National Cyber Warfare Foundation (NCWF)

Vulnerability Summary for the Week of September 16, 2024


0 user ratings
2024-09-23 14:49:11
milo
Blue Team (CND)

 - archive -- 

High Vulnerabilities













































































































































































































































































































































































































































































































































































































Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
CIRCUTOR--CIRCUTOR Q-SMT
 
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.2024-09-1810CVE-2024-8887
[email protected]
 
CIRCUTOR--CIRCUTOR Q-SMT
 
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.2024-09-1810CVE-2024-8888
[email protected]
 
dragonflyoss--Dragonfly2
 
Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to authentication bypass. An attacker can perform any action as a user with admin privileges. This issue has been addressed in release version 2.0.9. All users are advised to upgrade. There are no known workarounds for this vulnerability.2024-09-199.8CVE-2023-27584
[email protected]
[email protected]
 
apache -- seata
 
Deserialization of Untrusted Data vulnerability in Apache Seata.  When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue.2024-09-169.8CVE-2024-22399
[email protected]
 
n/a--n/a
 
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.2024-09-199.9CVE-2024-33109
[email protected]
[email protected]
 
OpenPLC--OpenPLC_v3
 
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.2024-09-189CVE-2024-34026
[email protected]
 
n/a--n/a
 
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.2024-09-189.8CVE-2024-35515
[email protected]
[email protected]
 
n/a--VMware vCenter Server
 
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.2024-09-179.8CVE-2024-38812
[email protected]
 
n/a--n/a
 
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.2024-09-199.8CVE-2024-40125
[email protected]
[email protected]
 
n/a--n/a
 
Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component2024-09-189.8CVE-2024-40568
[email protected]
 
FreeBSD--FreeBSD
 
An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution.2024-09-209.8CVE-2024-41721
[email protected]
 
highwarden--Super Store Finder
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.2024-09-179.3CVE-2024-43976
[email protected]
 
highwarden--Super Store Finder
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.2024-09-179.3CVE-2024-43978
[email protected]
 
WPTaskForce--WPCargo Track & Trace
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.2024-09-179.3CVE-2024-44004
[email protected]
 
n/a--n/a
 
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.2024-09-189.8CVE-2024-44542
[email protected]
 
traefik--traefik
 
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-09-199.8CVE-2024-45410
[email protected]
[email protected]
[email protected]
 
n/a--n/a
 
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.2024-09-169.8CVE-2024-45414
[email protected]
 
n/a--n/a
 
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.2024-09-169.8CVE-2024-45415
[email protected]
 
n/a--n/a
 
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context. NOTE: this is a no-action cloud vulnerability with zero affected users.2024-09-209.8CVE-2024-45489
[email protected]
[email protected]
[email protected]
 
Red Hat--Red Hat OpenShift Container Platform 4.12
 
A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.2024-09-179.9CVE-2024-45496
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
n/a--n/a
 
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP.2024-09-189.1CVE-2024-45523
[email protected]
 
dlink -- dir-x5460_firmware
 
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.2024-09-169.8CVE-2024-45694
[email protected]
[email protected]
 
dlink -- dir-x4860_firmware
 
The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.2024-09-169.8CVE-2024-45695
[email protected]
[email protected]
 
dlink -- dir-x4860_firmware
 
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.2024-09-169.8CVE-2024-45697
[email protected]
[email protected]
 
dlink -- dir-x4860_firmware
 
Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device.2024-09-169.8CVE-2024-45698
[email protected]
[email protected]
 
espressif--arduino-esp32
 
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts.2024-09-179.9CVE-2024-45798
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
n/a--n/a
 
Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.2024-09-189.8CVE-2024-46374
[email protected]
 
n/a--n/a
 
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php.2024-09-189.8CVE-2024-46375
[email protected]
 
n/a--n/a
 
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php.2024-09-189.8CVE-2024-46376
[email protected]
 
n/a--n/a
 
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.2024-09-189.8CVE-2024-46377
[email protected]
 
totolink -- t8_firmware
 
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.2024-09-169.8CVE-2024-46419
[email protected]
 
totolink -- t8_firmware
 
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.2024-09-169.8CVE-2024-46451
[email protected]
 
n/a--n/a
 
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).2024-09-199.8CVE-2024-46946
[email protected]
[email protected]
[email protected]
[email protected]
 
nextcloud -- desktop
 
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.2024-09-169.1CVE-2024-46958
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
sofastack--sofa-hessian
 
