New_entries

CVE-2022-22399

description

IBM Aspera Faspex 5.0.0 and 5.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 222562.

中文

IBM Aspera Faspex 5.0.0和5.0.1易受HTTP标头注入的攻击,这是由于HOST标头对输入的验证不正确造成的。这可能允许攻击者对易受攻击的系统进行各种攻击,包括跨站点脚本、缓存中毒或会话劫持。IBM X-Force ID:222562。

cvss epss percentile
5.4 MEDIUM 0.04% 7.03%

references

CVE-2022-46088

description

Online Flight Booking Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the feedback form.

中文

在线航班预订管理系统v1.0通过反馈表被发现包含一个跨站点脚本(XSS)漏洞。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2022-48629

description

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rng_alg expects that the destination buffer is completely filled if the function returns 0. qcom_rng_read() can run into a situation where the buffer is partially filled with randomness and the remaining part of the buffer is zeroed since qcom_rng_generate() doesnt check the return value. This issue can be reproduced by running the following from libkcapi: kcapi-rng -b 9000000 > OUTFILE The generated OUTFILE will have three huge sections that contain all zeros, and this is caused by the code where the test val & PRNG_STATUS_DATA_AVAIL fails. Lets fix this issue by ensuring that qcom_rng_read() always returns with a full buffer if the function returns success. Lets also have qcom_rng_generate() return the correct value. Heres some statistics from the ent project (https://www.fourmilab.ch/random/) that shows information about the quality of the generated numbers: $ ent -c qcom-random-before Value Char Occurrences Fraction 0 606748 0.067416 1 33104 0.003678 2 33001 0.003667 … 253 � 32883 0.003654 254 � 33035 0.003671 255 � 33239 0.003693 Total: 9000000 1.000000 Entropy = 7.811590 bits per byte. Optimum compression would reduce the size of this 9000000 byte file by 2 percent. Chi square distribution for 9000000 samples is 9329962.81, and randomly would exceed this value less than 0.01 percent of the times. Arithmetic mean value of data bytes is 119.3731 (127.5 = random). Monte Carlo value for Pi is 3.197293333 (error 1.77 percent). Serial correlation coefficient is 0.159130 (totally uncorrelated = 0.0). Without this patch, the results of the chi-square test is 0.01%, and the numbers are certainly not random according to ents project page. The results improve with this patch: $ ent -c qcom-random-after Value Char Occurrences Fraction 0 35432 0.003937 1 35127 0.003903 2 35424 0.003936 … 253 � 35201 0.003911 254 � 34835 0.003871 255 � 35368 0.003930 Total: 9000000 1.000000 Entropy = 7.999979 bits per byte. Optimum compression would reduce the size of this 9000000 byte file by 0 percent. Chi square distribution for 9000000 samples is 258.77, and randomly would exceed this value 42.24 percent of the times. Arithmetic mean value of data bytes is 127.5006 (127.5 = random). Monte Carlo value for Pi is 3.141277333 (error 0.01 percent). Serial correlation coefficient is 0.000468 (totally uncorrelated = 0.0). This change was tested on a Nexus 5 phone (msm8974 SoC).

中文

在Linux内核中,已解决以下漏洞:crypto:qcom rng-确保generate的缓冲区已完全填充。如果函数返回0,struct rng_alg中的generate函数预计目标缓冲区已被完全填充。qcom_rng_read()可能会遇到这样的情况:缓冲区部分充满随机性,而缓冲区的剩余部分为零,因为qcom_rng _generate()不检查返回值。这个问题可以通过从libkcapi运行以下程序来重现:kcapi rng-b 9000000>OUTFILE生成的OUTFILE将有三个包含全零的巨大部分,这是由测试val&PRNG_STATUS_DATA_AVAIL失败的代码引起的。让我们通过确保如果函数返回成功,qcom_rng_read()总是返回一个满缓冲区来解决这个问题。让qcom_rng_generate()返回正确的值。以下是ent项目的一些统计数据(https://www.fourmilab.ch/random/)它显示了有关生成数字质量的信息:$ent-c qcom值字符出现前随机分数0 606748 0.067416 1 33104 0.003678 2 33001 0.003667。。。253 � 32883 0.003654 254 � 33035 0.003671 255 � 33239 0.003693总计:9000000 1.000000熵=7.811590位/字节。最佳压缩将使这个9000000字节的文件的大小减少2%。9000000个样本的卡方分布为9329962.81,随机超过该值的次数不到0.01%。数据字节的算术平均值为119.3731(127.5=随机)。Pi的蒙特卡罗值为3.197293333(误差1.77%)。序列相关系数为0.159130(完全不相关=0.0)。如果没有这个补丁,卡方测试的结果是0.01%,根据ents项目页面,这些数字肯定不是随机的。结果改进了这个补丁:$ent-c qcom随机后值字符出现分数0 35432 0.00937 1 35127 0.003903 2 35424 0.00936。。。253 � 35201 0.003911 254 � 34835 0.003871 255 � 35368 0.003930总计:9000000 1.000000熵=7.999979位/字节。最佳压缩将使这个9000000字节的文件的大小减少0%。90万个样本的卡方分布为258.77,随机超过该值42.24%的次数。数据字节的算术平均值为127.5006(127.5=随机)。Pi的蒙特卡罗值为3.141277333(误差0.01%)。序列相关系数为0.000468(完全不相关=0.0)。这一变化在Nexus 5手机(msm8974 SoC)上进行了测试。

cvss epss percentile
None 0.04% 8.27%

references

CVE-2022-48630

description

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ The commit referenced in the Fixes tag removed the break from the else branch in qcom_rng_read(), causing an infinite loop whenever max is not a multiple of WORD_SZ. This can be reproduced e.g. by running: kcapi-rng -b 67 >/dev/null There are many ways to fix this without adding back the break, but they all seem more awkward than simply adding it back, so do just that. Tested on a machine with Qualcomm Amberwing processor.

中文

在Linux内核中,已解决以下漏洞:crypto:qcom rng-fix对不是WORD_SZ倍数的请求执行无限循环Fixes标记中引用的commit删除了qcom_rng_read()中else分支的break,每当max不是WORD_SZ的倍数时,就会导致无限循环。这可以通过运行:kcapi rng-b 67>/dev/null来复制。有很多方法可以在不添加中断的情况下修复此问题,但它们似乎都比简单地添加中断更尴尬,所以就这么做吧。在搭载高通Amberwing处理器的机器上进行测试。

cvss epss percentile
None 0.04% 8.27%

references

CVE-2023-25681

description

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID: 247033.

中文

IBM Spectrum Virtualize 8.5上配置为需要多因素身份验证的LDAP用户仍然可以仅使用用户名和密码对CIM接口进行身份验证。这不会影响配置了MFA的本地用户或通过单点登录进行身份验证的远程用户。IBM X-Force ID:247033。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2023-26282

description

IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415.

