๐จ CVE-2023-51972
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.
๐@cveNotify
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.
๐@cveNotify
rr's Notion on Notion
Tenda AX1803 Command Injection in fromAdvSetLanIp | Notion
Information
๐จ CVE-2023-51961
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.
๐@cveNotify
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.
๐@cveNotify
grove-laser-8ad on Notion
Tenda AX1803 Buffer Overflow in formGetIptv | Notion
Information
๐1
๐จ CVE-2023-51957
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.
๐@cveNotify
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.
๐@cveNotify
grove-laser-8ad on Notion
Tenda AX1803 Buffer Overflow in formGetIptv | Notion
Information
๐1
๐จ CVE-2024-38354
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.
๐@cveNotify
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4.
๐@cveNotify
GitHub
Cross-site Scripting in Hackmd.io Notes lead by HTML Injection
### Summary
The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-sit...
The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-sit...
๐จ CVE-2024-6750
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.
๐@cveNotify
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.
๐@cveNotify
CodeCanyon
Social Auto Poster - WordPress Scheduler & Marketing Plugin
Social Auto Poster โ the name itself indicates the functionality of the WordPress plugin, which is Social Media Auto Posting and Scheduling, that enhances your business online presence, audien...
๐จ CVE-2024-6751
The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.
๐@cveNotify
The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.
๐@cveNotify
CodeCanyon
Social Auto Poster - WordPress Scheduler & Marketing Plugin
Social Auto Poster โ the name itself indicates the functionality of the WordPress plugin, which is Social Media Auto Posting and Scheduling, that enhances your business online presence, audien...
๐จ CVE-2024-39345
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1.
๐@cveNotify
AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final octet. This allows network-adjacent attackers to derive the support user's SSH password by decrementing the final octet of the connected gateway address or via the BSSID. An attacker can then execute arbitrary OS commands with root-level privileges. NOTE: The vendor states that there is no intended functionality allowing an attacker to execute arbitrary OS Commands with root-level privileges. The vendor also states that this issue was fixed in SmartOS 12.5.5.1.
๐@cveNotify
GitHub
cve/AdTran/CVE-2024-39345 at main ยท actuator/cve
Public Cybersecurity Research & Advisories . Contribute to actuator/cve development by creating an account on GitHub.
๐จ CVE-2024-7970
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel update for Desktop
The Stable channel has been updated to 128.0.6613.119/.120 for Windows, Mac and 128.0.6613.119 for Linux which will roll out over the comin...
๐จ CVE-2024-8362
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel update for Desktop
The Stable channel has been updated to 128.0.6613.119/.120 for Windows, Mac and 128.0.6613.119 for Linux which will roll out over the comin...
๐จ CVE-2021-20123
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
๐@cveNotify
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
๐@cveNotify
Tenableยฎ
Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3
CVE-2021-20123 - Unauthenticated Local File Inclusion - DownloadFileServlet CVSSv3 Base Score: 7.5 CVSSv3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE: 22 A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file downloadโฆ
๐จ CVE-2021-20124
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
๐@cveNotify
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
๐@cveNotify
Tenableยฎ
Multiple Vulnerabilities in Draytek VigorConnect 1.60.0-B3
CVE-2021-20123 - Unauthenticated Local File Inclusion - DownloadFileServlet CVSSv3 Base Score: 7.5 CVSSv3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE: 22 A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file downloadโฆ
๐จ CVE-2022-0185
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
๐@cveNotify
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
๐@cveNotify
๐จ CVE-2024-7262
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
๐@cveNotify
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library.
The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
๐@cveNotify
WPS
20240422 | Latest Version Features | Free WPS Office
WPS Office updated on 20240422. You can download latest version and efficient work with full new features of WPS Photos: Newly Launched Photo Editing Tool for WPS Office, Documents Support File Explorer Preview for PC windows. Free upgrade now!
๐จ CVE-2024-41716
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.
๐@cveNotify
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.
๐@cveNotify
jvn.jp
JVN#08342147: WindLDR and WindO/I-NV4 store sensitive information in cleartext
Japan Vulnerability Notes
๐จ CVE-2024-41927
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
๐@cveNotify
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
๐@cveNotify
jvn.jp
JVNVU#96959731: Multiple vulnerabilities in IDEC products
Japan Vulnerability Notes
๐จ CVE-2023-52106
Vulnerability of permission verification for APIs in the DownloadProviderMain module.
Impact: Successful exploitation of this vulnerability will affect integrity and availability.
๐@cveNotify
Vulnerability of permission verification for APIs in the DownloadProviderMain module.
Impact: Successful exploitation of this vulnerability will affect integrity and availability.
๐@cveNotify
๐จ CVE-2024-42039
Access control vulnerability in the SystemUI module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Access control vulnerability in the SystemUI module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
๐จ CVE-2024-45441
Input verification vulnerability in the system service module
Impact: Successful exploitation of this vulnerability will affect availability.
๐@cveNotify
Input verification vulnerability in the system service module
Impact: Successful exploitation of this vulnerability will affect availability.
๐@cveNotify
๐จ CVE-2024-45442
Vulnerability of permission verification for APIs in the DownloadProviderMain module
Impact: Successful exploitation of this vulnerability will affect availability.
๐@cveNotify
Vulnerability of permission verification for APIs in the DownloadProviderMain module
Impact: Successful exploitation of this vulnerability will affect availability.
๐@cveNotify
๐จ CVE-2024-45450
Permission control vulnerability in the software update module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Permission control vulnerability in the software update module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
๐จ CVE-2024-39921
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
๐@cveNotify
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
๐@cveNotify
jvn.jp
JVN#29238389: IPCOM vulnerable to information disclosure
Japan Vulnerability Notes