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. This issue is fixed by an update to the blacklist, users can upgrade to sofahessian version 3.5.5 to avoid this issue. Users unable to upgrade may maintain a blacklist themselves in the directory `external/serialize.blacklist`.2024-09-199.8CVE-2024-46983
[email protected]
 
owen2345--camaleon-cms
 
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-09-189.9CVE-2024-46986
[email protected]
[email protected]
[email protected]
[email protected]
 
sfs -- insuree_gl
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.2024-09-169.8CVE-2024-6401
[email protected]
[email protected]
 
sfs -- winsure
 
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.2024-09-169.8CVE-2024-7098
[email protected]
 
sfs -- winsure
 
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.2024-09-169.8CVE-2024-7104
[email protected]
 
Red Hat--Red Hat OpenShift Container Platform 4.12
 
A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the "Docker" strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container.2024-09-179.1CVE-2024-7387
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
jeremieglotin--Webo-facto
 
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.2024-09-209.8CVE-2024-8853
[email protected]
[email protected]
[email protected]
 
playsms -- playsms
 
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The project maintainer was informed early about the issue. Investigation shows that playSMS up to 1.4.3 contained a fix but later versions re-introduced the flaw. As long as the latest version of the playsms/tpl package is used, the software is not affected. Version >=1.4.4 shall fix this issue for sure.2024-09-169.8CVE-2024-8880
[email protected]
[email protected]
[email protected]
 
CIRCUTOR--CIRCUTOR TCP2RS+
 
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.2024-09-189.3CVE-2024-8889
[email protected]
 
PTZOptics--PT30X-SDI
 
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.2024-09-179.1CVE-2024-8956
[email protected]
[email protected]
 
ivanti -- endpoint_manager_cloud_services_appliance
 
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.2024-09-199.1CVE-2024-8963
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
 
best_online_news_portal_project -- best_online_news_portal
 
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.2024-09-199.8CVE-2024-9008
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Cellopoint--Secure Email Gateway
 
Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets to crash the process, thereby bypassing authentication and obtaining system administrator privileges.2024-09-209.8CVE-2024-9043
[email protected]
[email protected]
 
Mautic--Mautic
 
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic.2024-09-178.1CVE-2021-27916
[email protected]
 
Mautic--Mautic
 
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.2024-09-188.3CVE-2022-25776
[email protected]
 
n/a--n/a
 
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.2024-09-188.8CVE-2023-41610
[email protected]
 
n/a--n/a
 
Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.2024-09-188.8CVE-2023-41612
[email protected]
 
n/a--UEFI firmware for some Intel(R) reference processors
 
Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.2024-09-168.2CVE-2023-42772
[email protected]
 
n/a--n/a
 
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.2024-09-188.6CVE-2023-47105
[email protected]
[email protected]
 
n/a--n/a
 
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function.2024-09-208.4CVE-2023-47480
[email protected]
[email protected]
[email protected]
 
favethemes--Houzez Login Register
 
Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.2024-09-178.8CVE-2024-21743
[email protected]
 
favethemes--Houzez
 
Incorrect Privilege Assignment vulnerability in favethemes Houzez houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.2024-09-178.8CVE-2024-22303
[email protected]
 
Apple--macOS
 
A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.2024-09-178.1CVE-2024-27876
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
n/a--n/a
 
Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service.2024-09-188.2CVE-2024-34057
[email protected]
[email protected]
 
Microsoft--GroupMe
 
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.2024-09-178.8CVE-2024-38183
[email protected]
 
TAKENAKA ENGINEERING CO., LTD.--HDVR-400
 
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.2024-09-188.8CVE-2024-41929
[email protected]
[email protected]
 
