CVE Catalog

A vulnerability allowing XML External Entity (XXE) injection has been identified in GoCD, a continuous delivery server, in versions prior to 24.5.0. This issue arises from the ability of 'group admins' to edit raw XML configurations for their groups, which can be exploited to inject malicious XML that the server processes. While this XXE vulnerability could theoretically lead to additional attacks such as Server-Side Request Forgery (SSRF), information disclosure, or directory traversal, these secondary exploits have not been demonstrated as possible.

A vulnerability allowing XML External Entity (XXE) injection has been identified in GoCD, a continuous delivery server. This issue affects GoCD versions 16.7.0 prior to 24.5.0. The vulnerability arises from the ability of GoCD admins to exploit a hidden configuration repository feature, 'pipelines as code', leading to XXE injection on the GoCD Server. The injected XML entities are processed when GoCD scans for pipeline updates, either automatically or at the request of an administrator. While the impact is generally limited, as only GoCD (super) admins can exploit this vulnerability, a malicious admin could potentially cause more significant damage than what XXE injection alone would allow.

A vulnerability in GoCD, a continuous delivery server, exists in versions 18.9.0 prior to 24.5.0. It allows GoCD admins to misuse the backup configuration's 'post-backup script' feature to execute arbitrary scripts on the hosting server or container as the GoCD user, instead of the pre-configured scripts. While this vulnerability could be exploited, its impact is generally limited. In most cases, a GoCD admin already has host administration permissions to manage artifact storage and service-level configurations. However, in environments where host and GoCD admin roles are separated, this vulnerability could lead to unexpected script execution.

A vulnerability allowing admin privilege escalation has been identified in GoCD versions prior to 24.5.0. This issue arises from improper authorization of access to the admin 'Configuration XML' user interface and its related API. As a result, a malicious insider or authenticated GoCD user could exploit this vulnerability to gain access to information reserved for GoCD admins or to permanently elevate their privileges to that of an admin. The vulnerability cannot be exploited before authentication.

A privilege escalation vulnerability has been identified in CodeAstro Complaint Management System version 1.0. The issue arises in the delete_e.php component, where a remote attacker can manipulate the id parameter to delete engineer-level accounts. This exploitation can be carried out without a valid session or any privileges, as the endpoint lacks proper authentication and authorization checks.

A vulnerability in IBM Jazz Foundation versions 7.0.2, 7.0.3, and 7.1.0 could allow remote attackers to access sensitive information. This issue arises when detailed technical error messages are displayed in the browser, potentially exposing information that could be exploited in subsequent attacks against the system.

A vulnerability allowing arbitrary file upload has been identified in WukongCRM-11.0-JAVA versions prior to 11.3.3. This vulnerability exists in the image update component located at /adminUser/updateImg. Attackers can exploit this issue by uploading a crafted file, which could lead to the execution of arbitrary code on the server.

A SQL injection vulnerability has been identified in Silverpeas version 6.4.1, specifically within the Taxonomy module. The issue arises in the 'ViewType' parameter of the 'findByWhereClause' function, where inadequate input validation allows remote attackers to inject malicious SQL payloads. This vulnerability can be exploited using union-based and time-based injection techniques, potentially leading to unauthorized access to sensitive information and disruption of database operations.

A vulnerability exists in IBM Jazz Foundation versions 7.0.2, 7.0.3, and 7.1.0, where password fields are not masked during entry. This oversight could enable a physical user to access sensitive information by observing unprotected passwords as they are typed.

A critical OS command injection vulnerability has been identified in Moxa's cellular routers, secure routers, and network security appliances. This vulnerability arises from improperly restricted commands, allowing attackers to inject special characters and execute arbitrary code on the device. The issue affects several product series, including the EDR-8010, EDR-G9004, EDR-G9010, EDF-G1002-BP, NAT-102, OnCell G4302-LTE4, and TN-4900 series, all running specific firmware versions or earlier.

A vulnerability has been identified in Moxa's cellular routers, secure routers, and network security appliances, allowing authenticated users to escalate privileges and gain root access. This issue arises from hard-coded credentials, posing a significant security risk by enabling unauthorized modifications, data exposure, or service disruption.

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the WP Job Portal plugin for WordPress, specifically in versions through 2.2.4. This vulnerability arises from inadequate validation of user-controlled keys, enabling authenticated attackers with Subscriber-level access or higher to create jobs for companies with which they are not affiliated.

An information disclosure vulnerability has been identified in iTerm2 versions 3.5.6 through 3.5.10, prior to 3.5.11. This issue arises in certain it2ssh and SSH Integration configurations, during remote logins to hosts with a common Python installation. The vulnerability allows remote attackers to access sensitive information from terminal commands by reading the /tmp/framer.txt file, which may be exposed to other users on the same host.

A remote code execution vulnerability has been identified in the cellular baseband component of Google Pixel devices. The issue arises from an out-of-bounds write in the function 'cc_SendCcImsInfoIndMsg' within 'cc_MmConManagement.c', due to a missing bounds check. This vulnerability can be exploited without any additional privileges or user interaction.

