Weekly Vulnerabilities Reports > May 6 to 12, 2024

Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.

BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability.

Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3.

Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16.

GLPI is a Free Asset and IT Management Software package.

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system.

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw.

In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation.

In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error.

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto.

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code.

In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check.

In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation.

In multiple locations, there is a possible bypass of health data permissions due to an improper input validation.

In multiple locations, there is a possible permissions bypass due to improper input validation.

In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed.

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code.

In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation.

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.

Memory corruption when multiple listeners are being registered with the same file descriptor.

Memory corruption when the bandpass filter order received from AHAL is not within the expected range.

Memory corruption while copying the sound model data from user to kernel buffer during sound model register.

Memory corruption while querying module parameters from Listen Sound model client in kernel from user space.

Memory corruption in HLOS while checking for the storage type.

Memory corruption while verifying the serialized header when the key pairs are generated.

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux.

Memory corruption when size of buffer from previous call is used without validation or re-initialization.

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.

Memory corruption when the IOCTL call is interrupted by a signal.

In wlan service, there is a possible out of bounds write due to improper input validation.

DHCP can add routes to a client’s routing table via the classless static route option (121).

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.

BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.

Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability.

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.

Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.

Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

In keyInstall, there is a possible out of bounds write due to a missing bounds check.

Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability.

BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability.

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow.

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

GLPI is a Free Asset and IT Management Software package.

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices.

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option.

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0.

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation.

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion.

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion.

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion.

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.

Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.

Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.

In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.

Information disclosure while parsing dts header atom in Video.

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than this expected size.

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34.

A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.0.

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10.

A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0.

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature.

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file.

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.3.

A vulnerability was found in SourceCodester Prison Management System 1.0.

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.

A vulnerability was found in DedeCMS 5.7.

A vulnerability classified as problematic has been found in DedeCMS 5.7.

A vulnerability classified as problematic was found in DedeCMS 5.7.

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.

A vulnerability has been found in DedeCMS 5.7 and classified as problematic.

A vulnerability was found in DedeCMS 5.7 and classified as problematic.

A vulnerability was found in DedeCMS 5.7.

A vulnerability was found in DedeCMS 5.7.

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.

Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.

Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.

Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission.

Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.