Welcart Inc.--Welcart e-Commerce
 
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.2024-09-188.8CVE-2024-42404
[email protected]
[email protected]
 
Microsoft--Dynamics 365 Business Central Online
 
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.2024-09-178.1CVE-2024-43460
[email protected]
 
TAKENAKA ENGINEERING CO., LTD.--HDVR-400
 
OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.2024-09-188.8CVE-2024-43778
[email protected]
[email protected]
 
Apple--macOS
 
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.2024-09-178.4CVE-2024-44132
[email protected]
 
Apple--macOS
 
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.2024-09-178.1CVE-2024-44167
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
Apple--macOS
 
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.2024-09-178.1CVE-2024-44169
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
n/a--n/a
 
Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code.2024-09-188.8CVE-2024-44589
[email protected]
[email protected]
 
contao--contao
 
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.2024-09-178.3CVE-2024-45398
[email protected]
[email protected]
 
n/a--n/a
 
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RCE as root by exploiting this vulnerability.2024-09-168.1CVE-2024-45413
[email protected]
 
n/a--n/a
 
The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile without any validation if it is a valid session file or not. An attacker who is able to write a malicious file in the sessions directory can get RCE as root.2024-09-168.1CVE-2024-45416
[email protected]
 
Open Asset Import Library--Assimp
 
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.2024-09-188.4CVE-2024-45679
[email protected]
[email protected]
 
Millbeck Communications--Proroute H685t-w
 
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.2024-09-178.8CVE-2024-45682
[email protected]
 
dlink -- covr-x1870_firmware
 
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device.2024-09-168.8CVE-2024-45696
[email protected]
[email protected]
 
n/a--n/a
 
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction.2024-09-198.5CVE-2024-45752
[email protected]
[email protected]
 
n/a--n/a
 
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename2024-09-178.8CVE-2024-46085
[email protected]
 
n/a--n/a
 
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/1232024-09-188.8CVE-2024-46086
[email protected]
 
n/a--n/a
 
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory2024-09-178.8CVE-2024-46362
[email protected]
 
n/a--n/a
 
Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.2024-09-188.8CVE-2024-46373
[email protected]
 
n/a--n/a
 
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add2024-09-198CVE-2024-46394
[email protected]
 
gematik--app-referencevalidator
 
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to `XML External Entities` attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a `Server Side Request Forgery` attack. The vulnerability impacts applications which use referencevalidator to process XML resources from untrusted sources. The problem has been patched with the 2.5.1 version of the referencevalidator. Users are strongly recommended to update to this version or a more recent one. A pre-processing or manual analysis of input XML resources on existence of DTD definitions or external entities can mitigate the problem.2024-09-198.6CVE-2024-46984
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
 
zitadel--zitadel
 
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and resources. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised t upgrade. Users unable to upgrade may instead of deactivating the service account, consider creating new credentials and replacing the old ones wherever they are used. This effectively prevents the deactivated service account from being utilized. Be sure to revoke all existing authentication keys associated with the service account and to rotate the service account's password.2024-09-208.1CVE-2024-47000
[email protected]
 
TAKENAKA ENGINEERING CO., LTD.--HDVR-400
 
Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.2024-09-188.8CVE-2024-47001
[email protected]
[email protected]
 
udecode--plate
 
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the `attributes` property. These attributes are passed to the node component using the `nodeProps` prop. It has come to our attention that this feature can be used for malicious purposes, including cross-site scripting (XSS) and information exposure (specifically, users' IP addresses and whether or not they have opened a malicious document). Note that the risk of information exposure via attributes is only relevant to applications in which web requests to arbitrary URLs are not ordinarily allowed. Plate editors that allow users to embed images from arbitrary URLs, for example, already carry the risk of leaking users' IP addresses to third parties. All Plate editors using an affected version of @udecode/plate-core are vulnerable to these information exposure attacks via the style attribute and other attributes that can cause web requests to be sent. In addition, whether or not a Plate editor is vulnerable to cross-site scripting attacks using attributes depends on a number of factors. The most likely DOM attributes to be vulnerable are href and src on links and iframes respectively. Any component that spreads {...nodeProps} onto an or