中文

IBM Watson CP4D数据存储4.6.0到4.6.3可以允许具有物理访问权限和系统特定知识的用户修改系统上的文件或数据。IBM X-Force ID:248415。

cvss epss percentile
4.2 MEDIUM 0.04% 7.03%

references

CVE-2023-35899

description

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354.

中文

IBM Cloud Pak for Automation 18.0.0、18.0.1、18.0.2、19.0.1、19.0.2、19.0.3、20.0.1、20.0.2、20.0.3、21.0.1、21.0.2、21.0.3、22.0.1和22.0.2可能容易受到CSV注入的攻击。由于csv文件内容验证不正确,远程攻击者可以在系统上执行任意命令。IBM X-Force ID:259354。

cvss epss percentile
None 0.04% 7.03%

CVE-2023-38944

description

An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header.

中文

多层RE160V固件v12.03.01.09_pt和多层RE163V固件v12.003.01.10_pt中的一个问题使攻击者能够绕过访问控制,通过修改HTTP标头获得对应用程序的完全访问权限。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2023-42419

description

Maintenance Server, in Cybellums QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the server. The issue was resolved in version 2.28. Earlier versions, including all Cybellum 1.x versions, and distributions for the rest of the world remain unaffected.

中文

维护服务器,在Cybellums QCOW气隙分发(中国版)2.15.5至2.27版本中,使用硬编码的私钥进行编译。具有管理权限和访问空气间隙服务器的攻击者可能会使用此密钥在服务器上运行命令。该问题已在2.28版本中得到解决。早期版本,包括所有Cybellum1.x版本,以及世界其他地区的发行版都不受影响。

cvss epss percentile
3.8 LOW 0.04% 7.03%

references

CVE-2023-43318

description

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the tid and usrlvl values in GET requests.

中文

TP Link JetStream智能交换机TL-SG2210P 5.0 Build 20211201允许攻击者通过修改GET请求中的tid和usrlvl值来升级权限。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2023-45289

description

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as “Authorization” or “Cookie”. For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.

中文

当遵循HTTP重定向到与初始域(HTTP)的子域不匹配或完全匹配的域时。客户端不转发诸如“授权”或“Cookie”之类的敏感标头。例如,从foo.com重定向到www.foo.com会转发Authorization头,但重定向到bar.com则不会。恶意编制的HTTP重定向可能会导致敏感标头被意外转发。

cvss epss percentile
None 0.04% 12.50%

references

CVE-2023-45290

description

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.

中文

解析多部分表单时(显式使用Request.ParseMultipartForm,或隐式使用Request.FormValue、Request.PostFormValue或Request.FormFile),解析表单的总大小限制不会应用于读取单个表单行时消耗的内存。这允许恶意编制的包含超长行的输入导致任意大量内存的分配,从而可能导致内存耗尽。经过修复,ParseMultipatForm函数现在正确地限制了表单行的最大大小。

cvss epss percentile
None 0.04% 12.50%

references

CVE-2023-45591

description

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (root), or have other unspecified impacts on the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

CWE-122“基于堆的缓冲区溢出”“中的漏洞;logger_generic”“的功能;Ax_rtu”二进制文件允许经过远程身份验证的攻击者在二进制文件的上下文中触发内存损坏。这可能会导致拒绝服务(DoS)情况,可能会导致以进程(根)的相同权限执行任意代码,或者对设备产生其他未指定的影响。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
7.5 HIGH 0.04% 7.03%

references

CVE-2023-45592

description

A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “–no-sandbox” option and with root privileges) exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

CWE-250“使用不必要的权限执行”嵌入式Chromium浏览器中的漏洞(由于使用“–no sandbox”选项和root权限执行二进制文件)加剧了针对浏览器执行的成功攻击的影响。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
6.8 MEDIUM 0.04% 7.03%

references

CVE-2023-45593

description

A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

一个CWE-693“保护机制故障”嵌入式Chromium浏览器中的漏洞(涉及除“http://localhost” http://localhost” ) 允许物理攻击者读取文件系统上的任意文件,更改嵌入式浏览器的配置,并对设备的机密性、完整性和可用性产生其他未指明的影响。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
6.8 MEDIUM 0.04% 7.03%

references

CVE-2023-45594

description

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

一个CWE-552“可供外部访问的文件或目录”嵌入式Chromium浏览器中的漏洞允许物理攻击者任意将文件下载到文件系统/从文件系统上传文件,对设备的机密性、完整性和可用性产生未指明的影响。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
6.8 MEDIUM 0.04% 7.03%

references

CVE-2023-45595

description

A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

CWE-434“无限制上传危险类型的文件”“中的漏洞;文件配置”web应用程序的功能允许经过远程身份验证的攻击者将任意类型的文件上传到设备中。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
5.9 MEDIUM 0.04% 7.03%

references

CVE-2023-45596

description

A CWE-862 “Missing Authorization” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

一个CWE-862“缺少授权”“中的漏洞;文件配置”web应用程序的功能允许未经身份验证的远程攻击者访问机密配置文件。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2023-45597

description

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

一个CWE-1236“CSV文件中配方元素的不当中和”“中的漏洞;文件配置”web应用程序的功能(涉及函数“export_file”)允许经过远程身份验证的攻击者在生成的CSV文件中注入任意公式。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
5.9 MEDIUM 0.04% 7.03%

references

CVE-2023-45598

description

A CWE-862 “Missing Authorization” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

一个CWE-862“缺少授权”“中的漏洞;测量”web应用程序的功能允许未经身份验证的远程攻击者访问机密度量信息。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2023-45599

description

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

CWE-646“依赖文件名或外部提供文件的扩展名”“中的漏洞;iec61850”web应用程序的功能允许经过远程身份验证的攻击者将任意类型的文件上传到设备中。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
5.5 MEDIUM 0.04% 7.03%

references

CVE-2023-45600

description

A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

一个CWE-613“会话到期不足”web应用程序中的漏洞,由于会话cookie“sessionid”持续两周,为针对受害者的会话劫持攻击提供便利。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
5.6 MEDIUM 0.04% 7.03%

references

CVE-2023-48644

description

An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.

中文

在适用于iOS的Archibus应用程序4.0.3中发现了一个问题。通过描述字段,维护模块的创建工作请求功能中存在XSS漏洞。这使攻击者能够代表用户执行操作、泄露数据等。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2023-52432

description

Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.

