π¨ CVE-2024-38382
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
π@cveNotify
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
π@cveNotify
π¨ CVE-2024-38386
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
π@cveNotify
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
π@cveNotify
π¨ CVE-2024-39612
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
π@cveNotify
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
π@cveNotify
π¨ CVE-2024-39775
in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.
π@cveNotify
in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.
π@cveNotify
π¨ CVE-2024-7354
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
WPScan
Ninja Forms 3.8.6-3.8.10 - Reflected XSS
See details on Ninja Forms 3.8.6-3.8.10 - Reflected XSS CVE 2024-7354. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-7690
The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
WPScan
DN Popup <= 1.2.2 - Settings Update via CSRF
See details on DN Popup <= 1.2.2 - Settings Update via CSRF CVE 2024-7690. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-7691
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
π@cveNotify
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
π@cveNotify
WPScan
Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS
See details on Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS CVE 2024-7691. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-7692
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
π@cveNotify
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
π@cveNotify
WPScan
Flaming Forms <= 1.0.1 - Reflected XSS
See details on Flaming Forms <= 1.0.1 - Reflected XSS CVE 2024-7692. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-2763
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.
π@cveNotify
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.
π@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
π¨ CVE-2024-1847
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.
π@cveNotify
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.
π@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
π¨ CVE-2024-1848
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.
These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.
π@cveNotify
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024.
These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.
π@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
π¨ CVE-2024-23358
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
π@cveNotify
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem.
π@cveNotify
π¨ CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
π@cveNotify
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.
π@cveNotify
π¨ CVE-2024-23364
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
π@cveNotify
Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA).
π@cveNotify
π¨ CVE-2024-23365
Memory corruption while releasing shared resources in MinkSocket listener thread.
π@cveNotify
Memory corruption while releasing shared resources in MinkSocket listener thread.
π@cveNotify
π¨ CVE-2024-33016
memory corruption when an invalid firehose patch command is invoked.
π@cveNotify
memory corruption when an invalid firehose patch command is invoked.
π@cveNotify
π¨ CVE-2020-36830
A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.5.1 is able to address this issue. The identifier of the patch is e5a085afe6abfaea1d1a78f54c45af9ef43ca1f9. It is recommended to upgrade the affected component.
π@cveNotify
A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.5.1 is able to address this issue. The identifier of the patch is e5a085afe6abfaea1d1a78f54c45af9ef43ca1f9. It is recommended to upgrade the affected component.
π@cveNotify
GitHub
Security Fix for Regular Expression Denial of Service (ReDoS) - huntr⦠· nescalante/urlregex@e5a085a
β¦.dev (#8)
* Added two dangerous URLs to the fixtures array.
* WIP: ReDoS mitigation - Fixed catastrophic backtracking that was happening at the check for a basic auth sequence, i.e. http://use...
* Added two dangerous URLs to the fixtures array.
* WIP: ReDoS mitigation - Fixed catastrophic backtracking that was happening at the check for a basic auth sequence, i.e. http://use...
π¨ CVE-2023-7279
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular expression complexity. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 524b73ff7306707f6d3a4d1e86401479bca91b02. It is recommended to upgrade the affected component.
π@cveNotify
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular expression complexity. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 3.3.1 is able to address this issue. The name of the patch is 524b73ff7306707f6d3a4d1e86401479bca91b02. It is recommended to upgrade the affected component.
π@cveNotify
GitHub
sec: Prevent ReDoS during delegation validation Β· sse-secure-systems/connaisseur@524b73f
This commit fixes a regular expression denial of service vulnerability that was present during the schema validation of the targets.json TUF file in a Notary validation. An adversary with the abili...
π¨ CVE-2024-28100
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a list of experiments. Viewing this allows the malicious script to act on behalf of the visitor in any way, including the creation of API keys for persistence, or other options normally available to the user. If the user viewing the page has the sysadmin role in eLabFTW, the script can act as a sysadmin (including system configuration and extensive user management roles). Users are advised to upgrade to at least version 5.0.0. There are no known workarounds for this vulnerability.
π@cveNotify
eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a list of experiments. Viewing this allows the malicious script to act on behalf of the visitor in any way, including the creation of API keys for persistence, or other options normally available to the user. If the user viewing the page has the sysadmin role in eLabFTW, the script can act as a sysadmin (including system configuration and extensive user management roles). Users are advised to upgrade to at least version 5.0.0. There are no known workarounds for this vulnerability.
π@cveNotify
GitHub
Stored XSS leading to arbitrary actions taken on behalf of users
### Summary
By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application....
By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application....
π¨ CVE-2024-42471
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue.
π@cveNotify
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.7 or higher. There are no known workarounds for this issue.
π@cveNotify
GitHub
Use latest `unzip-stream` and `unzip.Extract` by bethanyj28 Β· Pull Request #1724 Β· actions/toolkit
This updates the unzip-stream dependency and goes back to using unzip.Extract over unzip.Parse.