Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Code injection

In QUIC in RFC 9000, the Latency Spin Bit specification section 17.4 does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. 2015...

Design/Logic Flaw

An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstallermsi.log file...

Sql injection

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

Default credentials

Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks t...

Design/Logic Flaw

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...

Design/Logic Flaw

kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the config.json file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious...

Design/Logic Flaw

MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround,...

Authentication flaw

An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL...

Heap overflow

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page...

Design/Logic Flaw

When ssl was enabled for Mongo Hook, default settings included "allowinsecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue...

Cross site scripting

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

Cross site scripting

Cross Site Scripting XSS vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files...

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the unused xattr space is always zeroed...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uioopen core-1 core-2 ------------------------------------------------------- uiounregisterdevice uioopen idev = idrfind deviceunregister&idev-dev putdevice&idev-dev uiodevicerelease getdevice&idev-dev...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used during the shrinker's callback, which means that using alloc-vma pointer isn't safe as it can race with munmap. As of commit dd2283f2605e "mm: mmap: zap...

Cross site scripting

MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking CSWSH vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the following computation in skbsegment can reach it quite easily : mss = ms...

Authentication flaw

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in EAP could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary...

Session fixation

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

Null pointer dereference

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handleverdef function at readelf.c...

Default configuration

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

Code injection

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...

Remote code execution

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file...

Design/Logic Flaw

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

Cross site scripting

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

Design/Logic Flaw

A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express Only Mesh Mode, Router mode is not affected...

Integer overflow

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in espdonodma in hw/scsi/esp.c because of an underflow of asynclen...

Cross site scripting

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks...

Cross site request forgery (csrf)

Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the...

Design/Logic Flaw

Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the deviseinvitable gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue creates vulnerable...

Cross site scripting

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2parsecontexts Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. This fixes following oops when accessing invalid create contexts from server: BUG: unabl...

Heap overflow

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Double free

A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch ab0ee111 and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Cross site scripting

An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Design/Logic Flaw

A use-after-free vulnerability exists in the sopenFAMOSread functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Integer overflow

An integer underflow vulnerability exists in the sopenFAMOSread functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a maliciou...

Cross site scripting

An out-of-bounds write vulnerability exists in the sopenFAMOSread functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Double free

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Privilege escalation

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

Buffer overflow

Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServerhandleGetNameListRequest function to the mmsgetnamelistservice component...

Integer overflow

An integer overflow vulnerability exists in the sopenFAMOSread functionality of The Biosig Project libbiosig 2.5.0 and Master Branch ab0ee111. A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious...

Privilege escalation

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

Design/Logic Flaw

Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges...

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users a...

Design/Logic Flaw

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component...

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22...