中文

SMR Sep-2023 Release 1之前的libsec ril中IpcTxSndSetLoopbackCtrl中的输入验证不正确,使本地攻击者能够写入越界内存。

cvss epss percentile
5.9 MEDIUM 0.04% 7.03%

references

CVE-2023-5456

description

A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

一个CWE-798“使用硬编码凭据”web应用程序的MariaDB数据库中存在漏洞,使未经身份验证的远程攻击者能够使用与web应用程序相同的权限访问数据库服务和所有包含的数据。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
8.1 HIGH 0.04% 7.03%

references

CVE-2023-5457

description

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

中文

一个CWE-1269“以非发布配置发布的产品”web应用程序使用的Django web框架中存在漏洞(由于“debug”配置参数设置为&#8220,True&#8221),使未经身份验证的远程攻击者能够访问关键信息,并对应用程序的机密性、完整性和可用性产生其他未指明的影响。此问题影响:低于imx6_1.0.7-2版本的AiLux imx6捆绑包。

cvss epss percentile
7.5 HIGH 0.04% 7.03%

references

CVE-2023-7103

description

Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024.

中文

ZKSoftware生物识别安全解决方案UFace 5中的主要弱点身份验证绕过漏洞允许身份验证绕过。此问题影响UFace 5:到12022024。

cvss epss percentile
9.8 CRITICAL 0.09% 37.54%

references

CVE-2024-0698

description

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

中文

轻松!WordPress的约会插件在1.3.1之前(包括1.3.1)的所有版本中都容易通过插件快捷代码受到存储的跨站点脚本攻击,这是由于用户提供的属性的输入净化和输出转义不足。这使得具有贡献者级别及以上权限的经过身份验证的攻击者有可能在页面中注入任意web脚本,这些脚本将在用户访问注入的页面时执行。

cvss epss percentile
6.4 MEDIUM 0.04% 7.03%

references

CVE-2024-0825

description

The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

中文

Vimeography:用于WordPress的Vimeo视频库WordPress插件插件在2.3.2之前的所有版本(包括2.3.2)中都容易受到PHP对象注入的攻击,通过在duplicateGallery函数中序列化的Vimeography_dupplicategallery_serialized对不受信任的输入进行反序列化。这使得经过身份验证的攻击者(具有贡献者访问权限或更高权限)有可能注入PHP对象。易受攻击的插件中不存在POP链。如果POP链通过目标系统上安装的附加插件或主题存在,则攻击者可以删除任意文件、检索敏感数据或执行代码。

cvss epss percentile
8.8 HIGH 0.04% 7.03%

references

CVE-2024-1088

description

The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content.

中文

WordPress的WooCommerce密码保护商店插件在1.9之前的所有版本(包括1.9版本)中都容易通过REST API受到敏感信息暴露的影响。这使得未经身份验证的攻击者有可能提取包括帖子标题和内容在内的敏感数据。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2024-1093

description

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit.

中文

WordPress的更改内存限制插件很容易受到未经授权的数据修改,因为在1.0之前(包括1.0)的所有版本中,通过admin_init连接的admin_logic()函数缺少功能检查。这使得未经身份验证的攻击者有可能更新内存限制。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2024-1095

description

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugins settings.

中文

构建和控制块模式–WordPress的Boost up Gutenberg Editor插件很容易受到未经授权的数据访问,因为在1.3.5.4之前(包括1.3.5.4)的所有版本中,对settings_export()函数缺少功能检查。这使得未经身份验证的攻击者有可能导出插件设置。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2024-1178

description

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs

中文

SportsPress;WordPress的Sports Club&League Manager插件很容易受到未经授权的数据修改,因为在2.7.17之前(包括2.7.17)的所有版本中,对settings_save()函数缺少功能检查。这使得未经身份验证的攻击者有可能更新俱乐部的永久链接结构

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2024-1202

description

Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that the product is not supported.

中文

XPodas Octopod中的主要弱点绕过身份验证漏洞允许绕过身份验证。此问题影响Octopod:v1之前的版本。注:已联系供应商,了解到该产品不受支持。

cvss epss percentile
None 0.04% 7.03%

CVE-2024-1285

description

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gambit_builder_save_content function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts.

中文

页面生成器三明治–WordPress的前端WordPress页面生成器插件插件很容易受到未经授权的数据修改,因为在5.1.0之前(包括5.1.0)的所有版本中,对gambit_Builder_save_content函数缺少功能检查。这使得经过身份验证的攻击者(具有订阅者访问权限及以上权限)有可能在现有帖子中插入任意内容。

cvss epss percentile
6.5 MEDIUM 0.04% 7.03%

references

CVE-2024-1356

description

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

中文

ArubaOS命令行接口中存在经过身份验证的命令注入漏洞。成功利用这些漏洞会导致作为特权用户在底层操作系统上执行任意命令。

cvss epss percentile
7.2 HIGH 0.04% 7.03%

references

CVE-2024-1381

description

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or configuration data.

中文

页面生成器三明治–WordPress的前端WordPress页面生成器插件插件在5.1.0之前(包括5.1.0)的所有版本中都容易受到敏感信息暴露的攻击。这使得经过身份验证的攻击者(具有订户访问权限及更高权限)有可能提取敏感的用户或配置数据。

cvss epss percentile
6.5 MEDIUM 0.04% 7.03%

references

CVE-2024-1478

description

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin.

中文

WordPress的维护模式插件在2.5.0之前(包括2.5.0)的所有版本中都容易通过REST API受到敏感信息暴露的影响。这使得未经验证的攻击者有可能通过API获取帖子和页面内容,从而绕过插件提供的内容保护。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2024-1731

description

The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post meta option. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

中文

WordPress的自动刷新单页插件在1.1之前(包括1.1)的所有版本中都容易受到PHP对象注入的攻击,因为它通过反序列化来自arsp_optionspost-meta选项的不受信任的输入。这使得具有贡献者级别及以上访问权限的经过身份验证的攻击者有可能注入PHP对象。易受攻击的插件中不存在已知的POP链。如果POP链通过目标系统上安装的附加插件或主题存在,则攻击者可以删除任意文件、检索敏感数据或执行代码。

cvss epss percentile
8.8 HIGH 0.04% 7.03%

references

CVE-2024-1764

description

Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances

中文

Devolutions Server 2023.3.14.0及更早版本中的实时(JIT)提升模块中的权限管理不当,允许用户在特定情况下即使在过期后仍继续使用提升的权限

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-1769

description

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source.

中文

WordPress的JM推特卡插件在所有版本中都容易受到信息暴露的影响,直到12,包括12,通过元描述数据。这使得未经身份验证的攻击者在查看页面源时可以查看受密码保护的帖子内容。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2024-1782

description

The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the bt_webid parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

中文

WordPress的Blue Triad EZAnalytics插件在1.0之前(包括1.0)的所有版本中都容易通过bt_webid参数受到反映的跨站点脚本攻击,原因是输入净化和输出转义不足。这使得未经身份验证的攻击者有可能在执行的页面中注入任意web脚本,如果他们能够成功地诱骗用户执行诸如单击链接之类的操作。

cvss epss percentile
6.1 MEDIUM 0.04% 7.03%

references

CVE-2024-1898

description

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator.

