Weekly Vulnerabilities Reports > December 4 to 10, 2023

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification.

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0.

The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6.

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0.

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x.

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755.

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR.

A vulnerability was found in Byzoro S210 up to 20231123.

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical.

A vulnerability was found in Byzoro S210 up to 20231121.

The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints.

The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands.

Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.

Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.

Jellyfin is a Free Software Media System for managing and streaming media.

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.

The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability.

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier.

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page.

This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed.

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction.

Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction.

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/save.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell.

Memory corruption while loading an ELF segment in TEE Kernel.

Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm.

In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check.

In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free.

The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.

The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload.

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.

Dell DM5500 contains a privilege escalation vulnerability in the appliance.

Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a).

HtmlUnit is a GUI-less browser for Java programs.

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype.

An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.

Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys.

A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847.

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847.

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847.

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847.

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847.

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847.

Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability.

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition.

An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1.

SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application.

IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code.

PyInstaller bundles a Python application and all its dependencies into a single package.

In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check.

there is a possible DCK won't be deleted after factory reset due to a logic error in the code.

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow.

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation.

Dell PowerEdge BIOS contains an improper privilege management security vulnerability.

Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability.

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access.

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access.

Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable.

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks.

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users.

An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device.

Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM.

Memory Corruption in camera while installing a fd for a particular DMA buffer.

Memory Corruption in Audio while invoking IOCTLs calls from the user-space.

Memory Corruption in SPS Application while exporting public key in sorter TA.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.

Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache.

Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

Memory corruption while using the UIM diag command to get the operators name.

Memory corruption in HLOS while invoking IOCTL calls from user-space.

Memory corruption while sending SMS from AP firmware.

Memory corruption in Kernel while parsing metadata.

Memory corruption in DSP Services during a remote call from HLOS to DSP.

Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.

Memory corruption in Audio while running invalid audio recording from ADSP.

Memory corruption in Core while processing RX intent request.

Memory corruption when processing cmd parameters while parsing vdev.

Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size.

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.

Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.

Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.

Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN.

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass.

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code.

In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free.

In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check.

In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption.

In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check.

In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check.

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag.

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation.

In multiple locations, there is a possible way to corrupt memory due to a double free.

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check.

In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy.

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check.

In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check.

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch.

In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto.

Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file.

EzViz Studio v2.2.0 is vulnerable to DLL hijacking.

Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a local non-privileged user to write a constant pattern to a limited amount of memory not allocated by the user space driver.This issue affects Midgard GPU Userspace Driver: from r0p0 through r32p0; Bifrost GPU Userspace Driver: from r0p0 through r44p0; Valhall GPU Userspace Driver: from r19p0 through r44p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r44p0.

In audio, there is a possible out of bounds write due to a missing bounds check.

In decoder, there is a possible out of bounds write due to an integer overflow.

In decoder, there is a possible out of bounds write due to a missing bounds check.

In ion service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In wifi service, there is a possible missing permission check.

In telecom service, there is a possible missing permission check.

In telecom service, there is a possible missing permission check.

In telocom service, there is a possible missing permission check.

In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check.

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check.

In telecom service, there is a possible missing permission check.

In telecom service, there is a possible missing permission check.

In power manager, there is a possible missing permission check.

In camera service, there is a possible missing permission check.

In telecom service, there is a possible missing permission check.

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22.

An issue was discovered in Zammad before 6.2.0.

JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.

OpenZeppelin Contracts is a library for smart contract development.

`nuxt-api-party` is an open source module to proxy API requests.

`nuxt-api-party` is an open source module to proxy API requests.

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client.

In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow.

In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check.

In multiple locations, there is a possible null dereference due to a missing null check.

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type.

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical.

A vulnerability was found in Tongda OA 2017 up to 11.9.

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical.

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service.

A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information.

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data.

An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles.

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles.

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles.

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles.

A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.

A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion.

A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion.

An issue was discovered in server.js in etcd-browser 87ae63d75260.

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3.

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction.

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module.

Vulnerability of data verification errors in the kernel module.

Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module.

Unauthorized access vulnerability in the card management module.

Unauthorized access vulnerability in the launcher module.

API permission control vulnerability in the network management module.

Free broadcast vulnerability in the running management module.

Vulnerability of unauthorized access to email attachments in the email module.

Permission management vulnerability in the multi-user module.

Unauthorized access vulnerability in the Huawei Share module.

Unauthorized access vulnerability in the card management module.

Permission verification vulnerability in distributed scenarios.

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time.

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev.

When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.

The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets.

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service.

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP.

Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability.

Transient DOS in Bluetooth Host while rfc slot allocation.

Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.

Transient DOS in Modem after RRC Setup message is received.

Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.

Transient DOS in Data modem while handling TLB control messages from the Network.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.

Transient DOS when processing a NULL buffer while parsing WLAN vdev.

Transient DOS in WLAN Firmware while processing a FTMR frame.

Transient DOS while parsing WPA IES, when it is passed with length more than expected size.

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission.

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

In HTBLogKM of htbserver.c, there is a possible information disclosure due to log information disclosure.

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions.

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

Traefik is an open source HTTP reverse proxy and load balancer.

SEMCMS 3.9 is vulnerable to SQL Injection.

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

In 5G Modem, there is a possible system crash due to improper error handling.

In 5G Modem, there is a possible system crash due to improper error handling.

In 5G Modem, there is a possible system crash due to improper error handling.

