 22.04.3 (as XXL-Job-Admin) Virtual Machine 2: Ubuntu 22.04.3 (as XXL-Job-Executor) Vulnerability Information It was found tha...
π¨ CVE-2023-48011
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
π@cveNotify
GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.
π@cveNotify
GitHub
Fixed #2611 Β· gpac/gpac@c70f49d
GPAC Ultramedia OSS for Video Streaming & Next-Gen Multimedia Transcoding, Packaging & Delivery - Fixed #2611 Β· gpac/gpac@c70f49d
π¨ CVE-2023-48031
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.
π@cveNotify
OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation.
π@cveNotify
π¨ CVE-2023-48648
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.
π@cveNotify
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.
π@cveNotify
Concrete CMS Documentation
8.5.13 Release Notes
π¨ CVE-2023-48110
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
π@cveNotify
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
π@cveNotify
β€1