中文

Devolutions Server 2023.3.14.0及更早版本中通知功能的访问控制不当,允许低特权用户更改管理员配置的通知设置。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-1900

description

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The user will stay authenticated until the Devolutions Server token expiration.

中文

Devolutions Server 2023.3.14.0及更早版本中的身份提供程序身份验证流中的会话管理不当,允许通过身份提供程序进行身份验证的用户在身份提供程序(如Okta或Microsoft O365)中禁用或删除其用户后保持身份验证。用户将保持身份验证,直到Devolutions Server令牌到期。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-1901

description

Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable.

中文

在Devolutions Server 2023.3.14.0中的签入过程中,PAM密码轮换中的拒绝服务允许具有特定PAM权限的经过身份验证的用户使PAM凭据不可用。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-2005

description

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal.

中文

在截至22.12的Blue Planet®产品中,SAML实施中的错误配置允许权限升级。只有使用SAML身份验证的产品才会受到影响。Blue Planet®已发布软件更新,以解决受影响产品的此漏洞。建议客户尽快将他们的Blue Planet产品升级到最新的软件版本。软件更新可从Ciena支持门户下载。

cvss epss percentile
9.0 CRITICAL 0.04% 7.03%

references

CVE-2024-2053

description

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the “www-data” user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the “www-data” user.

中文

Artica Proxy管理web应用程序将反序列化未经身份验证的用户提供的任意PHP对象,然后以“www数据”用户的身份执行代码。此问题已在4.50版本的the Artica Proxy管理web应用程序中演示,该应用程序试图阻止本地文件被包含。可以绕过这些保护,未经身份验证的用户提供的任意文件请求将根据“www数据”用户的权限返回。

cvss epss percentile
None 0.04% 7.03%

CVE-2024-2054

description

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the “www-data” user.

中文

Artica Proxy管理web应用程序将反序列化未经身份验证的用户提供的任意PHP对象,然后以“www数据”用户的身份执行代码。

cvss epss percentile
None 0.04% 7.03%

CVE-2024-2055

description

The “Rich Filemanager” feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.

中文

Artica Proxy的“Rich Filemanager”功能为文件管理功能提供了一个基于web的界面。启用该功能后,默认情况下不需要身份验证,而是以根用户身份运行。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-2056

description

Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the “tailon” service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkovs tailon GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.

中文

正在运行并绑定到Artica Proxy环回接口的服务可以通过代理服务访问。特别是,“tailon”服务正在运行,作为根用户运行,绑定到环回接口,并在TCP端口7050上侦听。与暴露此网络服务相关的安全问题记录在gvalkovs tailon GitHub repo中。使用tailon服务,可以查看Artica Proxy上任何文件的内容。

cvss epss percentile
None 0.04% 12.50%

references

CVE-2024-20829

description

Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.

中文

在三星互联网v24.0.0.0之前的版本中,打开深度链接时缺少正确的交互,远程攻击者可以在没有正确交互的情况下打开应用程序。

cvss epss percentile
5.4 MEDIUM 0.04% 7.03%

references

CVE-2024-20830

description

Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.

中文

SMR MAr-2024 Release 1之前的AppLock中默认权限不正确,允许本地攻击者配置AppLock设置。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2024-20831

description

Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attackers to execute arbitrary code.

中文

SMR Mar-2024 Release 1之前的引导加载程序中的Little Kernel存在堆栈溢出,特权攻击者可以执行任意代码。

cvss epss percentile
6.4 MEDIUM 0.04% 7.03%

references

CVE-2024-20832

description

Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attacker to execute arbitrary code.

中文

SMR Mar-2024 Release 1之前的引导加载程序中的Little Kernel存在堆溢出,允许特权攻击者执行任意代码。

cvss epss percentile
6.4 MEDIUM 0.04% 7.03%

references

CVE-2024-20833

description

Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.

中文

SMR Mar-2024 Release 1之前的pub_crypto_recv_msg中存在释放后使用漏洞,由于竞争条件,具有系统权限的本地攻击者可导致内存损坏。

cvss epss percentile
4.1 MEDIUM 0.04% 7.03%

references

CVE-2024-20834

description

The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission.

中文

SMR Mar-2024 Release 1之前的WlanTest中存在敏感信息暴露漏洞,允许本地攻击者在没有适当权限的情况下访问MAC地址。

cvss epss percentile
3.3 LOW 0.04% 7.03%

references

CVE-2024-20835

description

Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.

中文

SMR Mar-2024 Release 1之前的CustomFrequencyManagerService中存在不正确的访问控制漏洞,使本地攻击者能够执行特权行为。

cvss epss percentile
4.0 MEDIUM 0.04% 7.03%

references

CVE-2024-20836

description

Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.

中文

SMR Mar-2024 Release 1之前的libsubextractor.so中的ssmis_get_frm中存在越界读取漏洞,本地攻击者可以读取越界内存。

cvss epss percentile
3.3 LOW 0.04% 7.03%

references

CVE-2024-20837

description

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.

中文

在Samsung Internet 24.0.0.41之前的版本中,对Trusted Web Activities授予权限的不当处理使本地攻击者能够在没有用户交互的情况下授予自己的TWA WebApps权限。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2024-20838

description

Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.

中文

Samsung Internet 24.0.3.2版本之前的版本中存在不正确的验证漏洞,允许本地攻击者执行任意代码。

cvss epss percentile
6.8 MEDIUM 0.04% 7.03%

references

CVE-2024-20839

description

Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.

中文

安卓12和安卓13的21.5.16.01版本和安卓14的21.4.51.02版本之前的三星录音机中的访问控制不当,使物理攻击者能够访问锁定屏幕上的录音文件。

cvss epss percentile
4.6 MEDIUM 0.04% 7.03%

references

CVE-2024-20840

description

Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen.

中文

在安卓12和安卓13的21.5.16.01版本和安卓14的21.4.51.02版本之前的三星录音机中,访问控制不当,允许物理攻击者使用硬件键盘在锁定屏幕上使用录音机。

cvss epss percentile
5.7 MEDIUM 0.04% 7.03%

references

CVE-2024-20841

description

Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.

中文

14.8.0.3版本之前的Samsung帐户中权限不足的不当处理允许本地攻击者访问数据。

cvss epss percentile
5.1 MEDIUM 0.04% 7.03%

references

CVE-2024-2179

description

Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.