In 5G Modem, there is a possible system crash due to improper error handling.

In 5G Modem, there is a possible system crash due to improper error handling.

In 5G Modem, there is a possible system crash due to improper error handling.

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement.

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table.

In telephony service, there is a possible missing permission check.

In telephony service, there is a possible missing permission check.

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions.

Collabora Online is a collaborative online office suite based on LibreOffice technology.

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function.

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.

Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.

Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access.

The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance.

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to.

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel.

An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel.

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU.

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability.

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability.

Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility.

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm.

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key.

there is a possible way for the secure world to write to NS memory due to a logic error in the code.

there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code.

In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code.

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.

In vdec, there is a possible out of bounds write due to type confusion.

In cmdq, there is a possible out of bounds write due to type confusion.

In rpmb, there is a possible out of bounds write due to a missing bounds check.

In ril, there is a possible out of bounds write due to a missing bounds check.

In aee, there is a possible escalation of privilege due to a missing permission check.

In meta, there is a possible classic buffer overflow due to a missing bounds check.

In display, there is a possible classic buffer overflow due to a missing bounds check.

In display, there is a possible out of bounds read due to an incorrect bounds check.

In display, there is a possible out of bounds read due to an incorrect bounds check.

In display drm, there is a possible out of bounds read due to a missing bounds check.

In display drm, there is a possible out of bounds write due to an incorrect bounds check.

In display drm, there is a possible out of bounds write due to an incorrect bounds check.

In mmp, there is a possible memory corruption due to an incorrect bounds check.

In display drm, there is a possible out of bounds write due to a missing bounds check.

In display drm, there is a possible out of bounds write due to a missing bounds check.

In display drm, there is a possible out of bounds write due to a missing bounds check.

In display drm, there is a possible out of bounds read due to a missing bounds check.

In camera service, there is a possible use after free due to a logic error.

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family.

The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).

Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.

Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts.

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x.

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal.

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier.

Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0.

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.

EspoCRM is an Open Source CRM (Customer Relationship Management) software.

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original.

Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original.

Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original.

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation.

In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure.

XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes.

The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`

The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks

Traefik is an open source HTTP reverse proxy and load balancer.

Dell DM5500 contains a path traversal vulnerability in the appliance.

The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.

there is a possible use after free due to a race condition.

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access.

Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.

A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic.

A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic.

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.

Collabora Online is a collaborative online office suite based on LibreOffice technology.

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic.

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions.

A vulnerability was found in osCommerce 4.

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect.

Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters.

NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability.

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php.

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks.

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5.

A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php.

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo).

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4.

An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter.

A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests.

Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.

The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping.

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.

Vite is a website frontend framework.

The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

kkFileView v4.3.0 is vulnerable to Incorrect Access Control.

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below.

A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below.

An issue was discovered in Zammad before 6.2.0.

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm.

Traefik is an open source HTTP reverse proxy and load balancer.

sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.

An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c.

IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user.

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel.

Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity.

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel.

In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check.

In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code.

In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices.

Vulnerability of unauthorized file access in the Settings app.

Transient DOS in Automotive OS due to improper authentication to the secure IO calls.

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.

Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information.

PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data.

In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy.

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy.

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed.

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check.

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass.

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy.

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check.

In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy.

In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code.

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal.

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check.

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access.

Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance.

In wifi service, there is a possible out of bounds write due to a missing bounds check.

In wifi service, there is a possible out of bounds write due to a missing bounds check.

In wifi service, there is a possible out of bounds write due to a missing bounds check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check.

In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check.

In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check.

In telephony service, there is a possible missing permission check.

In dialer, there is a possible way to write permission usage records of an app due to a missing permission check.

In video service, there is a possible out of bounds read due to a incorrect bounds check.

In video service, there is a possible out of bounds read due to a missing bounds check.

In flv extractor, there is a possible missing verification incorrect input.

In camera service, there is a possible out of bounds read due to a missing bounds check.

In phasecheckserver, there is a possible out of bounds read due to a missing bounds check.

In IMS service, there is a possible way to write permission usage records of an app due to a missing permission check.

In telephony service, there is a possible missing permission check.

In telephony service, there is a possible missing permission check.

In telephony service, there is a possible missing permission check.

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check.

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check.

In sysui, there is a possible missing permission check.

In telecom service, there is a possible missing permission check.

In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check.

A vulnerability classified as problematic has been found in linkding 1.23.0.

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.

A potential vulnerability has been identified in Micro Focus ArcSight Management Center.

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar.

Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department.

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department.

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.

A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users.

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4).

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4).

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4).

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4).

NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user.

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session.

Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL.

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4.

Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24.

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action.

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.

Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature.

A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php.

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code.

Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability.

A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link.

Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server.

Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel.

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted.

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.

A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies.

Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability.

An issue was discovered in Zammad before 6.2.0.

An issue was discovered in Zammad before 6.2.0.

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.

A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1.

GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300.

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.

An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body.

A flaw was found in the Quarkus Cache Runtime.

Permission management vulnerability in the module for disabling Sound Booster.

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response.

msgraph-sdk-php is the Microsoft Graph Library for PHP.

microsoft-graph-core the Microsoft Graph Library for PHP.

The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion.

Improper usage of insecure protocol (i.e.

lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies.

Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously.

An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms.

In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check.

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check.

A vulnerability classified as problematic has been found in Typecho 1.2.1.

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang.

The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition.

The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.