Design/Logic Flaw

An issue was discovered in Linksys Router E1700 1.0.04 build 3, allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/ URI or via the ExportSettings function...

Code injection

An issue was discovered in Linksys Router E1700 version 1.0.04 build 3, allows authenticated attackers to execute arbitrary code via the setDateTime function...

Information disclosure

An issue was discovered on Innovaphone PBX before 14r1 devices. It provides different responses to incoming requests in a way that reveals information to an attacker...

Cross site scripting

Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...

Code injection

An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300,...

Design/Logic Flaw

An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel...

Sql injection

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters...

Sql injection

SQL Injection vulnerability in the orderGoodsDelivery function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the orderid parameter...

Stack overflow

A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function...

Denial of service

Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with...

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script...

Design/Logic Flaw

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in extract32b, start, if the start index provided has for side effect to update b, the byte array to extract 32 bytes from, it could be that some dirty memory is read and returned by extract32. This...

Design/Logic Flaw

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...

Open redirect

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not in the allowed scope of that CNA's CVE ID assignments...

Race condition

An issue in the anchors subparser of Showdownjs versions = 2.1.0 could allow a remote attacker to cause denial of service conditions...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Null pointer dereference

OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarcpolicy.c...

Memory corruption

libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c...

Design/Logic Flaw

fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/customcalyptia/calyptia.c...

Design/Logic Flaw

Rejected reason: This CVE is a duplicate of CVE-2024-1631...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix bugs with non-PAGESIZE-end multi-iovec user SDMA requests hfi1 user SDMA request processing has two bugs that can cause data corruption for user SDMA requests that have multiple payload iovecs where an iovec other th...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hidsubmitctrl In hidsubmitctrl, the way of calculating the report length doesn't take into account that report-size can be zero. When running the syzkaller reproducer, a report of size 0 causes...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fstrylockop in f2fswritecompressedpages to avoid potential deadlock like we did in f2fswritesingledatapage...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipsov4maplvlvalid, the other in netlblbitmapwalk. Both errors are embarassingly simple, and the fixes are straightforward. As ...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the putdevice down a bit to avoid the use after free. wsa: added comment to the code, added Fixes tag...

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Sql injection

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component...

Design/Logic Flaw

An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component...

Design/Logic Flaw

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c...

Design/Logic Flaw

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...

Code injection

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...

Code injection

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63...

Design/Logic Flaw

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sysmembarrier On some systems, sysmembarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to preve...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before this change, the expected size of the user space buffer was taken from fxsw-xstatesize. fxsw-xstatesize can be changed from user-space, so it is possible...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep:...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: Revert "kobject: Remove redundant checks for whether ktype is NULL" This reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31. It is reported to cause problems, so revert it for now until the root cause can be found...

Code injection

Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protectio...

Design/Logic Flaw

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

Authentication flaw

langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In epoll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDERWRITEREAD without a read buffer...

Design/Logic Flaw

rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...

Input validation

pretix before 2024.1.1 mishandles file validation...

Code injection

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.02.03 and Assetwise Information Integrity Server 23.00.04.04...

Directory traversal

The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server...

Design/Logic Flaw

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

Server side request forgery (ssrf)

The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wcsfurlcheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement sendsrp, we may still attempt to call it. This can happen on an idle Ethernet gadget triggeri...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd "ext4: remove redundant mbregeneratebuddy" and reintroduces mbregeneratebuddy. Based on code in mbfreeblocks, fast commi...

Information disclosure

IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290...