中文

9.2.7之前的混凝土CMS版本9容易通过组类型的名称字段受到存储XSS的攻击,因为该字段的管理员提供的数据验证不足。流氓管理员可能会在“名称”字段中注入恶意代码,当用户访问受影响的页面时可能会执行这些代码。Concrete CMS安全团队给该漏洞的CVSS v3.1评分为2.2,矢量为AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/a:N 9以下的Concrete版本不包括组类型,因此它们不受该漏洞的影响。感谢Luca Fuda的报道。

cvss epss percentile
2.2 LOW 0.04% 7.03%

references

CVE-2024-21815

description

Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

中文

经过身份验证但没有特权的用户可以访问用于第三方DVR与指挥中心服务器集成的受保护不足的凭据(CWE-522)。此问题影响:加拉格尔指挥中心vEL9.00.1774(MR2)之前的9.00、vEL8.90.1751(MR3)之前的8.90、vEL 8.80.1526(MR4)之前的8.80、vEL8.70.2526(MR6)之前的8.70,所有版本的8.60及之前版本。

cvss epss percentile
9.1 CRITICAL 0.04% 7.03%

references

CVE-2024-21838

description

Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.

中文

指挥中心服务器的电子邮件生成功能使用的输出(CWE-74)中的特殊元素无效可能导致在指挥中心生成的电子邮件中注入HTML代码。此问题影响:加拉格尔指挥中心vEL9.00.1774(MR2)之前的9.00、vEL8.90.1751(MR3)之前的8.90、vEL 8.80.1526(MR4)之前的8.80、vEL8.70.2526(MR6)之前的8.70,所有版本的8.60及之前版本。

cvss epss percentile
6.8 MEDIUM 0.04% 7.03%

references

CVE-2024-2188

description

Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.

中文

存储在TP Link Archer AX50中的跨站点脚本(XSS)漏洞影响固件版本1.0.11内部版本2022052。此漏洞允许未经身份验证的攻击者通过SOAP请求创建端口映射规则,并在该规则中存储恶意JavaScript负载,这可能导致在加载规则时执行JavaScript负载。

cvss epss percentile
6.1 MEDIUM 0.04% 7.03%

references

CVE-2024-22188

description

TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.

中文

13.0.1之前的TYPO3允许经过身份验证的管理员用户(具有系统维护者权限)通过安装工具表单字段中的命令注入漏洞执行任意shell命令(具有web服务器权限)。固定版本为8.7.57 ELTS、9.5.46 ELTS、10.4.43 ELTS、11.5.35 LTS、12.4.11 LTS和13.0.1。

cvss epss percentile
None 0.04% 12.50%

references

CVE-2024-22252

description

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machines VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

中文

VMware ESXi、Workstation和Fusion在XHCI USB控制器中包含释放后使用的漏洞。在虚拟机上具有本地管理权限的恶意行为者可能会利用此问题作为主机上运行的虚拟机VMX进程来执行代码。在ESXi上,漏洞利用包含在VMX沙盒中,而在Workstation和Fusion上,这可能导致在安装Workstation或Fusion的机器上执行代码。

cvss epss percentile
9.3 CRITICAL 0.04% 7.03%

references

CVE-2024-22253

description

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machines VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.

中文

VMware ESXi、Workstation和Fusion在UHCI USB控制器中包含释放后使用的漏洞。在虚拟机上具有本地管理权限的恶意行为者可能会利用此问题作为主机上运行的虚拟机VMX进程来执行代码。在ESXi上,漏洞利用包含在VMX沙盒中,而在Workstation和Fusion上,这可能导致在安装Workstation或Fusion的机器上执行代码。

cvss epss percentile
9.3 CRITICAL 0.04% 7.03%

references

CVE-2024-22254

description

VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.

中文

VMware ESXi包含一个越界写入漏洞。在VMX进程中具有特权的恶意参与者可能会触发越界写入,从而导致逃离沙箱。

cvss epss percentile
7.9 HIGH 0.04% 7.03%

references

CVE-2024-22255

description

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

中文

VMware ESXi、Workstation和Fusion在UHCI USB控制器中包含信息泄露漏洞。具有虚拟机管理访问权限的恶意行为者可能会利用此问题从vmx进程泄漏内存。

cvss epss percentile
7.1 HIGH 0.04% 7.03%

references

CVE-2024-22352

description

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.

中文

IBM InfoSphere Information Server 11.7将潜在的敏感信息存储在本地用户可以读取的日志文件中。IBM X-Force ID:280361。

cvss epss percentile
None 0.04% 7.03%

CVE-2024-22383

description

Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)), 8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).

中文

控制器7000的有效寿命后资源(CWE-772)未释放,导致HBUS连接的T系列读卡器在通过RS-485接口受到攻击后无法自动恢复,导致持续拒绝服务。此问题影响:加拉格尔控制器7000的所有变体vCR9.00.231204b之前为9.00(分布在9.00.1507(MR1)中),vCR8.90.240209b之前为8.90(分布于8.90.1751(MR3)中)、vCR8.80.240209a之前为8.80(分布于8.80.1526(MR4)中)和vCR8.70.240209a之前为8.70(分布於8.70.2526(MR6)中)。

cvss epss percentile
6.2 MEDIUM 0.04% 7.03%

references

CVE-2024-22889

description

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.

中文

由于Plone v6.0.9版本中的访问控制不正确,远程攻击者可以通过发送特制的请求来查看和列出网站上托管的所有文件。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-23225

description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

中文

通过改进验证,解决了内存损坏问题。此问题已在iOS 16.7.6和iPadOS 16.7.6、iOS 17.4和iPadOS17.4中修复。具有任意内核读写功能的攻击者可能能够绕过内核内存保护。苹果公司知道有报道称,这一问题可能已被利用。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-23243

description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.

中文

通过改进日志条目的私有数据编校,解决了隐私问题。此问题已在iOS 17.4和iPadOS 17.4中修复。应用程序可能能够读取敏感的位置信息。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-23256

description

A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A users locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled.

中文

通过改进状态管理,解决了逻辑问题。此问题已在iOS 17.4和iPadOS 17.4中修复。启用“锁定的私人浏览”后,在切换选项卡组时,用户锁定的选项卡可能会短暂可见。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-23296

description

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

中文

通过改进验证,解决了内存损坏问题。此问题已在iOS 17.4和iPadOS 17.4中修复。具有任意内核读写功能的攻击者可能能够绕过内核内存保护。苹果公司知道有报道称,这一问题可能已被利用。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-24098

description

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.

中文

代码项目学者跟踪系统1.0易受通过新闻推送的SQL注入的攻击。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-24275

description

Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function.

中文

Teamwire Windows桌面客户端v.2.0.1至v.2.4.0中存在跨站点脚本漏洞,远程攻击者可以通过特制的全局搜索功能负载获取敏感信息。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-24276

description

Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components.

