CVE Catalog

A path traversal vulnerability has been identified in django-s3file versions prior to 5.5.1. This vulnerability allows for traversal of the entire AWS S3 bucket, with the potential to access or delete files. If the AWS_LOCATION setting is configured, the traversal is restricted to that specific location. The vulnerability was discovered by the maintainer, and there were no prior reports of it being known or exploited by third parties before the patch was released.

A denial-of-service vulnerability has been identified in Undertow, a web server component used in various NetApp products. This issue arises because the HTTP2SourceChannel does not properly write the final frame in certain situations, leading to a denial-of-service condition. The vulnerability affects Undertow versions prior to 2.0.35.SP1, 2.2.6.SP1, 2.2.7.SP1, 2.0.36.SP1, 2.2.9.Final, and 2.0.39.Final.

A vulnerability allowing sensitive information disclosure has been identified in the Metform WordPress plugin, specifically in versions through 2.1.3. The issue arises from improper access control in the 'action.php' file, located within the 'core/forms' directory. This vulnerability can be exploited by unauthenticated attackers to access and view all API keys and secrets associated with various integrated third-party services, including PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA, and others.

A server-side request forgery (SSRF) vulnerability has been identified in the HubSpot WordPress plugin, affecting versions prior to 8.8.15. The vulnerability arises because the plugin does not properly validate the proxy URL provided to the proxy REST endpoint. This flaw could enable users with the edit_posts capability, which includes contributors and higher roles, to execute SSRF attacks.

A remote code execution vulnerability has been identified in Apache CouchDB versions prior to 3.2.2. The issue arises from an insecure default installation that allows an attacker to gain administrative privileges without authentication. This vulnerability exploits the CouchDB's use of Erlang's distribution protocol, taking advantage of a default 'cookie' value that authenticates communication between Erlang nodes. The problem is exacerbated by CouchDB opening a random network port for distributed operations, which can be accessed if not properly secured.

A vulnerability exists in Philips Vue PACS, Vue MyVue, Vue Speech, and Vue Motion versions through 12.2.x.x, allowing the use of cryptographic keys or passwords past their expiration date. This flaw increases the risk of cracking attacks by extending the time window during which keys can be compromised.

A vulnerability exists in Philips Vue PACS versions 12.2.x.x and prior, due to the use of a broken or risky cryptographic algorithm. This flaw introduces an unnecessary risk that could lead to the exposure of sensitive information.

A vulnerability exists in Philips Vue PACS versions 12.2.x.x and prior, as well as in Vue MyVue, Vue Speech, and Vue Motion (through 12.2.1.5). The issue arises from the software not adhering to certain coding standards, which can create weaknesses or exacerbate existing vulnerabilities. This lack of proper coding practices has led to several specific vulnerabilities, including improper input validation, cleartext transmission of sensitive information, and cross-site scripting, among others. Successful exploitation could allow unauthorized access, data modification, or code execution, negatively impacting the system's overall integrity and availability.

A vulnerability exists in Philips Vue PACS versions 12.2.x.x and prior, as well as in Vue MyVue, Vue Speech, and Vue Motion applications through version 12.2.1.5. The issue arises from an improper implementation or failure of a protection mechanism, leaving the product susceptible to directed attacks. This vulnerability is part of a broader set of security issues within the Vue PACS ecosystem, including cleartext transmission of sensitive information, improper input validation, and cross-site scripting, among others.

A vulnerability exists in Philips Vue PACS versions 12.2.x.x and prior, as well as in Vue MyVue, Vue Speech, and Vue Motion (through 12.2.1.5). The issue stems from improper input validation, which allows user-controllable input to be inadequately neutralized before being output as a webpage, potentially leading to cross-site scripting attacks. Additionally, the software fails to properly validate structured messages or data before processing them, creating further security risks.

A use-after-free vulnerability has been identified in the WebKit component of Apple iOS, iPadOS, macOS Monterey, and Safari. This vulnerability arises from improper memory management, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. Apple has acknowledged reports of active exploitation of this vulnerability.

A memory corruption vulnerability has been identified in the IOMobileFrameBuffer component of Apple iOS, iPadOS, and macOS. This vulnerability allows a malicious application to execute arbitrary code with kernel privileges. It affects iOS 15.3, iPadOS 15.3, macOS Big Sur 11.6.3, and macOS Monterey 12.2. The issue has been addressed with improved input validation, but Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

A reflected cross-site scripting vulnerability has been identified in the Team Circle Image Slider With Lightbox WordPress plugin, affecting versions prior to 1.0.16. The issue arises because the plugin fails to properly sanitize and escape the order_pos parameter before displaying it on an admin page.

