Lucene search

K

1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Security Vulnerabilities

cvelist
cvelist

CVE-2024-0942 Totolink N200RE V5 cstecgi.cgi session expiration

A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is....

3.7CVSS

5AI Score

0.001EPSS

2024-01-26 07:31 PM
1
nvd
nvd

CVE-2024-0933

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may....

9.8CVSS

7.1AI Score

0.001EPSS

2024-01-26 05:15 PM
cve
cve

CVE-2024-0933

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may....

9.8CVSS

9.3AI Score

0.001EPSS

2024-01-26 05:15 PM
14
prion
prion

Out-of-bounds

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may....

9.8CVSS

7AI Score

0.001EPSS

2024-01-26 05:15 PM
8
cvelist
cvelist

CVE-2024-0933 Niushop B2B2C Upload.php unrestricted upload

A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may....

6.3CVSS

9.6AI Score

0.001EPSS

2024-01-26 05:00 PM
redhatcve
redhatcve

CVE-2024-23638

A flaw was found in Squid, resulting in a potential denial of service attack targeting Cache Manager error responses. This issue enables a trusted client to execute a denial of service by manipulating the generation of error pages for Client Manager reports. Mitigation Restrict entry to Cache...

6.5CVSS

7AI Score

0.009EPSS

2024-01-25 08:00 PM
22
aix
aix

AIX is vulnerable to a denial of service (CVE-2023-5678 CVE-2023-6129 CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL

IBM SECURITY ADVISORY First Issued: Thu Jan 25 14:11:09 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssl_advisory40.asc Security Bulletin: AIX is vulnerable to a denial of service (CVE-2023-5678, CVE-2023-6129,...

7.5CVSS

7.8AI Score

0.001EPSS

2024-01-25 02:11 PM
44
ics
ics

SystemK NVR 504/508/516

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: SystemK Equipment: NVR 504/508/516 Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

9.8CVSS

8.5AI Score

0.001EPSS

2024-01-25 12:00 PM
30
ics
ics

MachineSense FeverWarn

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MachineSense LLC. Equipment: MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command...

10CVSS

9AI Score

0.001EPSS

2024-01-25 12:00 PM
22
github
github

Any authenticated user may obtain private message details from other users on the same instance

Summary Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an.....

7.5CVSS

6.8AI Score

0.0005EPSS

2024-01-24 09:13 PM
7
osv
osv

Any authenticated user may obtain private message details from other users on the same instance

Summary Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an.....

7.5CVSS

6.9AI Score

0.0005EPSS

2024-01-24 09:13 PM
6
osv
osv

CVE-2024-23649

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

7.5CVSS

6.7AI Score

0.0005EPSS

2024-01-24 06:15 PM
3
cve
cve

CVE-2024-23649

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

7.5CVSS

6.4AI Score

0.0005EPSS

2024-01-24 06:15 PM
12
nvd
nvd

CVE-2024-23649

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

6.5CVSS

7.5AI Score

0.0005EPSS

2024-01-24 06:15 PM
prion
prion

Design/Logic Flaw

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

6.5CVSS

7AI Score

0.0005EPSS

2024-01-24 06:15 PM
6
cvelist
cvelist

CVE-2024-23649 Any authenticated user may obtain private message details from other users on the same instance

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

7.5CVSS

7.7AI Score

0.0005EPSS

2024-01-24 06:09 PM
hackerone
hackerone

Publitas: CORS Misconfiguration on █████

Summary: An cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of...

6.8AI Score

2024-01-24 01:17 PM
22
veracode
veracode

Expired Pointer Dereference

squid is vulnerable to Expired Pointer Dereference. The vulnerability is due to the usage of a pointer after dereference. An attacker can exploit this vulnerability to mount a Denial Of Service (DOS) attack against Cache Manager error responses when generating error pages for Client Manager...

6.5CVSS

6.7AI Score

0.009EPSS

2024-01-24 08:40 AM
8
nvd
nvd

CVE-2024-23638

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...

6.5CVSS

7.2AI Score

0.009EPSS

2024-01-24 12:15 AM
1
cve
cve

CVE-2024-23638

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...

6.5CVSS

6.7AI Score

0.009EPSS

2024-01-24 12:15 AM
56
osv
osv

CVE-2024-23638

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...

6.5CVSS

6.7AI Score

0.009EPSS

2024-01-24 12:15 AM
7
prion
prion

Design/Logic Flaw

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...

6.5CVSS

6.9AI Score

0.009EPSS

2024-01-24 12:15 AM
9
cvelist
cvelist

CVE-2024-23638 SQUID-2023:11 Denial of Service in Cache Manager

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client...

6.5CVSS

7.4AI Score

0.009EPSS

2024-01-23 11:23 PM
1
github
github

No permission checks for editing/deleting records with CSV import form

Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it.....

4.3CVSS

4.5AI Score

0.0004EPSS

2024-01-23 08:09 PM
3
osv
osv

No permission checks for editing/deleting records with CSV import form

Impact Users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using the CSV import form, provided they have create permissions. The likelyhood of a user having create permissions but not having edit or delete permissions is low, but it.....

4.3CVSS

4.5AI Score

0.0004EPSS

2024-01-23 08:09 PM
6
osv
osv

Denial of service in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4

Denial of service in github.com/go-git/go-git/v5 and...

7.5CVSS

7.1AI Score

0.0005EPSS

2024-01-23 06:00 PM
11
osv
osv

Path traversal and RCE in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4

Path traversal and RCE in github.com/go-git/go-git/v5 and...

