Weekly Vulnerabilities Reports > January 1 to 7, 2024

A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216.

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216.

A vulnerability was found in SourceCodester Clinic Queuing System 1.0.

A SQL injection vulnerability has been reported to affect Video Station.

An OS command injection vulnerability has been reported to affect Video Station.

An OS command injection vulnerability has been reported to affect QcalAgent.

A SQL injection vulnerability has been reported to affect QuMagie.

An OS command injection vulnerability has been reported to affect QuMagie.

Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.

Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5.

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.

Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18.

Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18.

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.

Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc.

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6.

Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.

Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1.

Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0.

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.

Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31.

Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2.

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21.

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0.

Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L.

Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6.

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

SideQuest is a place to get virtual reality applications for Oculus Quest.

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML.

Craft is a content management system.

A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical.

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0.

reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID.

Unauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.

An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

A vulnerability was found in Uniway Router 2.0.

A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0.

A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0.

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality.

Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode.

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code.

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.

A vulnerability has been identified in syngo fastView (All versions).

A vulnerability has been identified in syngo fastView (All versions).

A vulnerability has been identified in syngo fastView (All versions).

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Apktool is a tool for reverse engineering Android APK files.

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI.

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI.

 In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value.

KernelSU is a Kernel-based root solution for Android devices.

Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.

Memory corruption in HLOS while running playready use-case.

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

Memory corruption in Audio during playback with speaker protection.

Memory corruption while receiving a message in Bus Socket Transport Server.

Memory corruption in wearables while processing data from AON.

Memory corruption while running VK synchronization with KASAN enabled.

Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.

Memory corruption when resource manager sends the host kernel a reply message with multiple fragments.

Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.

Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.

A vulnerability was found in Perl.

An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.

A vulnerability was found in Uniway Router up to 2.0.

A vulnerability was found in ACME Ultra Mini HTTPd 1.21.

A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic.

A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0.

D-Tale is a visualizer for Pandas data structures.

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37.

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.

encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability.

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above.

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.

Froxlor is open source server administration software.

Amazon Ion is a Java implementation of the Ion data notation.

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.

An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability.

PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability.

Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information.

An issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials.

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/9331

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0.

FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0.

Nullptr in paddle.dot in PaddlePaddle before 2.6.0.

FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0.

OOB access in paddle.mode in PaddlePaddle before 2.6.0.

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0.

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0.

FPE in paddle.topk in PaddlePaddle before 2.6.0.

FPE in paddle.lerp in PaddlePaddle before 2.6.0.

FPE in paddle.amin in PaddlePaddle before 2.6.0.

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0.

FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0.

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script.

HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability.

HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.

An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.

An issue was discovered in open5gs v2.6.6.

Rust EVM is an Ethereum Virtual Machine interpreter.

An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.

An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number.

Transient DOS in Data Modem during DTLS handshake.

Transient DOS in WLAN Firmware while parsing a BTM request.

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.

Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.

Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.

Transient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check.

In Modem IMS Stack, there is a possible system crash due to a missing bounds check.

In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check.

In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check.

In modem EMM, there is a possible system crash due to improper input validation.

STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus.

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur.

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.

The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.

The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java.

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.

An issue was discovered on GL.iNet devices through 4.5.0.

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel.

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices.

Information disclosure in Core services while processing a Diag command.

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel.

In keyInstall, there is a possible out of bounds write due to a missing bounds check.

In battery, there is a possible out of bounds write due to a missing bounds check.

In battery, there is a possible out of bounds write due to a missing bounds check.

In battery, there is a possible memory corruption due to a missing bounds check.

In Engineer Mode, there is a possible out of bounds write due to a missing bounds check.

In netdagent, there is a possible information disclosure due to an incorrect bounds check.

In display drm, there is a possible memory corruption due to a missing bounds check.

In bluetooth service, there is a possible out of bounds write due to improper input validation.

A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical.

A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical.

A vulnerability, which was classified as critical, has been found in Kashipara Food Management System up to 1.0.

A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0.

A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0.

A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0.

A vulnerability was found in Kashipara Food Management System up to 1.0.

A vulnerability was found in Kashipara Food Management System up to 1.0.

A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical.

A vulnerability was found in Kashipara Food Management System up to 1.0.

A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical.

A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0.

SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.

Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33.

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode.

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.

CubeFS is an open-source cloud-native file storage system.

Laf is a cloud development platform.

Vapor is an HTTP web framework for Swift.

Kruise provides automated management of large-scale applications on Kubernetes.

CubeFS is an open-source cloud-native file storage system.

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0.

HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability.

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0.

A vulnerability was found in Kashipara Food Management System up to 1.0.

A vulnerability was found in Kashipara Food Management System up to 1.0.

A vulnerability was found in Kashipara Food Management System up to 1.0.

Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx.

A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1.

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability.

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails.

Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function.

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability.

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability.

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability.

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).

The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping.

HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats.

PrestaShop is an open-source e-commerce platform.

PrestaShop is an open-source e-commerce platform.

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources.

A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7.

A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic.

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function.

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

FlyCms through abbaa5a allows XSS via the permission management feature.

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

CubeFS is an open-source cloud-native file storage system.

An issue was discovered in open5gs v2.6.6.

Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).

A flaw was found in the Red Hat Developer Hub (RHDH).

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes.

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.

The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c).

Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.

There is a possible information disclosure due to a missing permission check.

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.

Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.

In wlan driver, there is a possible PIN crack due to use of insufficiently random values.

A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0.

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2.

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping.

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: from n/a through 1.2.7.

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used.

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping.

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes.

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping.

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes.

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping.

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts.

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping.

HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability.

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0.

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic.

A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic.

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30.

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator – Automate everything with the #1 no-code automation and integration plugin: from n/a through 5.1.0.2.

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability.

HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability.

An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0.

A stack based buffer overflow was found in the virtio-net device of QEMU.

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g.

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

A vulnerability was found in Online Job Portal 1.0 and classified as problematic.

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping.

A flaw was found in libssh.

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0.

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0.

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0.

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Flarum is open source discussion platform software.

The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe.

A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic.

A vulnerability exists in the Relion update package signature validation.

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel.

In keyInstall, there is a possible information disclosure due to a missing bounds check.

In keyInstall, there is a possible information disclosure due to a missing bounds check.

In battery, there is a possible information disclosure due to a missing bounds check.

In battery, there is a possible information disclosure due to a missing bounds check.

In battery, there is a possible information disclosure due to an integer overflow.

The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6.

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5.

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13.

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.

HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.

HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability.

Mattermost fails to properly verify the permissions needed for viewing archived public channels,  allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.

Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names.

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.

Arm provides multiple helpers to clean & invalidate the cache for a given region.

Arm provides multiple helpers to clean & invalidate the cache for a given region.

Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information.

A use-after-free flaw was found in PackageKitd.

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.

A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.