A vulnerability allowing local elevation of privilege has been identified in Google Pixel devices. This issue arises from a permission bypass caused by a confused deputy in the 'startListeningForDeviceStateChanges' function. Exploitation of this vulnerability does not require additional execution privileges or user interaction.

A vulnerability exists in Google Pixel devices that allows for a biometric bypass, potentially leading to unauthorized privilege escalation. This issue arises from an unusual root cause and can be exploited without requiring additional execution privileges or user interaction.

A vulnerability allowing out-of-bounds read has been identified in the Exynos RIL component of Google Pixel devices. This issue arises from a missing bounds check in the GetCellInfoList() function within protocolnetadapter.cpp. Exploitation of this vulnerability could lead to local information disclosure, although it requires a compromise of the baseband firmware. Notably, no user interaction is needed for exploitation.

A vulnerability allowing local escalation of privilege has been identified in the Exynos video processing component of Google Pixel devices. This issue arises from an out-of-bounds write caused by an improper bounds check, which could be exploited to gain elevated privileges without requiring additional execution rights or user interaction.

A vulnerability allowing local privilege escalation has been identified in the LWIS component of Google Pixel devices. This issue arises from an out-of-bounds write caused by an integer overflow, which could be exploited to gain elevated privileges without requiring additional execution rights or user interaction.

A buffer overflow vulnerability has been identified in the WLAN component of Google Pixel devices, specifically within the 'wbrc_bt_dev_write' function of 'wb_regon_coordinator.c'. This vulnerability allows for a possible out-of-bounds write, which could lead to a local elevation of privilege. Exploitation of this issue requires system execution privileges, but does not need user interaction.

A vulnerability exists in Google Pixel devices that allows for a biometric bypass, potentially leading to unauthorized privilege escalation. This issue arises from an unusual root cause and can be exploited without requiring additional execution privileges or user interaction.

A vulnerability allowing out-of-bounds read in the modem component of Google Pixel devices has been identified. This issue arises from an incorrect bounds check in the function sms_DisplayHexDumpOfPrivacyBuffer within sms_Utilities.c. The flaw could lead to remote information disclosure without requiring additional execution privileges or user interaction for exploitation.

A vulnerability allowing local elevation of privilege has been identified in the LWIS component of Google Pixel devices. This issue arises from a possible out-of-bounds write in the 'prepare_response_locked' function of 'lwis_transaction.c', caused by improper input validation. Exploitation of this vulnerability does not require additional execution privileges or user interaction.

A heap buffer overflow vulnerability has been identified in the lwis component of Google Pixel devices, specifically within the construct_transaction_from_cmd function of lwis_ioctl.c. This vulnerability allows for a possible out-of-bounds write, which could lead to local elevation of privilege. Exploitation of this vulnerability does not require any additional execution privileges or user interaction.

A vulnerability exists in Google Android Pixel devices that allows apps to be added to bypass VPN restrictions, due to an undeclared permission. This could lead to a local escalation of privileges, with no additional execution privileges required. Exploitation does not require user interaction.

A critical SQL injection vulnerability has been identified in Code-Projects Point of Sales and Inventory Management System version 1.0. The issue arises in the file '/user/add_cart.php', where the 'id' and 'qty' parameters can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially allowing attackers to access sensitive information from the application's database.

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Online Shop version 1.0. The issue resides in the file '/view.php', where user-supplied input in the '$name' and '$details' parameters is echoed without proper validation. This flaw allows remote attackers to inject malicious scripts, potentially leading to the theft of sensitive client information.

A critical SQL injection vulnerability has been identified in Code-Projects Point of Sales and Inventory Management System version 1.0. The issue resides in the file '/user/search_result2.php', specifically within the Parameter Handler component. The vulnerability allows remote attackers to manipulate the 'search' parameter, injecting malicious SQL that could be executed by the database. This exploitation could lead to unauthorized access or manipulation of sensitive database information.

A logic error in the PackageManagerService's isPackageDeviceAdmin function can cause an edge case that prevents the uninstallation of CloudDpc. This issue allows for local privilege escalation without requiring additional execution privileges or user interaction.

A vulnerability has been identified in the Skia graphics library, specifically within the allocation function used by zlib for decompression. This issue arises from an integer overflow that can lead to an out-of-bounds write. As a result, the vulnerability could be exploited to escalate privileges locally, without requiring any additional execution rights or user interaction.

A heap overflow vulnerability has been identified in the Skia graphics library used by Android. The issue arises in the 'prepare_to_draw_into_mask' function within 'SkBlurMaskFilterImpl.cpp', where improper input validation creates the potential for a heap overflow. This vulnerability could be exploited to execute remote code without requiring additional privileges or user interaction.

A vulnerability in the ClipboardListener component of the Android framework has been identified, which allows for a partial bypass of the lock screen. This issue could lead to unauthorized access to certain functionalities, enabling local escalation of privileges without the need for additional execution rights. Notably, user interaction is not required for exploitation.

A logic error in the Android Framework's App Widget service can lead to a local elevation of privilege. This vulnerability allows a malicious application to avoid unbinding a service from the system, potentially leading to unauthorized access or control. The issue does not require any additional execution privileges or user interaction for exploitation.