9.8CVSS

7.2AI Score

0.002EPSS

2024-01-23 03:29 PM
16
github
github

Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter

Impact If a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the record's title can be accessed by that user. Base CVSS: 4.3 Reported by: Nick K - LittleMonkey, littlemonkey.co.nz References ...

4.3CVSS

4.5AI Score

0.0004EPSS

2024-01-23 12:49 PM
1
osv
osv

Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter

Impact If a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the record's title can be accessed by that user. Base CVSS: 4.3 Reported by: Nick K - LittleMonkey, littlemonkey.co.nz References ...

4.3CVSS

4.5AI Score

0.0004EPSS

2024-01-23 12:49 PM
9
osv
osv

View permissions are bypassed for paginated lists of ORM data

Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has....

5.3CVSS

5.2AI Score

0.0005EPSS

2024-01-23 12:49 PM
8
github
github

View permissions are bypassed for paginated lists of ORM data

Impact canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn’t paginated per se. This has....

5.3CVSS

5.2AI Score

0.0005EPSS

2024-01-23 12:49 PM
5
ics
ics

Lantronix XPort

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: XPort Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain credentials. 3. TECHNICAL DETAILS 3.1...

7.5CVSS

7.1AI Score

0.001EPSS

2024-01-23 12:00 PM
10
ics
ics

Voltronic Power ViewPower Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command...

9.8CVSS

8.9AI Score

0.001EPSS

2024-01-23 12:00 PM
10
ics
ics

APsystems Energy Communication Unit (ECU-C) Power Control Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable via adjacent network / low attack complexity Vendor: APsystems Equipment: Energy communication Unit (ECU-C) Power Control Software Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this...

8.8CVSS

8.9AI Score

0.001EPSS

2024-01-23 12:00 PM
9
ics
ics

Westermo Lynx 206-F2G

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: Lynx 206-F2G Vulnerabilities: Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of Sensitive Information, Cross-Site Request...

8.8CVSS

8.1AI Score

0.001EPSS

2024-01-23 12:00 PM
18
ics
ics

Crestron AM-300

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Crestron Equipment: AM-300 Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges to root-level access. 3....

8.4CVSS

8AI Score

0.0004EPSS

2024-01-23 12:00 PM
7
ics
ics

Orthanc Osimis DICOM Web Viewer

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Osimis Web Viewer Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

7.1CVSS

6.9AI Score

0.0005EPSS

2024-01-23 12:00 PM
23
jvn
jvn

JVN#34565930: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Improper input validation (CWE-20) - CVE-2024-23180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N| Base Score: 3.5 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base Score:...

8.8CVSS

7.1AI Score

0.001EPSS

2024-01-22 12:00 AM
21
nvidia
nvidia

Security Bulletin: NVIDIA BlueField 2 and 3 BMC - January 2024

NVIDIA has released a firmware update for NVIDIA BlueField DPU Baseboard Management Controller (BMC). To protect your system, download and install this firmware update from the NVIDIA DOCA Software Framework page. Go to NVIDIA Product Security. Details This section provides a summary of potential.....

7.2CVSS

7.7AI Score

0.001EPSS

2024-01-22 12:00 AM
12
osv
osv

Malicious code in cagov-template-v5 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (041aa485b2de4fd90575bf3656a8dee0ce0c0a4319b0919b62d35f6b98b090c6) The OpenSSF Package Analysis project identified 'cagov-template-v5' @ 19.2.0 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-01-21 09:40 PM
12
ics
ics

AVEVA PI Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Server Vulnerabilities: Improper Check or Handling of Exceptional Conditions, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful...

7.5CVSS

7.6AI Score

0.001EPSS

2024-01-18 12:00 PM
13
jvn
jvn

JVN#83655695: Multiple Dahua Technology products vulnerable to authentication bypass

Multiple products provided by Dahua Technology contain an authentication bypass vulnerability (CWE-287). ## Impact The product's identity verification may be bypassed if a remote attacker sends specially crafted data packets. ## Solution Update the software Update the software to the latest...

9.8CVSS

6.9AI Score

0.256EPSS

2024-01-18 12:00 AM
33
osv

9.3CVSS

6.8AI Score

0.001EPSS

2024-01-17 07:07 PM
9
cve
cve

CVE-2022-0402

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...

6.1CVSS

6.2AI Score

0.0005EPSS

2024-01-16 04:15 PM
19
osv
osv

CVE-2022-0402

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...

6.1CVSS

6.6AI Score

0.0005EPSS

2024-01-16 04:15 PM
9
nvd
nvd

CVE-2022-0402

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...

6.1CVSS

6.3AI Score

0.0005EPSS

2024-01-16 04:15 PM
prion
prion

Cross site scripting

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...

6.1CVSS

6.9AI Score

0.0005EPSS

2024-01-16 04:15 PM
5
cvelist
cvelist

CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting

The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also...

6.4AI Score

0.0005EPSS

2024-01-16 03:51 PM
nessus
nessus

Intel BIOS Firmware CVE-2022-26006 (INTEL-SA-00688)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...

8.2CVSS

7.4AI Score

0.0004EPSS

2024-01-16 12:00 AM
6
veracode
veracode

Denial Of Service

squid:buster is vulnerable to Denial Of Service. The vulnerability due to an Uncontrolled Recursion bug configured by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature. It allows a remote attacker to perform Denial of Service...

8.6CVSS

6.6AI Score

0.005EPSS

2024-01-13 04:03 PM
11
Total number of security vulnerabilities34923