中文

Teamwire Windows桌面客户端2.0.1版至2.4.0版中的跨站点脚本(XSS)漏洞使远程攻击者能够通过特制的聊天名称、消息预览、用户名和组名组件负载获取敏感信息。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-24278

description

An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function.

中文

Teamwire Windows桌面客户端2.0.1版至2.4.0版中的一个问题使远程攻击者能够通过特制的消息功能负载获取敏感信息。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-24783

description

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

中文

验证包含具有未知公钥算法的证书的证书链将导致证书。验证是否惊慌失措。这会影响所有crypto/tls客户端和设置Config的服务器。ClientAuth到VerifyClientCertIfGiven或RequireAndVerifyClientCert。TLS服务器的默认行为是不验证客户端证书。

cvss epss percentile
None 0.04% 12.50%

references

CVE-2024-24784

description

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.

中文

ParseAddressList函数错误地处理了显示名称中的注释(括号内的文本)。由于这与一致的地址解析器不一致,因此可能导致使用不同解析器的程序做出不同的信任决策。

cvss epss percentile
None 0.04% 12.50%

references

CVE-2024-24785

description

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.

中文

如果MarshalJSON方法返回的错误包含用户控制的数据,则这些错误可能被用来破坏html/template包的上下文自动转义行为,从而允许后续操作将意外内容注入模板。

cvss epss percentile
None 0.04% 12.50%

references

CVE-2024-24786

description

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

中文

protojson。当对某些形式的无效JSON进行解组时,解组函数可能会进入无限循环。当将其解组为包含google.protobuf的消息时,可能会出现这种情况。任何值,或者当取消编组选项时。设置了DiscardUnknown选项。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-25611

description

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

中文

ArubaOS命令行接口中存在经过身份验证的命令注入漏洞。成功利用这些漏洞会导致作为特权用户在底层操作系统上执行任意命令。

cvss epss percentile
7.2 HIGH 0.04% 7.03%

references

CVE-2024-25612

description

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

中文

ArubaOS命令行接口中存在经过身份验证的命令注入漏洞。成功利用这些漏洞会导致作为特权用户在底层操作系统上执行任意命令。

cvss epss percentile
7.2 HIGH 0.04% 7.03%

references

CVE-2024-25613

description

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

中文

ArubaOS命令行接口中存在经过身份验证的命令注入漏洞。成功利用这些漏洞会导致作为特权用户在底层操作系统上执行任意命令。

cvss epss percentile
7.2 HIGH 0.04% 7.03%

references

CVE-2024-25614

description

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.

中文

ArubaOS使用的CLI中存在任意文件删除漏洞。成功利用此漏洞可删除底层操作系统上的任意文件,这可能导致拒绝服务条件并影响控制器的完整性。

cvss epss percentile
5.5 MEDIUM 0.04% 7.03%

references

CVE-2024-25615

description

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.

中文

ArubaOS 8.x中通过PAPI协议访问的频谱服务中存在未经验证的拒绝服务(DoS)漏洞。成功利用此漏洞可中断受影响服务的正常运行。

cvss epss percentile
5.3 MEDIUM 0.04% 7.03%

references

CVE-2024-25616

description

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.

中文

Aruba已经确定了ArubaOS的某些配置,这些配置可能导致IKE_AUTH协商过程中的敏感信息部分泄露。可能发生潜在敏感信息泄露的情况很复杂,取决于攻击者无法控制的因素。

cvss epss percentile
3.7 LOW 0.04% 7.03%

references

CVE-2024-25817

description

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.

中文

在版本0.18.2之前的eza中存在缓冲区溢出漏洞,允许本地攻击者通过.git/HEAD、.git/refs和.git/objects组件执行任意代码。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-25858

description

In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands.

中文

在2024.1版之前的Foxit PDF阅读器和2024.1版以前的PDF编辑器中,由于用户查看命令参数的提示消息未经优化,因此可能会通过JavaScript执行代码。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-26333

description

swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c.

中文

通过swftools/lib/modules/swfshape.c中的函数free_lines,发现swftools v0.9.2包含分段冲突。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-26334

description

swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c.

中文

swftools v0.9.2通过swftools/lib/action/actioncompiler.c中的函数compileSWFActionCode被发现包含分段冲突。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-26335

description

swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c.

中文

通过swftools/src/swfc-history.c中的函数state_free,发现swftools v0.9.2包含分段冲突。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-26337

description

swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c.

中文

通过swftools/src/swfc.c中的函数s_font,发现swftools v0.9.2包含分段冲突。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-26339

description

swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.

中文

通过/home/swftools/src/swfc+0x448318a发现swftools v0.9.2包含strcpy参数重叠。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27278

description

OpenPNE Plugin “opTimelinePlugin” 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users.

中文

OpenPNE插件“opTimelinePlugin”1.2.11及更早版本包含跨站点脚本漏洞。在使用受影响产品的网站上,当用户使用一些恶意内容配置配置文件时,可能会在其他用户的web浏览器上执行任意脚本。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27561

description

A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter.

中文

WonderCMS v3.1.3的installUpdateThemePluginAction函数中的服务器端请求伪造(SSRF)允许攻击者通过在installThemePlugin参数中注入特制的URL,迫使应用程序进行任意请求。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27563

description

A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.

中文

WonderCMS v3.1.3的getFileFromRepo函数中的服务器端请求伪造(SSRF)允许攻击者通过在pluginThemeUrl参数中注入特制的URL来迫使应用程序进行任意请求。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27564

description

A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.

中文

ChatGPT commit f9f4bbc的pictureproxy.php中的服务器端请求伪造(SSRF)允许攻击者通过在urlparameter中注入特制的URL来迫使应用程序进行任意请求。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27565

description

A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests.

中文

ChatGPT微信个人提交a0857f6的weixin.php中的服务器端请求伪造(SSRF)允许攻击者强制应用程序进行任意请求。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27622

description

A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19. This vulnerability arises from inadequate sanitization of user-supplied input in the Code section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code.

中文

CMS Made Simple版本2.2.19的用户定义标签模块中发现了远程代码执行漏洞。此漏洞是由于对模块的“代码”部分中用户提供的输入进行了不充分的清理而产生的。因此,具有管理权限的经过身份验证的用户可以注入和执行任意PHP代码。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27623

description

CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.

中文

CMS Made Simple版本2.2.19易受服务器端模板注入(SSTI)攻击。该漏洞存在于Design Manager中,尤其是在编辑面包屑时。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27625

description

CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the “New directory” field.

中文

CMS Made Simple 2.2.19版易受跨站点脚本(XSS)攻击。此漏洞存在于管理面板的文件管理器模块中。具体来说,这个问题是由于“新目录”字段中的用户输入没有得到充分的净化而产生的。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27626

description

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel.

