CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

CVE-2024-47003

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

CVE-2024-47003

Mattermost is affected by CVE-2024-47003. The vulnerability affects Mattermost Server versions 9.11.x <= 9.11.0 and 9.5.x

CVE-2024-47003 DoS via non-string message using permalink embed

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

The FIPS Compliance of HKDF

HKDF is an HMAC-based key-derivation function specified in RFC 5869. It’s nice and we generally like using it. FIPS Federal Information Processing Standards is used generally as a moniker for the set of standards, recommendations, and guidance published by the U.S. National Institute of Standards...

CVE-2024-20475 Cisco SD-WAN vManage Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based...

Cisco SD-WAN vEdge Software UDP Packet Validation Denial of Service Vulnerability

A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An...

CVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it...

CVE-2024-8485 REST API TO MiniProgram <= 4.7.1 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it...

CVE-2024-38324

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system...

CVE-2024-23922 Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability

Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The...

CVE-2024-23922

Sony XAV-AX5500 is affected by CVE-2024-23922 due to insufficient validation of firmware update packages, enabling remote code execution when updates are processed. The flaw resides in the software update handling and can be exploited by physically present attackers without authentication. Public...

CVE-2024-23933

CVE-2024-23933 affects Sony XAV-AX5500 cars units via a CarPlay TLV stack-based buffer overflow. The root cause is insufficient validation of user-supplied data length before copying to a fixed-size stack buffer, enabling remote code execution when a physically present attacker exploits the proto...

CVE-2024-45348

Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code...

CVE-2024-45348 Xiaomi Router AX9000 has a post-authorization command injection vulnerability

Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code...

CVE-2024-45348 Xiaomi Router AX9000 has a post-authorization command injection vulnerability

Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code...

CVE-2024-45348

CVE-2024-45348 affects Xiaomi Router AX9000 (version 1.0.173 per PT-2024-31577). Root cause: post-authorization command injection due to lack of validation of user input. Impact: attacker can execute arbitrary code; described as a remote attack. Remediation: patch immediately (per PT-2024-31577) ...

FreeBSD : FreeBSD -- NFS client accepts file names containing path separators (c02b8db5-771b-11ef-9a62-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c02b8db5-771b-11ef-9a62-002590c1f29c advisory. When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames fo...

CVE-2024-45808

CVE-2024-45808 affects the Envoy proxy and stems from insufficient validation of the REQUESTED_SERVER_NAME in access loggers, enabling potential log content manipulation. Affected versions are 1.31.2, 1.30.6, 1.29.9, and 1.28.7; upgrade to the fixed releases to remediate. The connected sources co...

CVE-2024-45808 Malicious log injection via access logs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTEDSERVERNAME field for access logger...