๐จ CVE-2024-44100
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
๐@cveNotify
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
๐@cveNotify
๐จ CVE-2024-44101
there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2024-47012
In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2024-47020
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
๐@cveNotify
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.
๐@cveNotify
๐จ CVE-2024-47021
In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2024-47022
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
๐@cveNotify
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.
๐@cveNotify
๐จ CVE-2024-10380
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2024-10381
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device.
Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device.
๐@cveNotify
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device.
Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device.
๐@cveNotify
๐จ CVE-2024-49376
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist.
๐@cveNotify
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist.
๐@cveNotify
GitHub
Merge commit from fork ยท autolab/Autolab@301689a
* Added admin checks for erb and controller paths
* Removed unnecessary admin checks
* Removed newline
* Fixed some linting
* Fixed indentation
* Added more indentation
* Removed unnecessary admin checks
* Removed newline
* Fixed some linting
* Fixed indentation
* Added more indentation
๐จ CVE-2024-49378
smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the userโs tab. As of time of publication, no known patches exist.
๐@cveNotify
smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the userโs tab. As of time of publication, no known patches exist.
๐@cveNotify
GitHub
smartup/js/background.js at 2144ec161697751b1a6702f1af866726ea689e4e ยท zimocode/smartup
A customizable web browser mouse gestures extension with a variety of actions. - zimocode/smartup
๐จ CVE-2024-31002
Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.
๐@cveNotify
Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component.
๐@cveNotify
GitHub
Heap-buffer-overflow with ASAN in mp42aac ยท Issue #939 ยท axiomatic-systems/Bento4
Dear Bento4 developers, To debug a program built with ASan, here is some output ================================================================= ==3304149==ERROR: AddressSanitizer: heap-buffer-ove...
๐จ CVE-2024-27674
Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary.
๐@cveNotify
Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary.
๐@cveNotify
GitHub
GitHub - Alaatk/CVE-2024-27674: Macro Expert <= 4.9.4 - Insecure Permissions Privilege Escalation
Macro Expert <= 4.9.4 - Insecure Permissions Privilege Escalation - Alaatk/CVE-2024-27674
๐จ CVE-2024-26574
Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe
๐@cveNotify
Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe
๐@cveNotify
Wondershare
[Official] Wondershare Filmora: Edit Video as a Pro
Filmora is an all-in-one video editing software for desktop and mobile. Easily create professional videos with intuitive tools, AI-powered features, and creative effects.
๐จ CVE-2024-31815
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
๐@cveNotify
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
๐@cveNotify
GitHub
CVE-vulns/TOTOLINK/EX200/Leak_ExportSettings/Leak.md at main ยท 4hsienyang/CVE-vulns
CVE-vulns. Contribute to 4hsienyang/CVE-vulns development by creating an account on GitHub.
๐จ CVE-2024-23086
Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
๐@cveNotify
Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
๐@cveNotify
๐จ CVE-2024-22949
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
๐@cveNotify
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
๐@cveNotify
๐จ CVE-2023-34034
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.
๐@cveNotify
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.
๐@cveNotify
๐จ CVE-2023-26562
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
๐@cveNotify
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
๐@cveNotify
๐จ CVE-2024-46994
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.
๐@cveNotify
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue.
๐@cveNotify
ๅฝ็ฃใชใผใใณใฝใผในCMS baserCMS
2024/10/24 baserCMSใซXSSใใฏใใใจใใ่คๆฐใฎ่ๅผฑๆง
๐จ CVE-2024-46995
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.
๐@cveNotify
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.
๐@cveNotify
๐จ CVE-2024-46996
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.
๐@cveNotify
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.
๐@cveNotify
ๅฝ็ฃใชใผใใณใฝใผในCMS baserCMS
2024/10/24 baserCMSใซXSSใใฏใใใจใใ่คๆฐใฎ่ๅผฑๆง