diff --git a/cves.json b/cves.json index 61f889e407..b22156eddc 100644 --- a/cves.json +++ b/cves.json @@ -2132,6 +2132,7 @@ {"ID":"CVE-2023-31446","Info":{"Name":"Cassia Gateway Firmware - Remote Code Execution","Severity":"critical","Description":"In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31446.yaml"} {"ID":"CVE-2023-31465","Info":{"Name":"TimeKeeper by FSMLabs - Remote Code Execution","Severity":"critical","Description":"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31465.yaml"} {"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"} +{"ID":"CVE-2023-32077","Info":{"Name":"Netmaker - Hardcoded DNS Secret Key","Severity":"high","Description":"Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32077.yaml"} {"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"} {"ID":"CVE-2023-3219","Info":{"Name":"EventON Lite \u003c 2.1.2 - Arbitrary File Download","Severity":"medium","Description":"The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors\nto access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-3219.yaml"} {"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"high","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"} @@ -2208,6 +2209,7 @@ {"ID":"CVE-2023-3849","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3849.yaml"} {"ID":"CVE-2023-38501","Info":{"Name":"CopyParty v1.8.6 - Cross Site Scripting","Severity":"medium","Description":"Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38501.yaml"} {"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"} +{"ID":"CVE-2023-38964","Info":{"Name":"Academy LMS 6.0 - Cross-Site Scripting","Severity":"medium","Description":"Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38964.yaml"} {"ID":"CVE-2023-39002","Info":{"Name":"OPNsense - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39002.yaml"} {"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"} {"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"} @@ -2252,6 +2254,7 @@ {"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"} {"ID":"CVE-2023-43177","Info":{"Name":"CrushFTP \u003c 10.5.1 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43177.yaml"} {"ID":"CVE-2023-43187","Info":{"Name":"NodeBB XML-RPC Request xmlrpc.php - XML Injection","Severity":"critical","Description":"A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43187.yaml"} +{"ID":"CVE-2023-43208","Info":{"Name":"NextGen Healthcare Mirth Connect - Remote Code Execution","Severity":"critical","Description":"Unauthenticated remote code execution vulnerability in NextGen Healthcare Mirth Connect before version 4.4.1.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43208.yaml"} {"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"} {"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"} {"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"} @@ -2344,6 +2347,7 @@ {"ID":"CVE-2024-22320","Info":{"Name":"IBM Operational Decision Manager - Java Deserialization","Severity":"high","Description":"IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-22320.yaml"} {"ID":"CVE-2024-23334","Info":{"Name":"aiohttp - Directory Traversal","Severity":"high","Description":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-23334.yaml"} {"ID":"CVE-2024-2389","Info":{"Name":"Progress Kemp Flowmon - Command Injection","Severity":"critical","Description":"In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-2389.yaml"} +{"ID":"CVE-2024-24131","Info":{"Name":"SuperWebMailer 9.31.0.01799 - Cross-Site Scripting","Severity":"medium","Description":"SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-24131.yaml"} {"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"} {"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"} {"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"} @@ -2353,12 +2357,14 @@ {"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"} {"ID":"CVE-2024-27564","Info":{"Name":"ChatGPT个人专用版 - Server Side Request Forgery","Severity":"high","Description":"A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27564.yaml"} {"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"} +{"ID":"CVE-2024-27956","Info":{"Name":"WordPress Automatic Plugin \u003c= 3.92.0 - SQL Injection","Severity":"critical","Description":"The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2024/CVE-2024-27956.yaml"} {"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28255.yaml"} {"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"} {"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"critical","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"} {"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"} {"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"} {"ID":"CVE-2024-31621","Info":{"Name":"Flowise 1.6.5 - Authentication Bypass","Severity":"high","Description":"The flowise version \u003c= 1.6.5 is vulnerable to authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31621.yaml"} +{"ID":"CVE-2024-31849","Info":{"Name":"CData API Server \u003c 23.4.8844 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData API Server \u003c 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31849.yaml"} {"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"} {"ID":"CVE-2024-3273","Info":{"Name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","Severity":"high","Description":"UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-3273.yaml"} {"ID":"CVE-2024-3400","Info":{"Name":"GlobalProtect - OS Command Injection","Severity":"critical","Description":"A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-3400.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 14bf5eec07..59bba03b5a 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -c00921b7455dc0164b91d29896a81273 +9895478dd995b34657d5410bb4f56b5e