๐จ CVE-2023-35677
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2023-35680
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2024-3652
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
๐@cveNotify
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
๐@cveNotify
๐จ CVE-2022-48669
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Fix potential memleak in papr_get_attr()
`buf` is allocated in papr_get_attr(), and krealloc() of `buf`
could fail. We need to free the original `buf` in the case of failure.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Fix potential memleak in papr_get_attr()
`buf` is allocated in papr_get_attr(), and krealloc() of `buf`
could fail. We need to free the original `buf` in the case of failure.
๐@cveNotify
๐จ CVE-2024-25676
An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.
๐@cveNotify
An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading.
๐@cveNotify
๐จ CVE-2024-24192
robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.
๐@cveNotify
robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.
๐@cveNotify
GitHub
heap buffer overflow ยท Issue #8 ยท robertdavidgraham/robdns
in line robdns/src/zonefile-insertion.c Line 161 in d76d2e6 memcpy(block->filename, parser->src.filename, sizeof(block->filename)); in some case the size of block->filename will surpass...
๐จ CVE-2024-24195
robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.
๐@cveNotify
robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c.
๐@cveNotify
GitHub
load of misaligned address ยท Issue #9 ยท robertdavidgraham/robdns
in line robdns/src/zonefile-insertion.c Line 35 in d76d2e6 line_number = *(unsigned*)(&buf[i]); unsigned int need a 4-byte aligned to be loaded, but the address of unsigned char is not 4-byte a...
๐จ CVE-2024-10276
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2024-37845
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.
๐@cveNotify
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.
๐@cveNotify
GitHub
Disclosures/CVE-2024-37845 RCE.pdf at main ยท herombey/Disclosures
Vulnerability Disclosures. Contribute to herombey/Disclosures development by creating an account on GitHub.
๐จ CVE-2024-37846
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
๐@cveNotify
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
๐@cveNotify
GitHub
Disclosures/CVE-2024-37846-CSTI.pdf at main ยท herombey/Disclosures
Vulnerability Disclosures. Contribute to herombey/Disclosures development by creating an account on GitHub.
๐จ CVE-2024-37847
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
๐@cveNotify
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
๐@cveNotify
GitHub
Disclosures/CVE-2024-37847 File Upload Path Traversal.pdf at main ยท herombey/Disclosures
Vulnerability Disclosures. Contribute to herombey/Disclosures development by creating an account on GitHub.
๐จ CVE-2024-48218
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
๐@cveNotify
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
๐@cveNotify
GitHub
Funadmin v5.0.2 has 1 SQL injection in the/curd/table/list path ยท Issue #21 ยท funadmin/funadmin
Vulnerability product: funadmin Vulnerability version: 5.0.2 Source code link: https://github.com/funadmin/funadmin/archive/refs/tags/v5.0.2.zip Vulnerability type: SQL injection Vulnerability deta...
๐จ CVE-2024-48222
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
๐@cveNotify
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
๐@cveNotify
GitHub
Funadmin v5.0.2 has 1 SQL injection in the/curd/table/edit path ยท Issue #22 ยท funadmin/funadmin
Vulnerability product: funadmin Vulnerability version: 5.0.2 Source code link: https://github.com/funadmin/funadmin/archive/refs/tags/v5.0.2.zip Vulnerability type: SQL injection Vulnerability deta...
๐จ CVE-2024-48223
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.
๐@cveNotify
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.
๐@cveNotify
GitHub
Funadmin v5.0.2 has 1 SQL injection in the/curd/table/fieldlist path ยท Issue #23 ยท funadmin/funadmin
Vulnerability product: funadmin Vulnerability version: 5.0.2 Source code link: https://github.com/funadmin/funadmin/archive/refs/tags/v5.0.2.zip Vulnerability type: SQL injection Vulnerability deta...
๐จ CVE-2024-48224
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
๐@cveNotify
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile.
๐@cveNotify
GitHub
Funadmin v5.0.2 has an arbitrary file read in the/curd/index/editfile path ยท Issue #24 ยท funadmin/funadmin
Vulnerability product: funadmin Vulnerability version: 5.0.2 Source code link: https://github.com/funadmin/funadmin/archive/refs/tags/v5.0.2.zip Vulnerability type: Read any file Vulnerability deta...
๐จ CVE-2024-48955
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another device, granting unauthorized access. This type of attack is commonly referred to as session hijacking.
๐@cveNotify
In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another device, granting unauthorized access. This type of attack is commonly referred to as session hijacking.
๐@cveNotify
GitHub
GitHub - BrotherOfJhonny/CVE-2024-48955_Overview: CVE-2024-48955_Overview
CVE-2024-48955_Overview. Contribute to BrotherOfJhonny/CVE-2024-48955_Overview development by creating an account on GitHub.
๐จ CVE-2024-24198
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.
๐@cveNotify
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.
๐@cveNotify
GitHub
member access within misaligned address ยท Issue #1629 ยท pymumu/smartdns
้ฎ้ข็ฐ่ฑก ็ฎ่ฆๆ่ฟฐ้ฎ้ขๅบ็ฐ็็ฐ่ฑก smartdns/src/util.c Line 143 in 54b4dcd struct sockaddr_storage *addr_store = (struct sockaddr_storage *)addr; sockaddr_storage* need a 8-byte aligned address, but sockaddr* addr i...
๐จ CVE-2024-3987
The WP Mobile Menu โ The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
The WP Mobile Menu โ The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
๐จ CVE-2023-21405
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network
Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes
the pacsiod process, causing a temporary unavailability of the door-controlling functionalities
meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted
as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.
๐@cveNotify
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network
Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes
the pacsiod process, causing a temporary unavailability of the door-controlling functionalities
meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted
as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.
๐@cveNotify
๐จ CVE-2023-21406
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when
communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which
is handling the OSDP communication allowing to write outside of the allocated buffer. By
appending invalid data to an OSDP message it was possible to write data beyond the heap
allocated buffer. The data written outside the buffer could be used to execute arbitrary code.
lease refer to the Axis security advisory for more information, mitigation and affected products and software versions.
๐@cveNotify
Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when
communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which
is handling the OSDP communication allowing to write outside of the allocated buffer. By
appending invalid data to an OSDP message it was possible to write data beyond the heap
allocated buffer. The data written outside the buffer could be used to execute arbitrary code.
lease refer to the Axis security advisory for more information, mitigation and affected products and software versions.
๐@cveNotify
๐จ CVE-2023-35983
This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.
๐@cveNotify
This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.
๐@cveNotify
Apple Support
About the security content of macOS Ventura 13.5
This document describes the security content of macOS Ventura 13.5.
๐1