中文

在Dotclear 2.29版本中发现了一个反映跨站点脚本(XSS)漏洞。该缺陷存在于“管理面板”的“搜索”功能中。

cvss epss percentile
None 0.04% 7.03%

CVE-2024-27627

description

A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page.

中文

SuperCali 1.1.0版本中存在一个反映的跨站点脚本(XSS)漏洞,允许远程攻击者通过bad_password.php页面中的电子邮件参数执行任意JavaScript代码。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27764

description

An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.

中文

Jeewms v.3.7及之前版本中的一个问题允许远程攻击者通过AuthInterceptor组件升级权限。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27765

description

Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component.

中文

Jeewms v.3.7及之前版本中的目录遍历漏洞允许远程攻击者通过cgformTemplateController组件获取敏感信息。

cvss epss percentile
None 0.04% 7.03%

references

CVE-2024-27929

description

ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharps InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7.

中文

ImageSharp是一个管理的、跨平台的二维图形库。在PngDecoderCore.cs文件的ImageSharps InitializeImage()函数中发现堆使用后释放缺陷。当攻击者将特制的PNG图像文件传递给ImageSharp进行转换时,会触发此漏洞,这可能导致信息泄露。此问题已在3.1.3和2.1.7版本中进行了修补。

cvss epss percentile
7.1 HIGH 0.04% 7.03%

references

CVE-2024-27931

description

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp* APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp* API containing path traversal characters. This is fixed in Deno 1.41.1.

中文

Deno是一个具有安全默认值的JavaScript、TypeScript和WebAssembly运行时。“Deno.makeTemp*”API中的参数验证不足,将允许在允许的目录之外创建文件。这可以允许用户覆盖系统上可能影响其他系统的重要文件。用户可以为包含路径遍历字符的Deno.makeTemp*neneneba API提供前缀或后缀。这在Deno 1.41.1中是固定的。

cvss epss percentile
5.8 MEDIUM 0.04% 7.03%

references

Modified_entries

CVE-2021-45810

description

GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire hosts traffic via their own server.

中文

GlobalProtect openconnect 2.0.0之前的版本(独占)会受到GPService中通过DBUS、GUI进行的不正确访问控制的影响。GlobalProtect Openconnect的设置方式允许任意用户启动与任意服务器的VPN连接。通过托管openconnect兼容的服务器,攻击可以通过主机自己的服务器重定向整个主机的流量。

cvss epss percentile
None 0.08% 32.11%

references

CVE-2023-28892

description

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link.

中文

Malwarebytes AdwCleaner 8.4.0以管理员身份运行,并在C:\AdwCleaner\Logs\AdwCleaer_Debug.log上执行不安全的文件删除操作,其中目标位置由用户控制,允许非管理员用户通过符号链接将权限升级到SYSTEM。

cvss epss percentile
None 0.04% 5.40%

references

CVE-2023-30733

description

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.

中文

SMR Oct-2023 Release 1之前的HDCP trustlet漏洞中存在基于堆栈的缓冲区溢出,允许本地特权攻击者执行代码。

cvss epss percentile
7.8 HIGH 0.11% 43.97%

references

CVE-2023-42531

description

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.

中文

SMR Nov-2023 Release1之前的SmsController中存在不正确的访问控制漏洞,本地攻击者可以绕过从后台启动活动的限制。

cvss epss percentile
6.2 MEDIUM 0.07% 28.88%

references

CVE-2023-43787

description

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

中文

由于XCreateImage()函数中的整数溢出,在libX11中发现了一个漏洞。此缺陷允许本地用户触发整数溢出并使用提升的权限执行任意代码。

cvss epss percentile
7.8 HIGH 0.04% 5.40%

references

CVE-2023-44186

description

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition. This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue affects: Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions prior to 22.2R3-S2-EVO; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.

中文

Juniper Networks Junos OS和Junos OS Evolved的AS PATH处理中存在异常条件处理不当漏洞,攻击者可以使用包含大量4字节AS的AS PATH发送BGP更新消息,从而导致拒绝服务(DoS)。继续接收和处理这些BGP更新将产生持续的拒绝服务(DoS)情况。当路由器启用了非停止路由(NSR),具有非4字节-AS功能的BGP邻居,接收到前缀为包含大量4字节AS的长AS PATH的BGP更新消息,并且必须向非4字节-a S功能的BGP邻居通告前缀时,就会遇到此问题。注意:SRX系列不支持NSR,因此不受此漏洞的影响。此问题影响:Juniper Networks Junos操作系统:*20.4R3-S8之前的所有版本;*21.1版本21.1R1及更高版本;*21.2R3-S6之前的21.2版本;*21.3R3-S5之前的21.3版本;*21.4R3-S5之前的21.4版本;*22.1R3-S4之前的22.1版本;*22.2R3-S2之前的22.2版本;*22.3R2-S2、22.3R3-S1之前的22.3版本;22.4R2-S1、22.4R3之前的22.4版本。Juniper Networks Junos操作系统进化版20.4R3-S8-EVO之前的所有版本;*21.1版本21.1R1-EVO及更高版本;*21.2R3-S6-EVO之前的21.2版本;*21.3R3-S5-EVO之前的21.3版本;*21.4R3-S5-EVO之前的21.4版本;*22.1R3-S4-EVO之前的22.1版本;*22.2R3-S2-EVO之前的22.2版本;*22.3R2-S2-EVO、22.3R3-S1-EVO之前的22.3版本;*22.4R2-S1-EVO之前的22.4版本、22.4R3-EVO。

cvss epss percentile
7.5 HIGH 0.05% 14.06%

references

CVE-2023-50693

description

An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request.

中文

Jester v.0.6.0及以前版本中的一个问题允许远程攻击者发送精心编制的恶意请求。

cvss epss percentile
None 0.46% 74.73%

references

CVE-2023-52521

description

** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

中文

拒绝此CVE ID已被其CVE编号机构拒绝或撤回。

cvss epss percentile
None 0.04% 7.03%

CVE-2023-7033

description

Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN Flood attack.