A vulnerability has been identified in the Skia graphics library used by Android, specifically within the 'resizeToAtLeast' function of 'SkRegion.cpp'. This issue arises from an integer overflow that leads to a potential out-of-bounds write. Exploitation of this vulnerability could result in local escalation of privileges, with no additional execution privileges required. Notably, user interaction is not necessary for exploitation. The vulnerability affects multiple Android versions, including 12, 12L, 13, 14, and 15.

A vulnerability has been identified in the PowerVR-GPU component of Android devices, specifically within the devicemem_server.c file. This issue arises from a possible out-of-bounds write due to memory corruption, which could lead to a local escalation of privilege. Notably, exploitation of this vulnerability does not require any additional execution privileges or user interaction.

A denial-of-service vulnerability has been identified in the LRA Coordinator component of Narayana. When a 'Cancel' request is initiated in a Long Running Action (LRA), it takes approximately 2 seconds to process. If a 'Join' request with the same LRA ID is sent within this 2-second window, it can cause the application to crash or hang indefinitely.

A cross-site scripting (XSS) vulnerability has been identified in the AudioCodes MP-202b device running version 4.4.3. This vulnerability allows remote attackers to escalate privileges by exploiting the login page of the web interface. The issue arises from reflected XSS, where an attacker can craft a URL that, when visited by a user, captures their login credentials.

A critical SQL injection vulnerability has been identified in SourceCodester Online Eyewear Shop version 1.0. The issue resides in the file '/orders/view_order.php', where the 'id' parameter can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially leading to unauthorized data access or modification.

A stored HTML injection vulnerability has been identified in phpMyFAQ versions 3.2.10 prior to 4.0.2. This issue allows authenticated users to inject malicious HTML or JavaScript into the FAQ editor, which is then rendered without proper sanitization. The injected content can disrupt the user interface of the FAQ page by overlapping and obscuring buttons, images, and iframes, effectively rendering the page unusable. This exploitation can lead to a denial-of-service condition for legitimate users, degrade the overall user experience, and potentially be used for phishing or defacement attacks.

A vulnerability in CTFd versions through 3.7.4 allows for the interchangeability and reuse of tokens used for account activation and password resetting. These tokens, which include base64 encoded user email, are sent as GET parameters and can be exploited by an on-path attacker to hijack a user's account by resetting their password. This issue arises because the tokens are not single-use and remain valid for 30 minutes, during which they can be reused to gain unauthorized access to accounts.

A vulnerability in CTFd versions 3.7.0 prior to 3.7.4 allows authenticated users to change their assigned competition bracket and join a different team after the initial registration. This flaw arises from improper enforcement of bracket assignment rules, enabling users to reset their bracket and switch teams while a competition is active. The issue could disrupt the integrity of competition scoring and team assignments, particularly in events where brackets are used to organize prize distributions.

A critical SQL injection vulnerability has been identified in Code-Projects Chat System version 1.0. The issue arises in the file /admin/deleteroom.php, where the 'id' argument can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially leading to unauthorized data access or modification.

A vulnerability exists in Forescout SecureConnector version 11.3.07.0109 on Windows, where an insecure temporary directory allows unauthenticated users to modify compliance scripts.

A vulnerability exists in the web installer of Acronis Cyber Protect 16 for Windows, prior to build 39169, due to the use of a weak hash algorithm in the integrity check. This flaw could potentially be exploited to compromise the integrity of the installation process.

A vulnerability exists in Acronis Cyber Protect 16 for Windows, prior to build 39169, due to missing session invalidation after user deletion. This flaw could potentially be exploited to access user sessions that should have been terminated.

A local privilege escalation vulnerability has been identified in Acronis Cyber Protect 16 for Windows, prior to build 39169. This issue arises from a DLL hijacking vulnerability, which can be exploited to gain elevated privileges on the system.

A local privilege escalation vulnerability has been identified in the Tray Monitor service of Acronis Cyber Protect 16 and Acronis Cyber Protect Cloud Agent. This issue arises from excessive permissions assigned to the service, allowing unauthorized users to gain elevated privileges. The vulnerability affects Acronis Cyber Protect 16 (Linux, macOS, Windows) prior to build 39169, and Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) prior to build 35895.

A stored cross-site scripting vulnerability has been identified in Acronis Cyber Protect 16 for both Linux and Windows platforms, prior to build 39169. This vulnerability arises from inadequate origin validation in the postMessage function, allowing for the injection of malicious scripts that are stored and executed in the context of the user.

A local privilege escalation vulnerability has been identified in Acronis Cyber Protect 16 for Windows, prior to build 39169. This issue arises from a DLL hijacking vulnerability, which can be exploited to gain elevated privileges on the system.

A reflected cross-site scripting vulnerability has been identified in Kentico CMS version 7. This issue arises from the improper neutralization of input in the '/CMSMessages/AccessDenied.aspx' endpoint, allowing attackers to manipulate specific GET request parameters. Support for Kentico CMS version 7 ended in 2016, and version 8 does not exhibit this vulnerability.