A reflected cross-site scripting vulnerability has been identified in the ARI Fancy Lightbox WordPress plugin, affecting versions prior to 1.3.9. The issue arises because the plugin does not properly sanitize and escape the 'msg' parameter before displaying it on an admin page.

A vulnerability allowing out-of-bounds write has been identified in the mod_sed module of Apache HTTP Server. This issue allows an attacker to overwrite heap memory with potentially attacker-supplied data. The vulnerability affects Apache HTTP Server versions 2.4.52 and earlier.

An integer overflow vulnerability has been identified in Apache HTTP Server in versions prior to 2.4.53. This vulnerability occurs when the 'LimitXMLRequestBody' directive is set to allow request bodies larger than 350MB, which is above the default limit of 1MB, on 32-bit systems. The integer overflow can be exploited to write data outside the bounds of allocated memory, potentially leading to arbitrary code execution.

A vulnerability allowing HTTP request smuggling has been identified in Apache HTTP Server versions through 2.4.52. The issue arises because the server fails to properly close inbound connections when errors occur while discarding the request body. This oversight can be exploited to manipulate how requests are processed, potentially leading to cache poisoning or bypassing access controls on proxied servers.

A buffer overflow vulnerability has been identified in the Apache HTTP Server mod_lua module, specifically in versions through 2.4.52. This vulnerability allows a carefully crafted request body to be parsed by the Lua script engine, leading to a memory overwrite. The issue was discovered by Chamal De Silva and is classified as moderate severity.

A vulnerability in Mitel MiCollab versions prior to 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to abuse an exposed system test facility for reflection and amplification, leading to a distributed denial-of-service (DDoS) attack. This vulnerability has been exploited in the wild, causing performance degradation and excessive outbound traffic. The TP-240 driver interface, exposed to the public internet on approximately 2,600 misconfigured systems, can be used to launch sustained DDoS attacks of up to 14 hours by amplifying traffic by a factor of 4 billion.

A vulnerability exists in Shopware versions through 6.3.1.0, allowing users to modify customer data and create orders without the necessary application permissions. This issue stems from inadequate validation of API routes, enabling unauthorized actions. Users are encouraged to update to version 6.4.8.2, which addresses this vulnerability. For those on older versions 6.1, 6.2, and 6.3, a plugin is available to implement the required security measures.

A vulnerability exists in Shopware versions through 6.1.0 that improperly handles sensitive HTTP headers, allowing them to be cached and potentially exposed to clients. This issue can lead to private headers being marked as public in HTTP caches, creating a risk of sensitive information disclosure. The vulnerability has been addressed in version 6.4.8.2.

A vulnerability allowing HTML injection has been identified in Shopware versions through 6.2.3. This issue arises in the voucher code form, where it is possible to inject code that could be executed or displayed. The vulnerability has been patched in version 6.4.8.1.

A vulnerability in Shopware versions through 6.4.8.0 allows guest sessions to be shared between customers when the HTTP cache is enabled. This issue can create inconsistent experiences for guest users. However, setups using Varnish are not affected.

A vulnerability exists in Shopware versions through 6.1.0, where user sessions remain active after a password is reset via the password recovery process. This issue has been addressed in version 6.4.8.1. For users on older versions 6.1, 6.2, and 6.3, a plugin is available to implement the necessary security measures.

A vulnerability exists in Spring Cloud Gateway versions prior to 3.1.1+ that allows applications enabled for HTTP2, without a key store or trusted certificates, to use an insecure TrustManager. This misconfiguration enables the gateway to connect to remote services using invalid or custom certificates.

A vulnerability in CodeIgniter4 versions prior to 4.1.9 allows for improper input validation, which can lead to the execution of Command Line Interface (CLI) routes through HTTP requests. This issue has been addressed in version 4.1.9, but no workarounds are available.

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Logo Showcase with Slick Slider WordPress plugin, affecting versions prior to 2.0.1. The vulnerability arises because the plugin's AJAX action 'lswss_save_attachment_data' lacks proper CSRF protection. This flaw allows attackers to manipulate a logged-in user with high privileges into changing the title, description, alt text, and URL of any uploaded media.

A vulnerability exists in the Logo Showcase with Slick Slider WordPress plugin in versions prior to 1.2.5. The issue arises because the plugin's lswss_save_attachment_data AJAX action lacks Cross-Site Request Forgery (CSRF) protection and proper authorization checks. This flaw enables any authenticated user, including Subscribers, to modify the title, description, alt text, and URL of any uploaded media.