中文

三菱电机公司MELSEC iQ-F系列CPU模块的以太网功能中存在资源池不足漏洞,远程攻击者可以通过执行TCP SYN Flood攻击,在产品的以太网通信中造成一定时间内的临时拒绝服务条件。

cvss epss percentile
5.3 MEDIUM 0.04% 12.50%

references

CVE-2024-0553

description

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

中文

在GnuTLS中发现一个漏洞。RSA-PSK ClientKeyExchange中对格式错误的密文的响应时间与具有正确PKCS#1 v1.5填充的密文的反应时间不同。此问题可能允许远程攻击者在RSA-PSK密钥交换中执行定时侧信道攻击,从而可能导致敏感数据泄露。CVE-2024-0553被指定为CVE-2023-5981的不完整分辨率。

cvss epss percentile
7.5 HIGH 0.61% 78.20%

references

CVE-2024-0567

description

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

中文

在GnuTLS中发现一个漏洞,其中驾驶舱(使用GnuTLS)拒绝具有分布式信任的证书链。使用驾驶舱证书确保验证证书链时会出现此问题。此漏洞允许未经身份验证的远程客户端或攻击者发起拒绝服务攻击。

cvss epss percentile
7.5 HIGH 0.08% 33.37%

references

CVE-2024-1062

description

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

中文

在389个数据库中发现堆溢出缺陷。在log_entry_attr中写入大于256个字符的值时,此问题会导致拒绝服务。

cvss epss percentile
5.5 MEDIUM 0.04% 12.50%

references

CVE-2024-1885

description

This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage.

中文

此漏洞允许远程攻击者在LG Signage受影响的webOS上执行任意代码。

cvss epss percentile
6.3 MEDIUM 0.04% 7.03%

references

CVE-2024-1886

description

This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage.

中文

此漏洞允许远程攻击者遍历LG Signage受影响的webOS上的目录。

cvss epss percentile
3.0 LOW 0.04% 7.03%

references

CVE-2024-22545

description

An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.

中文

TRENDnet TEW-824DRU 1.04b01版本中发现一个问题,允许未经身份验证的攻击者通过sub_420AE0()函数中的system.ntp.server参数执行任意代码。可以远程发起攻击。

cvss epss percentile
None 0.04% 5.40%

references

CVE-2024-22894

description

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.

中文

AIT Deutschland Alpha Innotec Heatpumps V2.88.3或更高版本、V3.89.0或更新版本、V4.81.3或更新版本以及Novelan Heatpumpers V2.88.3及更新版本、V3.8 9.0或更新版、V4.813或更新版本中修复的一个问题允许远程攻击者通过影子文件中的密码组件执行任意代码。

cvss epss percentile
None 0.12% 44.80%

references

CVE-2024-23805

description

Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

中文

未公开的请求可能会导致流量管理微内核(TMM)终止。对于应用程序可见性和报告模块,当在虚拟服务器和数据库变量avr上配置在Collected Entitys下启用URL的HTTP Analytics配置文件时,可能会发生这种情况。IncludeServerInURI或avr。CollectOnlyHostnameFromURI已启用。对于BIG-IP Advanced WAF和ASM,当在虚拟服务器和DB变量avr上配置DoS或Bot Defense配置文件时,可能会发生这种情况。IncludeServerInURI或avr。CollectOnlyHostnameFromURI已启用。注意:DB变量avr。IncludeServerInURI和avr。默认情况下,CollectOnlyHostnameFromURI未启用。有关HTTP分析配置文件和收集URL设置的更多信息,请参阅K30875743:创建新的分析配置文件并将其附加到虚拟服务器https://my.f5.com/manage/s/article/K30875743 . 注:已达到技术支持结束(EoTS)的软件版本不进行评估

cvss epss percentile
7.5 HIGH 0.04% 7.03%

references

CVE-2024-24213

description

** DISPUTED ** Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendors position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected.

中文

争议发现Suabase PostgreSQL v15.1通过组件/pg_meta/default/query包含SQL注入漏洞。注:供应商的立场是,这是一个预期功能;此外,它存在于Suabase仪表板产品中,而不是Suabase PostgreSQL产品中。具体来说,/pg_meta/default/query用于授权用户在预期UI中输入的SQL查询。没有注入任何东西。

cvss epss percentile
None 0.06% 24.72%

references

CVE-2024-24806

description

libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its windows counterpart src/win/getaddrinfo.c), truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses like 0x00007f000001, which are considered valid by getaddrinfo and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the hostname_ascii variable (with a length of 256 bytes) is handled in uv_getaddrinfo and subsequently in uv__idna_toascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have username.example.com pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

中文

libuv是一个多平台支持库,专注于异步I/O。“src/unix/getaddrinfo.c”中的“uv_getaddrinfo”函数(及其windows对应的“src/win/getaddrinfo.c’”)在调用“getaddrinfo”之前,会将主机名截断为256个字符。此行为可被用来创建诸如“0x00007f000001”之类的地址,这些地址被“getaddrinfo”视为有效地址,并允许攻击者绕过开发人员检查,创建解析为意外IP地址的有效载荷。该漏洞是由于在“uv_getaddrinfo”中以及随后在“uv__idna_toascii”中处理“hostname_ascii”变量(长度为256字节)的方式造成的。当主机名超过256个字符时,它会被截断,而不会有终止的空字节。因此,攻击者可能能够访问内部API或允许用户拥有“username.example.com”页面的网站(类似于MySpace)。如果恶意用户选择了长期易受攻击的用户名,则爬网或缓存这些用户页面的内部服务可能会受到SSRF攻击。此问题已在发布版本1.48.0中得到解决。建议用户升级。此漏洞没有已知的解决方法。

cvss epss percentile
7.3 HIGH 0.11% 43.25%

references

CVE-2024-24814

description

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

中文

mod_auth_openidc是经过OpenID认证的™Apache 2.x HTTP服务器的身份验证和授权模块,用于实现OpenID连接依赖方功能。在受影响的版本中,缺少mod_auth_openidc_session_chunks cookie值的输入验证会使服务器容易受到拒绝服务(DoS)攻击。已经进行了内部安全审计,审查人员发现,如果他们将mod_auth_openidc_session_chunks cookie的值操纵为一个非常大的整数,如99999999,服务器会在很长一段时间内处理该请求,最终返回500错误。发出一些此类请求导致我们的服务器变得没有响应。攻击者可以通过最少的努力来处理会使服务器非常努力地工作(并可能变得没有响应)和/或崩溃的请求。此问题已在2.4.15.2版本中解决。建议用户升级。此漏洞没有已知的解决方法。

cvss epss percentile
7.5 HIGH 0.04% 12.50%

references

CVE-2024-27354

description

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.

中文

phpseclib 1.0.23之前的1.x、2.0.47之前的2.x和3.0.36之前的3.x中发现了一个问题。攻击者可以构造包含超大素数的格式错误的证书,从而导致拒绝服务(isPrime主要性检查的CPU消耗)。注:此问题是在试图修复CVE-2023-27560时引入的。

cvss epss percentile
None 0.04% 12.50%

references

CVE-2024-27355

description

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).

中文

phpseclib 1.0.23之前的1.x、2.0.47之前的2.x和3.0.36之前的3.x中发现了一个问题。当处理证书的ASN.1对象标识符时,可以提供导致拒绝服务(decodeOID的CPU消耗)的子标识符。

cvss epss percentile
None 0.04% 12.50%

references