An authentication bypass vulnerability has been identified in the batch-requests plugin of Apache APISIX, allowing attackers to bypass IP restrictions on the Admin API. This vulnerability is present in versions 1.3 through 2.12.1. In a default configuration with the default API key, this flaw can be exploited to achieve remote code execution. Although changing the admin key or the Admin API port can reduce the impact, there remains a risk of bypassing IP restrictions on the data panel. The vulnerability arises because the batch-requests plugin is supposed to override the client IP with the real remote IP, but a bug allows this check to be bypassed.

An authentication bypass vulnerability has been identified in Gin-Vue-Admin, a management system built with Vue and Gin. This vulnerability exists in versions prior to 2.4.7, where low-privilege users can modify the information of higher-privilege users. The issue arises because the 'setUserInfo' function lacks proper authentication, allowing unauthorized changes to user data. Exploitation involves using a low-privilege account to alter usernames, nicknames, and even passwords of administrators.

A vulnerability exists in the h2o HTTP server's QUIC frame handling in the HTTP/3 server-side implementation, specifically in the code between commits 93af138 and d1f0f65. This vulnerability allows for uninitialized memory to be accessed and potentially misinterpreted as received HTTP/3 frames. When h2o is used as a reverse proxy, an attacker could exploit this to send internal state information from h2o to backend servers under their control or to third-party servers. Additionally, if there is an HTTP endpoint that reflects client traffic, this vulnerability could be used to extract unencrypted internal state data from h2o, including TLS session tickets and traffic from other connections. It is important to note that none of the released versions of h2o are affected by this vulnerability, and there are no known workarounds. Users of unreleased versions of h2o with HTTP/3 support should upgrade immediately.

A cross-site scripting (XSS) vulnerability has been identified in the PHP CRUD tutorial by oretnom23, specifically in the version that utilizes Ajax and DataTables. This vulnerability allows remote attackers to execute arbitrary code by injecting malicious scripts into the first_name, last_name, and email parameters of the /ajax_crud endpoint. The absence of proper input sanitization enables the execution of these scripts, potentially leading to stored XSS attacks.

A reflected cross-site scripting vulnerability has been identified in the Image Hover Effects Ultimate WordPress plugin, affecting versions prior to 9.7.1. The issue arises because the plugin fails to properly escape the effects parameter before displaying it in an attribute on an admin page.

A deserialization vulnerability has been identified in CodeIgniter 4 versions prior to 4.1.6, specifically within the 'old()' function. This issue allows remote attackers to inject auto-loadable arbitrary objects, which could lead to the execution of existing PHP code on the server. There is a known exploit for this vulnerability that can result in SQL injection.

A vulnerability in the CAOS | Host Google Analytics Locally WordPress plugin, affecting versions prior to 4.1.9, allows high privilege users to exploit a path traversal issue. The plugin fails to properly validate the cache directory setting, enabling users to delete arbitrary folders by directing the plugin to a traversed path during uninstallation.

A stored cross-site scripting vulnerability has been identified in the WP Travel Engine WordPress plugin, affecting versions prior to 5.3.1. The issue arises because the plugin does not properly escape the Description field in Trip Destination, Activities, Trip Type, and Pricing Category pages. This flaw allows users with editor roles to inject malicious scripts, even when the unfiltered_html capability is restricted.

A spoofing vulnerability has been identified in the AppX installer for Microsoft Windows. This vulnerability allows attackers to craft malicious packages that can bypass standard security measures and deliver malware, including families like Emotet, TrickBot, and BazarLoader. The vulnerability is particularly concerning because it can be exploited through social engineering tactics, convincing users to open harmful attachments. While users with lower privileges may face reduced risk, those with administrative rights are more vulnerable.

A vulnerability in Apache Log4j 2.15.0 has been identified, where the fix for a previous remote code execution vulnerability (CVE-2021-44228) was incomplete in certain non-default configurations. This new vulnerability allows attackers to exploit Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup or a Thread Context Map pattern. Exploitation can lead to an information leak and remote code execution in some environments, while all environments are susceptible to local code execution. Log4j versions 2.16.0 (Java 8) and 2.12.2 (Java 7) address this vulnerability by removing support for message lookup patterns and disabling JNDI functionality by default.

A remote code execution vulnerability exists in Apache Log4j2 versions 2.0-beta9 through 2.15.0, excluding security releases 2.12.2, 2.12.3, and 2.3.1. The vulnerability arises because JNDI features used in configuration, log messages, and parameters do not adequately protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can manipulate log messages or their parameters can execute arbitrary code loaded from LDAP servers, provided that message lookup substitution is enabled. This issue is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

A code injection vulnerability has been identified in Ivanti Endpoint Manager Cloud Service Appliance (CSA) versions 4.5 and 4.6. This vulnerability allows an unauthenticated user to execute arbitrary code with limited permissions, specifically as the 'nobody' user. The issue arises from a cookie-based command injection that can be exploited by manipulating cookie values in HTTP requests.

A use-after-free vulnerability has been identified in Mozilla Firefox, Thunderbird, and Firefox ESR. This issue arises when an HTTP/2 session object is released on a different thread, leading to memory corruption and a potentially exploitable crash. The vulnerability affects Firefox versions prior to 93, Thunderbird versions prior to 91.3, and Firefox ESR versions prior to 91.3.

A vulnerability exists in Mozilla Firefox and Thunderbird that allows a network attacker to bypass the Same-Origin Policy on services hosted on encrypted ports that did not opt-in to HTTP/2 Opportunistic Encryption. This issue affects Firefox versions prior to 94, Thunderbird versions prior to 91.3, and Firefox ESR versions prior to 91.3. The vulnerability arises because the browser can be coaxed into treating content from a non-opted-in encrypted port as same-origin with unencrypted HTTP, potentially leading to unauthorized access to sensitive information or resources.

A stack-based buffer overflow vulnerability has been identified in the SonicWall SMA 100 series appliances, specifically in the Apache httpd server's mod_cgi module. This vulnerability allows a remote, unauthenticated attacker to execute code as the 'nobody' user on the affected appliance. The issue arises from the mod_cgi module improperly handling environment variables, leading to a buffer overflow on the stack. The vulnerability affects several firmware versions across the SMA 100 series, including SMA 200, 210, 400, 410, and 500v.

A directory traversal vulnerability allowing access to files outside of the Wiki.js context has been identified in Wiki.js versions prior to 2.5.254. This issue occurs on Windows hosts when a storage module with local asset cache fetching, such as Local File System or Git, is enabled. The vulnerability can be exploited by crafting a special URL that takes advantage of directory traversal, potentially allowing a malicious user to read any file on the file system. This exploitation is possible only if no web application firewall, like Cloudflare, intercepts and strips harmful URLs.

A stored cross-site scripting vulnerability has been identified in the Logo Showcase with Slick Slider WordPress plugin, affecting versions prior to 1.2.4. The issue arises because the plugin fails to properly sanitize the Grid Settings, allowing users with at least Author role to inject malicious scripts via post metadata. This vulnerability could be exploited to execute harmful scripts when the affected content is viewed.

A remote code execution vulnerability has been identified in Sitecore Experience Platform (XP) versions 7.5 Initial Release to 8.2 Update-7. This vulnerability arises from an insecure deserialization issue in the Report.ashx file, which was used for the Executive Insight Dashboard, a feature that has been deprecated. The vulnerability allows unauthorized users to execute arbitrary code on the server where Sitecore is running.

A cross-site scripting (XSS) vulnerability has been identified in Grafana, an open-source monitoring and observability platform. This issue affects Grafana versions 8.0.0-beta1 prior to 8.2.3. The vulnerability allows an attacker to execute arbitrary JavaScript in the context of the victim's browser. Exploitation requires convincing the victim to visit a crafted URL that references a vulnerable page, specifically one that includes the login button in the menu bar. The URL must be designed to exploit AngularJS rendering by incorporating interpolation bindings for AngularJS expressions, which are denoted by double curly braces. When the malicious link is followed, the AngularJS rendering engine executes the embedded JavaScript, potentially leading to unauthorized actions or data exposure.

A header splitting vulnerability has been identified in Mozilla Firefox and Thunderbird. The issue arises because the applications incorrectly processed newlines in HTTP/3 headers, splitting them into two separate headers. This flaw, present in Firefox and Thunderbird versions prior to 91.0.1, allows for header splitting attacks on servers using HTTP/3.

A cross-site scripting (XSS) vulnerability has been identified in jQuery UI versions prior to 1.13.0. This issue arises in the 'of' option of the '.position()' utility, where untrusted input can be accepted and executed as code. The vulnerability is present in an embedded version of jQuery UI within OTRS 7.10.6-rev61 and 8.22, as well as in various NetApp products. The issue has been fixed in jQuery UI 1.13.0, and the relevant components have been updated in OTRS and Tenable.sc.

A cross-site scripting (XSS) vulnerability has been identified in the jQuery UI Datepicker widget, affecting jQuery UI versions prior to 1.13.0. The vulnerability arises from accepting values for various '*Text' options from untrusted sources, which could execute malicious code. This issue has been addressed in jQuery UI 1.13.0, where such values are now treated as plain text rather than HTML. The vulnerability is present in several applications and frameworks that bundle jQuery UI, including Drupal 7, OTRS 6, and NetApp products.